VirtualBox

Ticket #15362: VBoxHardening.log

File VBoxHardening.log, 71.1 KB (added by GoLinux, 8 years ago)

Hardening Log

Line 
1528.a00: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000160 g_uNtVerCombined=0x611db110
2528.a00: \SystemRoot\System32\ntdll.dll:
3528.a00: CreationTime: 2016-04-21T17:32:22.763270800Z
4528.a00: LastWriteTime: 2016-03-17T23:01:02.536172600Z
5528.a00: ChangeTime: 2016-04-21T22:37:55.149991300Z
6528.a00: FileAttributes: 0x20
7528.a00: Size: 0x1a7100
8528.a00: NT Headers: 0xe0
9528.a00: Timestamp: 0x56eb3625
10528.a00: Machine: 0x8664 - amd64
11528.a00: Timestamp: 0x56eb3625
12528.a00: Image Version: 6.1
13528.a00: SizeOfImage: 0x1aa000 (1744896)
14528.a00: Resource Dir: 0x14e000 LB 0x5a028
15528.a00: ProductName: Microsoft® Windows® Operating System
16528.a00: ProductVersion: 6.1.7601.23392
17528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
18528.a00: FileDescription: NT Layer DLL
19528.a00: \SystemRoot\System32\kernel32.dll:
20528.a00: CreationTime: 2016-04-21T17:32:23.137721200Z
21528.a00: LastWriteTime: 2016-03-17T22:53:15.811000000Z
22528.a00: ChangeTime: 2016-04-21T22:37:55.586805300Z
23528.a00: FileAttributes: 0x20
24528.a00: Size: 0x11c000
25528.a00: NT Headers: 0xe0
26528.a00: Timestamp: 0x56eb3603
27528.a00: Machine: 0x8664 - amd64
28528.a00: Timestamp: 0x56eb3603
29528.a00: Image Version: 6.1
30528.a00: SizeOfImage: 0x11f000 (1175552)
31528.a00: Resource Dir: 0x116000 LB 0x528
32528.a00: ProductName: Microsoft® Windows® Operating System
33528.a00: ProductVersion: 6.1.7601.23392
34528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
35528.a00: FileDescription: Windows NT BASE API Client DLL
36528.a00: \SystemRoot\System32\KernelBase.dll:
37528.a00: CreationTime: 2016-04-21T17:32:24.183061900Z
38528.a00: LastWriteTime: 2016-03-17T22:53:15.858000000Z
39528.a00: ChangeTime: 2016-04-21T22:37:55.602405800Z
40528.a00: FileAttributes: 0x20
41528.a00: Size: 0x66800
42528.a00: NT Headers: 0xe8
43528.a00: Timestamp: 0x56eb3604
44528.a00: Machine: 0x8664 - amd64
45528.a00: Timestamp: 0x56eb3604
46528.a00: Image Version: 6.1
47528.a00: SizeOfImage: 0x6a000 (434176)
48528.a00: Resource Dir: 0x68000 LB 0x530
49528.a00: ProductName: Microsoft® Windows® Operating System
50528.a00: ProductVersion: 6.1.7601.23392
51528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
52528.a00: FileDescription: Windows NT BASE API Client DLL
53528.a00: \SystemRoot\System32\apisetschema.dll:
54528.a00: CreationTime: 2016-04-21T17:32:25.602853000Z
55528.a00: LastWriteTime: 2016-03-17T22:50:11.213000000Z
56528.a00: ChangeTime: 2016-04-21T22:37:54.993986300Z
57528.a00: FileAttributes: 0x20
58528.a00: Size: 0x1a00
59528.a00: NT Headers: 0xc0
60528.a00: Timestamp: 0x56eb34e9
61528.a00: Machine: 0x8664 - amd64
62528.a00: Timestamp: 0x56eb34e9
63528.a00: Image Version: 6.1
64528.a00: SizeOfImage: 0x50000 (327680)
65528.a00: Resource Dir: 0x30000 LB 0x3f8
66528.a00: ProductName: Microsoft® Windows® Operating System
67528.a00: ProductVersion: 6.1.7601.23392
68528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
69528.a00: FileDescription: ApiSet Schema DLL
70528.a00: Found driver mfewfpk (0x20)
71528.a00: Found driver mfehidk (0x20)
72528.a00: Found driver mfeavfk (0x20)
73528.a00: Found driver mfefirek (0x20)
74528.a00: supR3HardenedWinFindAdversaries: 0x20
75528.a00: \SystemRoot\System32\drivers\mfeapfk.sys:
76528.a00: CreationTime: 2016-01-08T19:13:20.657537600Z
77528.a00: LastWriteTime: 2013-12-17T16:25:26.000000000Z
78528.a00: ChangeTime: 2016-01-08T19:13:11.359937600Z
79528.a00: FileAttributes: 0x20
80528.a00: Size: 0x2c030
81528.a00: NT Headers: 0xe8
82528.a00: Timestamp: 0x52ab7fef
83528.a00: Machine: 0x8664 - amd64
84528.a00: Timestamp: 0x52ab7fef
85528.a00: Image Version: 0.0
86528.a00: SizeOfImage: 0x29d00 (171264)
87528.a00: Resource Dir: 0x29500 LB 0x340
88528.a00: ProductName: SYSCORE
89528.a00: FileVersion: SYSCORE.15.1.0.656
90528.a00: PrivateBuild: SYSCORE.15.1.0.656 F16
91528.a00: FileDescription: Access Protection Filter Driver
92528.a00: \SystemRoot\System32\drivers\mfeavfk.sys:
