37a0.3ff8: Log file opened: 5.0.14r105127 g_hStartupLog=00000000000000ac g_uNtVerCombined=0x611db110 37a0.3ff8: \SystemRoot\System32\ntdll.dll: 37a0.3ff8: CreationTime: 2016-01-05T15:15:33.635876900Z 37a0.3ff8: LastWriteTime: 2015-10-20T01:09:05.164170200Z 37a0.3ff8: ChangeTime: 2016-01-05T23:14:24.453534400Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x1a67c0 37a0.3ff8: NT Headers: 0xe0 37a0.3ff8: Timestamp: 0x56259295 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x56259295 37a0.3ff8: Image Version: 6.1 37a0.3ff8: SizeOfImage: 0x1a9000 (1740800) 37a0.3ff8: Resource Dir: 0x14d000 LB 0x5a028 37a0.3ff8: ProductName: Microsoft® Windows® Operating System 37a0.3ff8: ProductVersion: 6.1.7601.19045 37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 37a0.3ff8: FileDescription: NT Layer DLL 37a0.3ff8: \SystemRoot\System32\kernel32.dll: 37a0.3ff8: CreationTime: 2016-01-05T15:15:33.089890900Z 37a0.3ff8: LastWriteTime: 2015-10-20T01:05:40.819000000Z 37a0.3ff8: ChangeTime: 2016-01-05T23:14:25.077514400Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x11c600 37a0.3ff8: NT Headers: 0xe8 37a0.3ff8: Timestamp: 0x56259270 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x56259270 37a0.3ff8: Image Version: 6.1 37a0.3ff8: SizeOfImage: 0x120000 (1179648) 37a0.3ff8: Resource Dir: 0x117000 LB 0x528 37a0.3ff8: ProductName: Microsoft® Windows® Operating System 37a0.3ff8: ProductVersion: 6.1.7601.19045 37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 37a0.3ff8: FileDescription: Windows NT BASE API Client DLL 37a0.3ff8: \SystemRoot\System32\KernelBase.dll: 37a0.3ff8: CreationTime: 2016-01-05T15:15:36.615400500Z 37a0.3ff8: LastWriteTime: 2015-10-20T01:05:40.819000000Z 37a0.3ff8: ChangeTime: 2016-01-05T23:14:25.093113900Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x67c00 37a0.3ff8: NT Headers: 0xe8 37a0.3ff8: Timestamp: 0x56259271 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x56259271 37a0.3ff8: Image Version: 6.1 37a0.3ff8: SizeOfImage: 0x6c000 (442368) 37a0.3ff8: Resource Dir: 0x6a000 LB 0x530 37a0.3ff8: ProductName: Microsoft® Windows® Operating System 37a0.3ff8: ProductVersion: 6.1.7601.19045 37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 37a0.3ff8: FileDescription: Windows NT BASE API Client DLL 37a0.3ff8: \SystemRoot\System32\apisetschema.dll: 37a0.3ff8: CreationTime: 2016-01-05T15:15:41.841266500Z 37a0.3ff8: LastWriteTime: 2015-10-20T00:53:47.280000000Z 37a0.3ff8: ChangeTime: 2016-01-05T23:14:24.079146400Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x1a00 37a0.3ff8: NT Headers: 0xc0 37a0.3ff8: Timestamp: 0x562590e2 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x562590e2 37a0.3ff8: Image Version: 6.1 37a0.3ff8: SizeOfImage: 0x50000 (327680) 37a0.3ff8: Resource Dir: 0x30000 LB 0x3f8 37a0.3ff8: ProductName: Microsoft® Windows® Operating System 37a0.3ff8: ProductVersion: 6.1.7601.19045 37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 37a0.3ff8: FileDescription: ApiSet Schema DLL 37a0.3ff8: Found driver mfewfpk (0x20) 37a0.3ff8: Found driver mfehidk (0x20) 37a0.3ff8: Found driver mfeavfk (0x20) 37a0.3ff8: Found driver mfefirek (0x20) 37a0.3ff8: supR3HardenedWinFindAdversaries: 0x20 37a0.3ff8: \SystemRoot\System32\drivers\mfeapfk.sys: 37a0.3ff8: CreationTime: 2014-08-27T13:53:23.447070100Z 37a0.3ff8: LastWriteTime: 2014-08-27T13:53:11.606254300Z 37a0.3ff8: ChangeTime: 2015-08-26T11:18:34.144626700Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x2c030 37a0.3ff8: NT Headers: 0xe8 37a0.3ff8: Timestamp: 0x52ab7fef 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x52ab7fef 37a0.3ff8: Image Version: 0.0 37a0.3ff8: SizeOfImage: 0x29d00 (171264) 37a0.3ff8: Resource Dir: 0x29500 LB 0x340 37a0.3ff8: ProductName: SYSCORE 37a0.3ff8: FileVersion: SYSCORE.15.1.0.656 37a0.3ff8: PrivateBuild: SYSCORE.15.1.0.656 F16 37a0.3ff8: FileDescription: Access Protection Filter Driver 37a0.3ff8: \SystemRoot\System32\drivers\mfeavfk.sys: 37a0.3ff8: CreationTime: 2014-08-27T13:53:23.326082200Z 37a0.3ff8: LastWriteTime: 2015-10-22T18:41:49.066172200Z 37a0.3ff8: ChangeTime: 2015-10-22T18:41:59.236070500Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x54e98 37a0.3ff8: NT Headers: 0xf8 37a0.3ff8: Timestamp: 0x558ddc3c 