93528.a00: CreationTime: 2016-01-08T19:10:52.629137600Z
94528.a00: LastWriteTime: 2016-01-08T19:10:38.667137600Z
95528.a00: ChangeTime: 2016-01-08T19:10:38.667137600Z
96528.a00: FileAttributes: 0x20
97528.a00: Size: 0x54e98
98528.a00: NT Headers: 0xf8
99528.a00: Timestamp: 0x558ddc3c
100528.a00: Machine: 0x8664 - amd64
101528.a00: Timestamp: 0x558ddc3c
102528.a00: Image Version: 0.0
103528.a00: SizeOfImage: 0x50580 (329088)
104528.a00: Resource Dir: 0x4f700 LB 0x758
105528.a00: ProductName: SYSCORE
106528.a00: ProductVersion: 15.4.0.674
107528.a00: FileVersion: SYSCORE.15.4.0.674
108528.a00: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
109528.a00: FileDescription: Anti-Virus File System Filter Driver
110528.a00: \SystemRoot\System32\drivers\mfefirek.sys:
111528.a00: CreationTime: 2016-01-08T19:11:02.566337600Z
112528.a00: LastWriteTime: 2016-01-08T19:10:39.197537600Z
113528.a00: ChangeTime: 2016-01-08T19:10:39.197537600Z
114528.a00: FileAttributes: 0x20
115528.a00: Size: 0x794f8
116528.a00: NT Headers: 0xe8
117528.a00: Timestamp: 0x558ddc7b
118528.a00: Machine: 0x8664 - amd64
119528.a00: Timestamp: 0x558ddc7b
120528.a00: Image Version: 0.0
121528.a00: SizeOfImage: 0x74880 (477312)
122528.a00: Resource Dir: 0x72000 LB 0x388
123528.a00: ProductName: SYSCORE
124528.a00: ProductVersion: 15.4.0.674
125528.a00: FileVersion: SYSCORE.15.4.0.674
126528.a00: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
127528.a00: FileDescription: McAfee Core Firewall Engine Driver
128528.a00: \SystemRoot\System32\drivers\mfehidk.sys:
129528.a00: CreationTime: 2016-01-08T19:10:51.287537600Z
130528.a00: LastWriteTime: 2016-01-08T19:10:38.823137600Z
131528.a00: ChangeTime: 2016-01-08T19:10:38.823137600Z
132528.a00: FileAttributes: 0x20
133528.a00: Size: 0xd5d98
134528.a00: NT Headers: 0x108
135528.a00: Timestamp: 0x558ddbf8
136528.a00: Machine: 0x8664 - amd64
137528.a00: Timestamp: 0x558ddbf8
138528.a00: Image Version: 0.0
139528.a00: SizeOfImage: 0xd0880 (854144)
140528.a00: Resource Dir: 0xcd980 LB 0x758
141528.a00: ProductName: SYSCORE
142528.a00: ProductVersion: 15.4.0.674
143528.a00: FileVersion: SYSCORE.15.4.0.674
144528.a00: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
145528.a00: FileDescription: McAfee Link Driver
146528.a00: \SystemRoot\System32\drivers\mfewfpk.sys:
147528.a00: CreationTime: 2016-01-08T19:10:46.950737600Z
148528.a00: LastWriteTime: 2016-01-08T19:10:38.947937600Z
149528.a00: ChangeTime: 2016-01-08T19:10:38.947937600Z
150528.a00: FileAttributes: 0x20
151528.a00: Size: 0x54280
152528.a00: NT Headers: 0x100
153528.a00: Timestamp: 0x558ddc06
154528.a00: Machine: 0x8664 - amd64
155528.a00: Timestamp: 0x558ddc06
156528.a00: Image Version: 0.0
157528.a00: SizeOfImage: 0x4f980 (326016)
158528.a00: Resource Dir: 0x4ef00 LB 0x380
159528.a00: ProductName: SYSCORE
160528.a00: ProductVersion: 15.4.0.674
161528.a00: FileVersion: SYSCORE.15.4.0.674
162528.a00: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
163528.a00: FileDescription: Anti-Virus Mini-Firewall Driver
164528.a00: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
165528.a00: Calling main()
166528.a00: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
167528.a00: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
168528.a00: SUPR3HardenedMain: Respawn #1
169528.a00: System32: \Device\HarddiskVolume1\Windows\System32
170528.a00: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
171528.a00: KnownDllPath: C:\windows\system32
172528.a00: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
173528.a00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
174528.a00: supR3HardNtEnableThreadCreation:
175528.a00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060
176528.a00: supR3HardenedWinDoReSpawn(1): New child 18b4.ca0 [kernel32].
177528.a00: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
178528.a00: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000
179528.a00: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b5a0e0
180528.a00: supR3HardenedWinSetupChildInit: Start child.