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x558ddc3c 37a0.3ff8: Image Version: 0.0 37a0.3ff8: SizeOfImage: 0x50580 (329088) 37a0.3ff8: Resource Dir: 0x4f700 LB 0x758 37a0.3ff8: ProductName: SYSCORE 37a0.3ff8: ProductVersion: 15.4.0.674 37a0.3ff8: FileVersion: SYSCORE.15.4.0.674 37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 37a0.3ff8: FileDescription: Anti-Virus File System Filter Driver 37a0.3ff8: \SystemRoot\System32\drivers\mfefirek.sys: 37a0.3ff8: CreationTime: 2015-10-26T20:59:00.916917600Z 37a0.3ff8: LastWriteTime: 2015-10-26T20:57:28.083102900Z 37a0.3ff8: ChangeTime: 2015-10-26T20:57:28.083102900Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x794f8 37a0.3ff8: NT Headers: 0xe8 37a0.3ff8: Timestamp: 0x558ddc7b 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x558ddc7b 37a0.3ff8: Image Version: 0.0 37a0.3ff8: SizeOfImage: 0x74880 (477312) 37a0.3ff8: Resource Dir: 0x72000 LB 0x388 37a0.3ff8: ProductName: SYSCORE 37a0.3ff8: ProductVersion: 15.4.0.674 37a0.3ff8: FileVersion: SYSCORE.15.4.0.674 37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 37a0.3ff8: FileDescription: McAfee Core Firewall Engine Driver 37a0.3ff8: \SystemRoot\System32\drivers\mfehidk.sys: 37a0.3ff8: CreationTime: 2014-08-27T13:53:22.847130100Z 37a0.3ff8: LastWriteTime: 2015-10-22T18:41:49.016172700Z 37a0.3ff8: ChangeTime: 2015-10-22T18:41:49.016172700Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0xd5d98 37a0.3ff8: NT Headers: 0x108 37a0.3ff8: Timestamp: 0x558ddbf8 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x558ddbf8 37a0.3ff8: Image Version: 0.0 37a0.3ff8: SizeOfImage: 0xd0880 (854144) 37a0.3ff8: Resource Dir: 0xcd980 LB 0x758 37a0.3ff8: ProductName: SYSCORE 37a0.3ff8: ProductVersion: 15.4.0.674 37a0.3ff8: FileVersion: SYSCORE.15.4.0.674 37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 37a0.3ff8: FileDescription: McAfee Link Driver 37a0.3ff8: \SystemRoot\System32\drivers\mfewfpk.sys: 37a0.3ff8: CreationTime: 2014-08-27T13:53:16.103804500Z 37a0.3ff8: LastWriteTime: 2015-10-26T20:57:27.817908000Z 37a0.3ff8: ChangeTime: 2015-10-26T20:57:27.817908000Z 37a0.3ff8: FileAttributes: 0x20 37a0.3ff8: Size: 0x54280 37a0.3ff8: NT Headers: 0x100 37a0.3ff8: Timestamp: 0x558ddc06 37a0.3ff8: Machine: 0x8664 - amd64 37a0.3ff8: Timestamp: 0x558ddc06 37a0.3ff8: Image Version: 0.0 37a0.3ff8: SizeOfImage: 0x4f980 (326016) 37a0.3ff8: Resource Dir: 0x4ef00 LB 0x380 37a0.3ff8: ProductName: SYSCORE 37a0.3ff8: ProductVersion: 15.4.0.674 37a0.3ff8: FileVersion: SYSCORE.15.4.0.674 37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 37a0.3ff8: FileDescription: Anti-Virus Mini-Firewall Driver 37a0.3ff8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 37a0.3ff8: Calling main() 37a0.3ff8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 37a0.3ff8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 37a0.3ff8: SUPR3HardenedMain: Respawn #1 37a0.3ff8: System32: \Device\HarddiskVolume1\Windows\System32 37a0.3ff8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 37a0.3ff8: KnownDllPath: C:\Windows\system32 37a0.3ff8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 37a0.3ff8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 37a0.3ff8: supR3HardNtEnableThreadCreation: 37a0.3ff8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0 37a0.3ff8: supR3HardenedWinDoReSpawn(1): New child 3304.3124 [kernel32]. 37a0.3ff8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380 37a0.3ff8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cb0000 uNtDllChildAddr=0000000076cb0000 37a0.3ff8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cdb630 37a0.3ff8: supR3HardenedWinSetupChildInit: Start child. 