181528.a00: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
182528.a00: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps
183528.a00: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
184528.a00: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
185528.a00: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
186528.a00: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
187528.a00: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
188528.a00: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
189528.a00: 0000000000041000-fffffffffffe1fff 0x0001/0x0000 0x0000000
190528.a00: *00000000000a0000-fffffffffffa3fff 0x0000/0x0004 0x0020000
191528.a00: 000000000019c000-0000000000198fff 0x0104/0x0004 0x0020000
192528.a00: 000000000019f000-000000000019dfff 0x0004/0x0004 0x0020000
193528.a00: 00000000001a0000-ffffffff8880ffff 0x0001/0x0000 0x0000000
194528.a00: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
195528.a00: 0000000077b31000-0000000077c2dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
196528.a00: 0000000077c2e000-0000000077c5cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
197528.a00: 0000000077c5d000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
198528.a00: 0000000077c67000-0000000077c67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
199528.a00: 0000000077c68000-0000000077c6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
200528.a00: 0000000077c6b000-0000000077cd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
201528.a00: 0000000077cda000-00000000709d3fff 0x0001/0x0000 0x0000000
202528.a00: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
203528.a00: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
204528.a00: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
205528.a00: 000000007fff0000-ffffffffc000ffff 0x0001/0x0000 0x0000000
206528.a00: *000000013ffd0000-000000013ffd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
207528.a00: 000000013ffd1000-0000000140040fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
208528.a00: 0000000140041000-0000000140041fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
209528.a00: 0000000140042000-0000000140086fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
210528.a00: 0000000140087000-0000000140087fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
211528.a00: 0000000140088000-0000000140088fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
212528.a00: 0000000140089000-000000014008dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
213528.a00: 000000014008e000-000000014008efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
214528.a00: 000000014008f000-000000014008ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
215528.a00: 0000000140090000-0000000140093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
216528.a00: 0000000140094000-00000001400dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
217528.a00: 00000001400dc000-fffff80380367fff 0x0001/0x0000 0x0000000
218528.a00: *000007feffe50000-000007feffe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
219528.a00: 000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000
220528.a00: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
221528.a00: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
222528.a00: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
223528.a00: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
224528.a00: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
225528.a00: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
226528.a00: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS)
227528.a00: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS)
228528.a00: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
229528.a00: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
230528.a00: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
231528.a00: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
232528.a00: supR3HardNtEnableThreadCreation:
23318b4.ca0: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
23418b4.ca0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100
23518b4.ca0: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS)
23618b4.ca0: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1744896 allocation)
23718b4.ca0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
23818b4.ca0: System32: \Device\HarddiskVolume1\Windows\System32
23918b4.ca0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
24018b4.ca0: KnownDllPath: C:\windows\system32
24118b4.ca0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
24218b4.ca0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
24318b4.ca0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
24418b4.ca0: Registered Dll notification callback with NTDLL.
24518b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
24618b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
24718b4.ca0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
24818b4.ca0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
24918b4.ca0: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
25018b4.ca0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
25118b4.ca0: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
25218b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
25318b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
25418b4.ca0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\windows\system32\kernel32.dll'
25518b4.ca0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060
256528.a00: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
25718b4.ca0: \SystemRoot\System32\ntdll.dll:
25818b4.ca0: CreationTime: 2016-04-21T17:32:22.763270800Z
25918b4.ca0: LastWriteTime: 2016-03-17T23:01:02.536172600Z
26018b4.ca0: ChangeTime: 2016-04-21T22:37:55.149991300Z
26118b4.ca0: FileAttributes: 0x20
26218b4.ca0: Size: 0x1a7100
26318b4.ca0: NT Headers: 0xe0
26418b4.ca0: Timestamp: 0x56eb3625
26518b4.ca0: Machine: 0x8664 - amd64
26618b4.ca0: Timestamp: 0x56eb3625
26718b4.ca0: Image Version: 6.1
26818b4.ca0: SizeOfImage: 0x1aa000 (1744896)
26918b4.ca0: Resource Dir: 0x14e000 LB 0x5a028
27018b4.ca0: ProductName: Microsoft® Windows® Operating System
27118b4.ca0: ProductVersion: 6.1.7601.23392
27218b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
27318b4.ca0: FileDescription: NT Layer DLL
27418b4.ca0: \SystemRoot\System32\kernel32.dll:
27518b4.ca0: CreationTime: 2016-04-21T17:32:23.137721200Z
27618b4.ca0: LastWriteTime: 2016-03-17T22:53:15.811000000Z
27718b4.ca0: ChangeTime: 2016-04-21T22:37:55.586805300Z
27818b4.ca0: FileAttributes: 0x20
27918b4.ca0: Size: 0x11c000
28018b4.ca0: NT Headers: 0xe0
28118b4.ca0: Timestamp: 0x56eb3603
28218b4.ca0: Machine: 0x8664 - amd64
28318b4.ca0: Timestamp: 0x56eb3603
28418b4.ca0: Image Version: 6.1
28518b4.ca0: SizeOfImage: 0x11f000 (1175552)
28618b4.ca0: Resource Dir: 0x116000 LB 0x528
28718b4.ca0: ProductName: Microsoft® Windows® Operating System
28818b4.ca0: ProductVersion: 6.1.7601.23392
28918b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
29018b4.ca0: FileDescription: Windows NT BASE API Client DLL
29118b4.ca0: \SystemRoot\System32\KernelBase.dll:
29218b4.ca0: CreationTime: 2016-04-21T17:32:24.183061900Z
29318b4.ca0: LastWriteTime: 2016-03-17T22:53:15.858000000Z
29418b4.ca0: ChangeTime: 2016-04-21T22:37:55.602405800Z
29518b4.ca0: FileAttributes: 0x20
29618b4.ca0: Size: 0x66800
29718b4.ca0: NT Headers: 0xe8
29818b4.ca0: Timestamp: 0x56eb3604
29918b4.ca0: Machine: 0x8664 - amd64
30018b4.ca0: Timestamp: 0x56eb3604
30118b4.ca0: Image Version: 6.1
30218b4.ca0: SizeOfImage: 0x6a000 (434176)
30318b4.ca0: Resource Dir: 0x68000 LB 0x530
30418b4.ca0: ProductName: Microsoft® Windows® Operating System
30518b4.ca0: ProductVersion: 6.1.7601.23392
30618b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
30718b4.ca0: FileDescription: Windows NT BASE API Client DLL
30818b4.ca0: \SystemRoot\System32\apisetschema.dll:
30918b4.ca0: CreationTime: 2016-04-21T17:32:25.602853000Z
31018b4.ca0: LastWriteTime: 2016-03-17T22:50:11.213000000Z
31118b4.ca0: ChangeTime: 2016-04-21T22:37:54.993986300Z
31218b4.ca0: FileAttributes: 0x20
31318b4.ca0: Size: 0x1a00
31418b4.ca0: NT Headers: 0xc0
31518b4.ca0: Timestamp: 0x56eb34e9
31618b4.ca0: Machine: 0x8664 - amd64
31718b4.ca0: Timestamp: 0x56eb34e9
31818b4.ca0: Image Version: 6.1
31918b4.ca0: SizeOfImage: 0x50000 (327680)
32018b4.ca0: Resource Dir: 0x30000 LB 0x3f8
32118b4.ca0: ProductName: Microsoft® Windows® Operating System
32218b4.ca0: ProductVersion: 6.1.7601.23392
32318b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
32418b4.ca0: FileDescription: ApiSet Schema DLL
32518b4.ca0: Found driver mfewfpk (0x20)
32618b4.ca0: Found driver mfehidk (0x20)
32718b4.ca0: Found driver mfeavfk (0x20)
32818b4.ca0: Found driver mfefirek (0x20)
32918b4.ca0: supR3HardenedWinFindAdversaries: 0x20
33018b4.ca0: \SystemRoot\System32\drivers\mfeapfk.sys:
33118b4.ca0: CreationTime: 2016-01-08T19:13:20.657537600Z
33218b4.ca0: LastWriteTime: 2013-12-17T16:25:26.000000000Z
33318b4.ca0: ChangeTime: 2016-01-08T19:13:11.359937600Z
33418b4.ca0: FileAttributes: 0x20
33518b4.ca0: Size: 0x2c030
33618b4.ca0: NT Headers: 0xe8
33718b4.ca0: Timestamp: 0x52ab7fef
33818b4.ca0: Machine: 0x8664 - amd64
33918b4.ca0: Timestamp: 0x52ab7fef
34018b4.ca0: Image Version: 0.0
34118b4.ca0: SizeOfImage: 0x29d00 (171264)
34218b4.ca0: Resource Dir: 0x29500 LB 0x340
34318b4.ca0: ProductName: SYSCORE
34418b4.ca0: FileVersion: SYSCORE.15.1.0.656
34518b4.ca0: PrivateBuild: SYSCORE.15.1.0.656 F16
34618b4.ca0: FileDescription: Access Protection Filter Driver
34718b4.ca0: \SystemRoot\System32\drivers\mfeavfk.sys:
34818b4.ca0: CreationTime: 2016-01-08T19:10:52.629137600Z
34918b4.ca0: LastWriteTime: 2016-01-08T19:10:38.667137600Z
35018b4.ca0: ChangeTime: 2016-01-08T19:10:38.667137600Z
35118b4.ca0: FileAttributes: 0x20
35218b4.ca0: Size: 0x54e98
35318b4.ca0: NT Headers: 0xf8
35418b4.ca0: Timestamp: 0x558ddc3c
35518b4.ca0: Machine: 0x8664 - amd64
35618b4.ca0: Timestamp: 0x558ddc3c
35718b4.ca0: Image Version: 0.0
35818b4.ca0: SizeOfImage: 0x50580 (329088)
35918b4.ca0: Resource Dir: 0x4f700 LB 0x758
36018b4.ca0: ProductName: SYSCORE
36118b4.ca0: ProductVersion: 15.4.0.674
36218b4.ca0: FileVersion: SYSCORE.15.4.0.674
36318b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
36418b4.ca0: FileDescription: Anti-Virus File System Filter Driver
36518b4.ca0: \SystemRoot\System32\drivers\mfefirek.sys:
36618b4.ca0: CreationTime: 2016-01-08T19:11:02.566337600Z
36718b4.ca0: LastWriteTime: 2016-01-08T19:10:39.197537600Z
36818b4.ca0: ChangeTime: 2016-01-08T19:10:39.197537600Z
36918b4.ca0: FileAttributes: 0x20
37018b4.ca0: Size: 0x794f8
37118b4.ca0: NT Headers: 0xe8
37218b4.ca0: Timestamp: 0x558ddc7b
37318b4.ca0: Machine: 0x8664 - amd64
37418b4.ca0: Timestamp: 0x558ddc7b
37518b4.ca0: Image Version: 0.0
37618b4.ca0: SizeOfImage: 0x74880 (477312)
37718b4.ca0: Resource Dir: 0x72000 LB 0x388
37818b4.ca0: ProductName: SYSCORE
37918b4.ca0: ProductVersion: 15.4.0.674
38018b4.ca0: FileVersion: SYSCORE.15.4.0.674
38118b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
38218b4.ca0: FileDescription: McAfee Core Firewall Engine Driver
38318b4.ca0: \SystemRoot\System32\drivers\mfehidk.sys:
38418b4.ca0: CreationTime: 2016-01-08T19:10:51.287537600Z
38518b4.ca0: LastWriteTime: 2016-01-08T19:10:38.823137600Z
38618b4.ca0: ChangeTime: 2016-01-08T19:10:38.823137600Z
38718b4.ca0: FileAttributes: 0x20
38818b4.ca0: Size: 0xd5d98
38918b4.ca0: NT Headers: 0x108
39018b4.ca0: Timestamp: 0x558ddbf8
39118b4.ca0: Machine: 0x8664 - amd64
39218b4.ca0: Timestamp: 0x558ddbf8
39318b4.ca0: Image Version: 0.0
39418b4.ca0: SizeOfImage: 0xd0880 (854144)
39518b4.ca0: Resource Dir: 0xcd980 LB 0x758
39618b4.ca0: ProductName: SYSCORE
39718b4.ca0: ProductVersion: 15.4.0.674
39818b4.ca0: FileVersion: SYSCORE.15.4.0.674
39918b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
40018b4.ca0: FileDescription: McAfee Link Driver