37a0.3ff8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 37a0.3ff8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps 37a0.3ff8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 37a0.3ff8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 37a0.3ff8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 37a0.3ff8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 37a0.3ff8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 37a0.3ff8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 37a0.3ff8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 37a0.3ff8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 37a0.3ff8: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000 37a0.3ff8: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000 37a0.3ff8: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000 37a0.3ff8: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000 37a0.3ff8: 0000000000300000-ffffffff8994ffff 0x0001/0x0000 0x0000000 37a0.3ff8: *0000000076cb0000-0000000076cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076cb1000-0000000076daefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076daf000-0000000076dddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076dde000-0000000076de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076de6000-0000000076de6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076de7000-0000000076de9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076dea000-0000000076e58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 37a0.3ff8: 0000000076e59000-000000006ecd1fff 0x0001/0x0000 0x0000000 37a0.3ff8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 37a0.3ff8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 37a0.3ff8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 37a0.3ff8: 000000007fff0000-ffffffffc077ffff 0x0001/0x0000 0x0000000 37a0.3ff8: *000000013f860000-000000013f860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f861000-000000013f8e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f8e8000-000000013f8e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f8e9000-000000013f933fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f934000-000000013f934fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f935000-000000013f935fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f936000-000000013f93afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f93b000-000000013f93bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f93c000-000000013f93cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f93d000-000000013f940fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f941000-000000013f98bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 37a0.3ff8: 000000013f98c000-fffff80380347fff 0x0001/0x0000 0x0000000 37a0.3ff8: *000007fefefd0000-000007fefefd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 37a0.3ff8: 000007fefefd1000-000007fdfdff1fff 0x0001/0x0000 0x0000000 37a0.3ff8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 37a0.3ff8: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000 37a0.3ff8: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000 37a0.3ff8: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000 37a0.3ff8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 37a0.3ff8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 37a0.3ff8: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS) 37a0.3ff8: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS) 37a0.3ff8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 37a0.3ff8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 37a0.3ff8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 37a0.3ff8: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0). 37a0.3ff8: supR3HardNtEnableThreadCreation: 3304.3124: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 3304.3124: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cb0000 3304.3124: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS) 3304.3124: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation) 3304.3124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3304.3124: System32: \Device\HarddiskVolume1\Windows\System32 3304.3124: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 3304.3124: KnownDllPath: C:\Windows\system32 3304.3124: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3304.3124: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3304.3124: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3304.3124: Registered Dll notification callback with NTDLL. 