40118b4.ca0: \SystemRoot\System32\drivers\mfewfpk.sys:
40218b4.ca0: CreationTime: 2016-01-08T19:10:46.950737600Z
40318b4.ca0: LastWriteTime: 2016-01-08T19:10:38.947937600Z
40418b4.ca0: ChangeTime: 2016-01-08T19:10:38.947937600Z
40518b4.ca0: FileAttributes: 0x20
40618b4.ca0: Size: 0x54280
40718b4.ca0: NT Headers: 0x100
40818b4.ca0: Timestamp: 0x558ddc06
40918b4.ca0: Machine: 0x8664 - amd64
41018b4.ca0: Timestamp: 0x558ddc06
41118b4.ca0: Image Version: 0.0
41218b4.ca0: SizeOfImage: 0x4f980 (326016)
41318b4.ca0: Resource Dir: 0x4ef00 LB 0x380
41418b4.ca0: ProductName: SYSCORE
41518b4.ca0: ProductVersion: 15.4.0.674
41618b4.ca0: FileVersion: SYSCORE.15.4.0.674
41718b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
41818b4.ca0: FileDescription: Anti-Virus Mini-Firewall Driver
41918b4.ca0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
42018b4.ca0: Calling main()
42118b4.ca0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
42218b4.ca0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
42318b4.ca0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
42418b4.ca0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
42518b4.ca0: SUPR3HardenedMain: Respawn #2
42618b4.ca0: supR3HardNtEnableThreadCreation:
42718b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
42818b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
42918b4.ca0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
43018b4.ca0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
43118b4.ca0: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
43218b4.ca0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
43318b4.ca0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6b0000 'C:\windows\system32\apphelp.dll'
43418b4.ca0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060
43518b4.ca0: supR3HardenedWinDoReSpawn(2): New child da4.2090 [kernel32].
43618b4.ca0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
43718b4.ca0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000
43818b4.ca0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b5a0e0
43918b4.ca0: supR3HardenedWinSetupChildInit: Start child.
44018b4.ca0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
44118b4.ca0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
44218b4.ca0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
44318b4.ca0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
44418b4.ca0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
44518b4.ca0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
44618b4.ca0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
44718b4.ca0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
44818b4.ca0: 0000000000041000-ffffffffffee1fff 0x0001/0x0000 0x0000000
44918b4.ca0: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
45018b4.ca0: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
45118b4.ca0: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
45218b4.ca0: 00000000002a0000-ffffffff88a0ffff 0x0001/0x0000 0x0000000
45318b4.ca0: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45418b4.ca0: 0000000077b31000-0000000077c2dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45518b4.ca0: 0000000077c2e000-0000000077c5cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45618b4.ca0: 0000000077c5d000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45718b4.ca0: 0000000077c67000-0000000077c67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45818b4.ca0: 0000000077c68000-0000000077c6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
45918b4.ca0: 0000000077c6b000-0000000077cd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
46018b4.ca0: 0000000077cda000-00000000709d3fff 0x0001/0x0000 0x0000000
46118b4.ca0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
46218b4.ca0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
46318b4.ca0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
46418b4.ca0: 000000007fff0000-ffffffffc000ffff 0x0001/0x0000 0x0000000
46518b4.ca0: *000000013ffd0000-000000013ffd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46618b4.ca0: 000000013ffd1000-0000000140040fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46718b4.ca0: 0000000140041000-0000000140041fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46818b4.ca0: 0000000140042000-0000000140086fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
46918b4.ca0: 0000000140087000-0000000140087fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47018b4.ca0: 0000000140088000-0000000140088fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47118b4.ca0: 0000000140089000-000000014008dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47218b4.ca0: 000000014008e000-000000014008efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47318b4.ca0: 000000014008f000-000000014008ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47418b4.ca0: 0000000140090000-0000000140093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47518b4.ca0: 0000000140094000-00000001400dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
47618b4.ca0: 00000001400dc000-fffff80380367fff 0x0001/0x0000 0x0000000
47718b4.ca0: *000007feffe50000-000007feffe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
47818b4.ca0: 000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000
47918b4.ca0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
48018b4.ca0: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
48118b4.ca0: *000007fffffdd000-000007fffffdbfff 0x0004/0x0004 0x0020000
48218b4.ca0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
48318b4.ca0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
48418b4.ca0: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS)
48518b4.ca0: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS)
48618b4.ca0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
48718b4.ca0: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
48818b4.ca0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
48918b4.ca0: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0).