3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 3304.3124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3304.3124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3304.3124: supR3HardenedDllNotificationCallback: load 0000000076b90000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 3304.3124: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3304.3124: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 3304.3124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b90000 'C:\Windows\system32\kernel32.dll' 3304.3124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0 37a0.3ff8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 26 ms. 3304.3124: \SystemRoot\System32\ntdll.dll: 3304.3124: CreationTime: 2016-01-05T15:15:33.635876900Z 3304.3124: LastWriteTime: 2015-10-20T01:09:05.164170200Z 3304.3124: ChangeTime: 2016-01-05T23:14:24.453534400Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x1a67c0 3304.3124: NT Headers: 0xe0 3304.3124: Timestamp: 0x56259295 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x56259295 3304.3124: Image Version: 6.1 3304.3124: SizeOfImage: 0x1a9000 (1740800) 3304.3124: Resource Dir: 0x14d000 LB 0x5a028 3304.3124: ProductName: Microsoft® Windows® Operating System 3304.3124: ProductVersion: 6.1.7601.19045 3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3304.3124: FileDescription: NT Layer DLL 3304.3124: \SystemRoot\System32\kernel32.dll: 3304.3124: CreationTime: 2016-01-05T15:15:33.089890900Z 3304.3124: LastWriteTime: 2015-10-20T01:05:40.819000000Z 3304.3124: ChangeTime: 2016-01-05T23:14:25.077514400Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x11c600 3304.3124: NT Headers: 0xe8 3304.3124: Timestamp: 0x56259270 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x56259270 3304.3124: Image Version: 6.1 3304.3124: SizeOfImage: 0x120000 (1179648) 3304.3124: Resource Dir: 0x117000 LB 0x528 3304.3124: ProductName: Microsoft® Windows® Operating System 3304.3124: ProductVersion: 6.1.7601.19045 3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3304.3124: FileDescription: Windows NT BASE API Client DLL 3304.3124: \SystemRoot\System32\KernelBase.dll: 3304.3124: CreationTime: 2016-01-05T15:15:36.615400500Z 3304.3124: LastWriteTime: 2015-10-20T01:05:40.819000000Z 3304.3124: ChangeTime: 2016-01-05T23:14:25.093113900Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x67c00 3304.3124: NT Headers: 0xe8 3304.3124: Timestamp: 0x56259271 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x56259271 3304.3124: Image Version: 6.1 3304.3124: SizeOfImage: 0x6c000 (442368) 3304.3124: Resource Dir: 0x6a000 LB 0x530 3304.3124: ProductName: Microsoft® Windows® Operating System 3304.3124: ProductVersion: 6.1.7601.19045 3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3304.3124: FileDescription: Windows NT BASE API Client DLL 3304.3124: \SystemRoot\System32\apisetschema.dll: 3304.3124: CreationTime: 2016-01-05T15:15:41.841266500Z 3304.3124: LastWriteTime: 2015-10-20T00:53:47.280000000Z 3304.3124: ChangeTime: 2016-01-05T23:14:24.079146400Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x1a00 3304.3124: NT Headers: 0xc0 3304.3124: Timestamp: 0x562590e2 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x562590e2 3304.3124: Image Version: 6.1 3304.3124: SizeOfImage: 0x50000 (327680) 3304.3124: Resource Dir: 0x30000 LB 0x3f8 3304.3124: ProductName: Microsoft® Windows® Operating System 3304.3124: ProductVersion: 6.1.7601.19045 3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3304.3124: FileDescription: ApiSet Schema DLL 3304.3124: Found driver mfewfpk (0x20) 3304.3124: Found driver mfehidk (0x20) 3304.3124: Found driver mfeavfk (0x20) 3304.3124: Found driver mfefirek (0x20) 3304.3124: supR3HardenedWinFindAdversaries: 0x20 3304.3124: \SystemRoot\System32\drivers\mfeapfk.sys: 3304.3124: CreationTime: 2014-08-27T13:53:23.447070100Z 3304.3124: LastWriteTime: 2014-08-27T13:53:11.606254300Z 3304.3124: ChangeTime: 2015-08-26T11:18:34.144626700Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x2c030 3304.3124: NT Headers: 0xe8 3304.3124: Timestamp: 0x52ab7fef 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x52ab7fef 3304.3124: Image Version: 0.0 3304.3124: SizeOfImage: 0x29d00 (171264) 3304.3124: Resource Dir: 0x29500 LB 0x340 3304.3124: ProductName: SYSCORE 3304.3124: FileVersion: SYSCORE.15.1.0.656 3304.3124: PrivateBuild: SYSCORE.15.1.0.656 F16 3304.3124: FileDescription: Access Protection Filter Driver 3304.3124: \SystemRoot\System32\drivers\mfeavfk.sys: 3304.3124: CreationTime: 2014-08-27T13:53:23.326082200Z 3304.3124: LastWriteTime: 2015-10-22T18:41:49.066172200Z 3304.3124: ChangeTime: 2015-10-22T18:41:59.236070500Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x54e98 3304.3124: NT Headers: 0xf8 3304.3124: Timestamp: 0x558ddc3c 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x558ddc3c 3304.3124: Image Version: 0.0 3304.3124: SizeOfImage: 0x50580 (329088) 3304.3124: Resource Dir: 0x4f700 LB 0x758 3304.3124: ProductName: SYSCORE 3304.3124: ProductVersion: 15.4.0.674 3304.3124: FileVersion: SYSCORE.15.4.0.674 3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 3304.3124: FileDescription: Anti-Virus File System Filter Driver 3304.3124: \SystemRoot\System32\drivers\mfefirek.sys: 3304.3124: CreationTime: 2015-10-26T20:59:00.916917600Z 3304.3124: LastWriteTime: 2015-10-26T20:57:28.083102900Z 3304.3124: ChangeTime: 2015-10-26T20:57:28.083102900Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x794f8 3304.3124: NT Headers: 0xe8 3304.3124: Timestamp: 0x558ddc7b 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x558ddc7b 3304.3124: Image Version: 0.0 3304.3124: SizeOfImage: 0x74880 (477312) 3304.3124: Resource Dir: 0x72000 LB 0x388 3304.3124: ProductName: SYSCORE 3304.3124: ProductVersion: 15.4.0.674 3304.3124: FileVersion: SYSCORE.15.4.0.674 3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 3304.3124: FileDescription: McAfee Core Firewall Engine Driver 3304.3124: \SystemRoot\System32\drivers\mfehidk.sys: 3304.3124: CreationTime: 2014-08-27T13:53:22.847130100Z 3304.3124: LastWriteTime: 2015-10-22T18:41:49.016172700Z 3304.3124: ChangeTime: 2015-10-22T18:41:49.016172700Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0xd5d98 3304.3124: NT Headers: 0x108 3304.3124: Timestamp: 0x558ddbf8 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x558ddbf8 3304.3124: Image Version: 0.0 3304.3124: SizeOfImage: 0xd0880 (854144) 3304.3124: Resource Dir: 0xcd980 LB 0x758 3304.3124: ProductName: SYSCORE 3304.3124: ProductVersion: 15.4.0.674 3304.3124: FileVersion: SYSCORE.15.4.0.674 3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 3304.3124: FileDescription: McAfee Link Driver 3304.3124: \SystemRoot\System32\drivers\mfewfpk.sys: 3304.3124: CreationTime: 2014-08-27T13:53:16.103804500Z 3304.3124: LastWriteTime: 2015-10-26T20:57:27.817908000Z 3304.3124: ChangeTime: 2015-10-26T20:57:27.817908000Z 3304.3124: FileAttributes: 0x20 3304.3124: Size: 0x54280 3304.3124: NT Headers: 0x100 3304.3124: Timestamp: 0x558ddc06 3304.3124: Machine: 0x8664 - amd64 3304.3124: Timestamp: 0x558ddc06 3304.3124: Image Version: 0.0 3304.3124: SizeOfImage: 0x4f980 (326016) 3304.3124: Resource Dir: 0x4ef00 LB 0x380 3304.3124: ProductName: SYSCORE 3304.3124: ProductVersion: 15.4.0.674 3304.3124: FileVersion: SYSCORE.15.4.0.674 3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 3304.3124: FileDescription: Anti-Virus Mini-Firewall Driver 3304.3124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3304.3124: Calling main() 3304.3124: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3304.3124: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3304.3124: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3304.3124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3304.3124: SUPR3HardenedMain: Respawn #2 3304.3124: supR3HardNtEnableThreadCreation: 3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 3304.3124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3304.3124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 3304.3124: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 3304.3124: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 3304.3124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\apphelp.dll' 3304.3124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0 3304.3124: supR3HardenedWinDoReSpawn(2): New child 3a60.288c [kernel32]. 3304.3124: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380 3304.3124: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cb0000 uNtDllChildAddr=0000000076cb0000 3304.3124: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cdb630 3304.3124: supR3HardenedWinSetupChildInit: Start child. 