49018b4.ca0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
49118b4.ca0: supR3HardNtEnableThreadCreation:
492da4.2090: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
493da4.2090: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100
494da4.2090: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS)
495da4.2090: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1744896 allocation)
496da4.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
497da4.2090: System32: \Device\HarddiskVolume1\Windows\System32
498da4.2090: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
499da4.2090: KnownDllPath: C:\windows\system32
500da4.2090: supR3HardenedVmProcessInit: Opening vboxdrv...
501da4.2090: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
502da4.2090: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
503da4.2090: Registered Dll notification callback with NTDLL.
504da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
505da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
506da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
507da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
508da4.2090: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
509da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
510da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
511da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
512da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
513da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\windows\system32\kernel32.dll'
514da4.2090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060
51518b4.ca0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms.
516da4.2090: \SystemRoot\System32\ntdll.dll:
517da4.2090: CreationTime: 2016-04-21T17:32:22.763270800Z
518da4.2090: LastWriteTime: 2016-03-17T23:01:02.536172600Z
519da4.2090: ChangeTime: 2016-04-21T22:37:55.149991300Z
520da4.2090: FileAttributes: 0x20
521da4.2090: Size: 0x1a7100
522da4.2090: NT Headers: 0xe0
523da4.2090: Timestamp: 0x56eb3625
524da4.2090: Machine: 0x8664 - amd64
525da4.2090: Timestamp: 0x56eb3625
526da4.2090: Image Version: 6.1
527da4.2090: SizeOfImage: 0x1aa000 (1744896)
528da4.2090: Resource Dir: 0x14e000 LB 0x5a028
529da4.2090: ProductName: Microsoft® Windows® Operating System
530da4.2090: ProductVersion: 6.1.7601.23392
531da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
532da4.2090: FileDescription: NT Layer DLL
533da4.2090: \SystemRoot\System32\kernel32.dll:
534da4.2090: CreationTime: 2016-04-21T17:32:23.137721200Z
535da4.2090: LastWriteTime: 2016-03-17T22:53:15.811000000Z
536da4.2090: ChangeTime: 2016-04-21T22:37:55.586805300Z
537da4.2090: FileAttributes: 0x20
538da4.2090: Size: 0x11c000
539da4.2090: NT Headers: 0xe0
540da4.2090: Timestamp: 0x56eb3603
541da4.2090: Machine: 0x8664 - amd64
542da4.2090: Timestamp: 0x56eb3603
543da4.2090: Image Version: 6.1
544da4.2090: SizeOfImage: 0x11f000 (1175552)
545da4.2090: Resource Dir: 0x116000 LB 0x528
546da4.2090: ProductName: Microsoft® Windows® Operating System
547da4.2090: ProductVersion: 6.1.7601.23392
548da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
549da4.2090: FileDescription: Windows NT BASE API Client DLL
550da4.2090: \SystemRoot\System32\KernelBase.dll:
551da4.2090: CreationTime: 2016-04-21T17:32:24.183061900Z
552da4.2090: LastWriteTime: 2016-03-17T22:53:15.858000000Z
553da4.2090: ChangeTime: 2016-04-21T22:37:55.602405800Z
554da4.2090: FileAttributes: 0x20
555da4.2090: Size: 0x66800
556da4.2090: NT Headers: 0xe8
557da4.2090: Timestamp: 0x56eb3604
558da4.2090: Machine: 0x8664 - amd64
559da4.2090: Timestamp: 0x56eb3604
560da4.2090: Image Version: 6.1
561da4.2090: SizeOfImage: 0x6a000 (434176)
562da4.2090: Resource Dir: 0x68000 LB 0x530
563da4.2090: ProductName: Microsoft® Windows® Operating System
564da4.2090: ProductVersion: 6.1.7601.23392
565da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
566da4.2090: FileDescription: Windows NT BASE API Client DLL
567da4.2090: \SystemRoot\System32\apisetschema.dll:
568da4.2090: CreationTime: 2016-04-21T17:32:25.602853000Z
569da4.2090: LastWriteTime: 2016-03-17T22:50:11.213000000Z
570da4.2090: ChangeTime: 2016-04-21T22:37:54.993986300Z
571da4.2090: FileAttributes: 0x20
572da4.2090: Size: 0x1a00
573da4.2090: NT Headers: 0xc0
574da4.2090: Timestamp: 0x56eb34e9
575da4.2090: Machine: 0x8664 - amd64
576da4.2090: Timestamp: 0x56eb34e9
577da4.2090: Image Version: 6.1
578da4.2090: SizeOfImage: 0x50000 (327680)
579da4.2090: Resource Dir: 0x30000 LB 0x3f8
580da4.2090: ProductName: Microsoft® Windows® Operating System
581da4.2090: ProductVersion: 6.1.7601.23392
582da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
583da4.2090: FileDescription: ApiSet Schema DLL
584da4.2090: Found driver mfewfpk (0x20)
585da4.2090: Found driver mfehidk (0x20)
586da4.2090: Found driver mfeavfk (0x20)
587da4.2090: Found driver mfefirek (0x20)
588da4.2090: supR3HardenedWinFindAdversaries: 0x20
589da4.2090: \SystemRoot\System32\drivers\mfeapfk.sys:
590da4.2090: CreationTime: 2016-01-08T19:13:20.657537600Z
591da4.2090: LastWriteTime: 2013-12-17T16:25:26.000000000Z
592da4.2090: ChangeTime: 2016-01-08T19:13:11.359937600Z
593da4.2090: FileAttributes: 0x20
594da4.2090: Size: 0x2c030
595da4.2090: NT Headers: 0xe8
596da4.2090: Timestamp: 0x52ab7fef
597da4.2090: Machine: 0x8664 - amd64
598da4.2090: Timestamp: 0x52ab7fef
599da4.2090: Image Version: 0.0
600da4.2090: SizeOfImage: 0x29d00 (171264)
601da4.2090: Resource Dir: 0x29500 LB 0x340
602da4.2090: ProductName: SYSCORE
603da4.2090: FileVersion: SYSCORE.15.1.0.656
604da4.2090: PrivateBuild: SYSCORE.15.1.0.656 F16
605da4.2090: FileDescription: Access Protection Filter Driver
606da4.2090: \SystemRoot\System32\drivers\mfeavfk.sys:
607da4.2090: CreationTime: 2016-01-08T19:10:52.629137600Z
608da4.2090: LastWriteTime: 2016-01-08T19:10:38.667137600Z
609da4.2090: ChangeTime: 2016-01-08T19:10:38.667137600Z
610da4.2090: FileAttributes: 0x20
611da4.2090: Size: 0x54e98
612da4.2090: NT Headers: 0xf8
613da4.2090: Timestamp: 0x558ddc3c
614da4.2090: Machine: 0x8664 - amd64
615da4.2090: Timestamp: 0x558ddc3c
616da4.2090: Image Version: 0.0
617da4.2090: SizeOfImage: 0x50580 (329088)
618da4.2090: Resource Dir: 0x4f700 LB 0x758
619da4.2090: ProductName: SYSCORE
620da4.2090: ProductVersion: 15.4.0.674
621da4.2090: FileVersion: SYSCORE.15.4.0.674
622da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
623da4.2090: FileDescription: Anti-Virus File System Filter Driver
624da4.2090: \SystemRoot\System32\drivers\mfefirek.sys:
625da4.2090: CreationTime: 2016-01-08T19:11:02.566337600Z
626da4.2090: LastWriteTime: 2016-01-08T19:10:39.197537600Z
627da4.2090: ChangeTime: 2016-01-08T19:10:39.197537600Z
628da4.2090: FileAttributes: 0x20
629da4.2090: Size: 0x794f8
630da4.2090: NT Headers: 0xe8
631da4.2090: Timestamp: 0x558ddc7b
632da4.2090: Machine: 0x8664 - amd64
633da4.2090: Timestamp: 0x558ddc7b
634da4.2090: Image Version: 0.0
635da4.2090: SizeOfImage: 0x74880 (477312)
636da4.2090: Resource Dir: 0x72000 LB 0x388
637da4.2090: ProductName: SYSCORE
638da4.2090: ProductVersion: 15.4.0.674
639da4.2090: FileVersion: SYSCORE.15.4.0.674
640da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
641da4.2090: FileDescription: McAfee Core Firewall Engine Driver
642da4.2090: \SystemRoot\System32\drivers\mfehidk.sys:
643da4.2090: CreationTime: 2016-01-08T19:10:51.287537600Z
644da4.2090: LastWriteTime: 2016-01-08T19:10:38.823137600Z
645da4.2090: ChangeTime: 2016-01-08T19:10:38.823137600Z
646da4.2090: FileAttributes: 0x20
647da4.2090: Size: 0xd5d98
648da4.2090: NT Headers: 0x108
649da4.2090: Timestamp: 0x558ddbf8
650da4.2090: Machine: 0x8664 - amd64
651da4.2090: Timestamp: 0x558ddbf8
652da4.2090: Image Version: 0.0
653da4.2090: SizeOfImage: 0xd0880 (854144)
654da4.2090: Resource Dir: 0xcd980 LB 0x758
655da4.2090: ProductName: SYSCORE
656da4.2090: ProductVersion: 15.4.0.674
657da4.2090: FileVersion: SYSCORE.15.4.0.674
658da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
659da4.2090: FileDescription: McAfee Link Driver
660da4.2090: \SystemRoot\System32\drivers\mfewfpk.sys:
661da4.2090: CreationTime: 2016-01-08T19:10:46.950737600Z
662da4.2090: LastWriteTime: 2016-01-08T19:10:38.947937600Z
663da4.2090: ChangeTime: 2016-01-08T19:10:38.947937600Z
664da4.2090: FileAttributes: 0x20
665da4.2090: Size: 0x54280
666da4.2090: NT Headers: 0x100
667da4.2090: Timestamp: 0x558ddc06
668da4.2090: Machine: 0x8664 - amd64
669da4.2090: Timestamp: 0x558ddc06
670da4.2090: Image Version: 0.0
671da4.2090: SizeOfImage: 0x4f980 (326016)
672da4.2090: Resource Dir: 0x4ef00 LB 0x380
673da4.2090: ProductName: SYSCORE
674da4.2090: ProductVersion: 15.4.0.674
675da4.2090: FileVersion: SYSCORE.15.4.0.674
676da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
677da4.2090: FileDescription: Anti-Virus Mini-Firewall Driver
678da4.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
679da4.2090: Calling main()
680da4.2090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
681da4.2090: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
682da4.2090: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
683da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
684da4.2090: SUPR3HardenedMain: Final process, opening VBoxDrv...