3304.3124: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3304.3124: supR3HardNtChildPurify: Startup delay kludge #1/0: 525 ms, 53 sleeps 3304.3124: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3304.3124: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 3304.3124: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 3304.3124: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 3304.3124: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 3304.3124: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 3304.3124: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 3304.3124: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 3304.3124: 0000000000051000-fffffffffffa1fff 0x0001/0x0000 0x0000000 3304.3124: *0000000000100000-0000000000003fff 0x0000/0x0004 0x0020000 3304.3124: 00000000001fc000-00000000001f8fff 0x0104/0x0004 0x0020000 3304.3124: 00000000001ff000-00000000001fdfff 0x0004/0x0004 0x0020000 3304.3124: 0000000000200000-ffffffff8974ffff 0x0001/0x0000 0x0000000 3304.3124: *0000000076cb0000-0000000076cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076cb1000-0000000076daefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076daf000-0000000076dddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076dde000-0000000076de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076de6000-0000000076de6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076de7000-0000000076de9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076dea000-0000000076e58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 3304.3124: 0000000076e59000-000000006ecd1fff 0x0001/0x0000 0x0000000 3304.3124: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 3304.3124: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 3304.3124: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 3304.3124: 000000007fff0000-ffffffffc077ffff 0x0001/0x0000 0x0000000 3304.3124: *000000013f860000-000000013f860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f861000-000000013f8e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f8e8000-000000013f8e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f8e9000-000000013f933fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f934000-000000013f934fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f935000-000000013f935fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f936000-000000013f93afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f93b000-000000013f93bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f93c000-000000013f93cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f93d000-000000013f940fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f941000-000000013f98bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 3304.3124: 000000013f98c000-fffff80380347fff 0x0001/0x0000 0x0000000 3304.3124: *000007fefefd0000-000007fefefd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 3304.3124: 000007fefefd1000-000007fdfdff1fff 0x0001/0x0000 0x0000000 3304.3124: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 3304.3124: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000 3304.3124: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000 3304.3124: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000 3304.3124: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 3304.3124: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 3304.3124: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS) 3304.3124: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS) 3304.3124: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3304.3124: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 3304.3124: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 3304.3124: supR3HardNtChildPurify: Done after 572 ms and 0 fixes (loop #0). 3304.3124: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000) 3304.3124: supR3HardNtEnableThreadCreation: 3a60.288c: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 3a60.288c: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cb0000 3a60.288c: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS) 3a60.288c: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation) 3a60.288c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3a60.288c: System32: \Device\HarddiskVolume1\Windows\System32 3a60.288c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 3a60.288c: KnownDllPath: C:\Windows\system32 3a60.288c: supR3HardenedVmProcessInit: Opening vboxdrv... 3a60.288c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3a60.288c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3a60.288c: Registered Dll notification callback with NTDLL. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 0000000076b90000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b90000 'C:\Windows\system32\kernel32.dll' 3a60.288c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0 3304.3124: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms. 3a60.288c: \SystemRoot\System32\ntdll.dll: 3a60.288c: CreationTime: 2016-01-05T15:15:33.635876900Z 3a60.288c: LastWriteTime: 2015-10-20T01:09:05.164170200Z 3a60.288c: ChangeTime: 2016-01-05T23:14:24.453534400Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x1a67c0 3a60.288c: NT Headers: 0xe0 3a60.288c: Timestamp: 0x56259295 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x56259295 3a60.288c: Image Version: 6.1 3a60.288c: SizeOfImage: 0x1a9000 (1740800) 3a60.288c: Resource Dir: 0x14d000 LB 0x5a028 3a60.288c: ProductName: Microsoft® Windows® Operating System 3a60.288c: ProductVersion: 6.1.7601.19045 3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3a60.288c: FileDescription: NT Layer DLL 3a60.288c: \SystemRoot\System32\kernel32.dll: 3a60.288c: CreationTime: 2016-01-05T15:15:33.089890900Z 3a60.288c: LastWriteTime: 2015-10-20T01:05:40.819000000Z 3a60.288c: ChangeTime: 2016-01-05T23:14:25.077514400Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x11c600 3a60.288c: NT Headers: 0xe8 3a60.288c: Timestamp: 0x56259270 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x56259270 3a60.288c: Image Version: 6.1 3a60.288c: SizeOfImage: 0x120000 (1179648) 3a60.288c: Resource Dir: 0x117000 LB 0x528 3a60.288c: ProductName: Microsoft® Windows® Operating System 3a60.288c: ProductVersion: 6.1.7601.19045 3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3a60.288c: FileDescription: Windows NT BASE API Client DLL 3a60.288c: \SystemRoot\System32\KernelBase.dll: 3a60.288c: CreationTime: 2016-01-05T15:15:36.615400500Z 3a60.288c: LastWriteTime: 2015-10-20T01:05:40.819000000Z 3a60.288c: ChangeTime: 2016-01-05T23:14:25.093113900Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x67c00 3a60.288c: NT Headers: 0xe8 3a60.288c: Timestamp: 0x56259271 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x56259271 3a60.288c: Image Version: 6.1 3a60.288c: SizeOfImage: 0x6c000 (442368) 3a60.288c: Resource Dir: 0x6a000 LB 0x530 3a60.288c: ProductName: Microsoft® Windows® Operating System 3a60.288c: ProductVersion: 6.1.7601.19045 3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3a60.288c: FileDescription: Windows NT BASE API Client DLL 3a60.288c: \SystemRoot\System32\apisetschema.dll: 3a60.288c: CreationTime: 2016-01-05T15:15:41.841266500Z 3a60.288c: LastWriteTime: 2015-10-20T00:53:47.280000000Z 3a60.288c: ChangeTime: 2016-01-05T23:14:24.079146400Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x1a00 3a60.288c: NT Headers: 0xc0 3a60.288c: Timestamp: 0x562590e2 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x562590e2 3a60.288c: Image Version: 6.1 3a60.288c: SizeOfImage: 0x50000 (327680) 3a60.288c: Resource Dir: 0x30000 LB 0x3f8 3a60.288c: ProductName: Microsoft® Windows® Operating System 3a60.288c: ProductVersion: 6.1.7601.19045 3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 3a60.288c: FileDescription: ApiSet Schema DLL 3a60.288c: Found driver mfewfpk (0x20) 3a60.288c: Found driver mfehidk (0x20) 3a60.288c: Found driver mfeavfk (0x20) 3a60.288c: Found driver mfefirek (0x20) 3a60.288c: supR3HardenedWinFindAdversaries: 0x20 3a60.288c: \SystemRoot\System32\drivers\mfeapfk.sys: 3a60.288c: CreationTime: 2014-08-27T13:53:23.447070100Z 3a60.288c: LastWriteTime: 2014-08-27T13:53:11.606254300Z 3a60.288c: ChangeTime: 2015-08-26T11:18:34.144626700Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x2c030 3a60.288c: NT Headers: 0xe8 3a60.288c: Timestamp: 0x52ab7fef 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x52ab7fef 3a60.288c: Image Version: 0.0 3a60.288c: SizeOfImage: 0x29d00 (171264) 3a60.288c: Resource Dir: 0x29500 LB 0x340 3a60.288c: ProductName: SYSCORE 3a60.288c: FileVersion: SYSCORE.15.1.0.656 