685da4.2090: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
686da4.2090: supR3HardNtEnableThreadCreation:
687da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
688da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
689da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b8e1:<flags> [calling]
690da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
691da4.2090: supR3HardenedDllNotificationCallback: load 000007fefab40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
692da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
693da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
694da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299061:<flags> [calling]
695da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
696da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
697da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299061:<flags> [calling]
698da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
699da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
700da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
701da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
702da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
703da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
704da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
705da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
706da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
707da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
708da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
709da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
710da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
711da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
712da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
713da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
714da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
715da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
716da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
717da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
718da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
719da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
720da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
721da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
722da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
723da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
724da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
725da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
726da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
727da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
728da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
729da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
730da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6f1:<flags> [calling]
731da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
732da4.2090: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
733da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
734da4.2090: supR3HardenedDllNotificationCallback: load 000007feff5f0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
735da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
736da4.2090: supR3HardenedDllNotificationCallback: load 000007fefdac0000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
737da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
738da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd8c0000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
739da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
740da4.2090: supR3HardenedDllNotificationCallback: load 000007feff690000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
741da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
742da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\windows\system32\Wintrust.dll'
743da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
744da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
745da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6f1:<flags> [calling]
746da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
747da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
748da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
749da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\windows\system32\bcrypt.dll'
750da4.2090: bcrypt.dll loaded at 000007fefd240000, BCryptOpenAlgorithmProvider at 000007fefd242640, preloading providers:
751da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
752da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
753da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
754da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
755da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
756da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
757da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
758da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
759da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
760da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
761da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
762da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
763da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
764da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
765da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
766da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
767da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
768da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
769da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
770da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6e1:<flags> [calling]
771da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
772da4.2090: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
773da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
774da4.2090: supR3HardenedDllNotificationCallback: load 000007feff510000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
775da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
776da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
777da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
778da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
779da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
780da4.2090: supR3HardenedDllNotificationCallback: load 000007fefdf10000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
781da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
782da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccf0000 'C:\windows\system32\bcryptprimitives.dll'
783da4.2090: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008fbda0)
784da4.2090: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008fdc60)
785da4.2090: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008fdd80)
786da4.2090: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008fdf90)
787da4.2090: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008fe0b0)
788da4.2090: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008fe1d0)
789da4.2090: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008fe410)
790da4.2090: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008fe530)
791da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
792da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
793da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
794da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
795da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
796da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
797da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
798da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
799da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d241:<flags> [calling]
800da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
801da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
802da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
803da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\windows\system32\CRYPTSP.dll'
804da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
805da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
806da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
807da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
808da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
809da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
810da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d1d1:<flags> [calling]
811da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
812da4.2090: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
813da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
814da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\rsaenh.dll'
815da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
816da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ca61:<flags> [calling]
817da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff510000 'C:\windows\system32\ADVAPI32.dll'
818da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
819da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
820da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cde1:<flags> [calling]
821da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
822da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
823da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
824da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\windows\system32\CRYPTBASE.dll'
825da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'.
826da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
827da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
828da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
829da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
830da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcp90.dll'.
831da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
832da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr90.dll'.
833da4.2088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll)
834da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll
835da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'...
836da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll'
837da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
838da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
839da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
840da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
841da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
842da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
843da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
844da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'...
845da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll'
846da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
847da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
848da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
849da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
850da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
851da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
852da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
853da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
854da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
855da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
856da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
857da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
858da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
859da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
860da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
861da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
862da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
863da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
864da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
865da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll)
866da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
867da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
868da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
869da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
870da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
871da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
872da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
873da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
874da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
875da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
876da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
877da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
878da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
879da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
880da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
881da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
882da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
883da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
884da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
885da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
886da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
887da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
888da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
889da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
890da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
891da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
892da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
893da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
894da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
895da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
896da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
897da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
898da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
899da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
900da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
901da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
902da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
903da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
904da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
905da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
906da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
907da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
908da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
909da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
910da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
911da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
912da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
913da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
914da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
915da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
916da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
917da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
918da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
919da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
920da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
921da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
922da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
923da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
924da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
925da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
926da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
927da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
928da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
929da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
930da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
931da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
932da4.2088: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
933da4.2088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
934da4.2088: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x0001f000 C:\windows\system32\privman64.dll [fFlags=0x0]
935da4.2088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
93618b4.ca0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 390 ms, the end);
937528.a00: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 951 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy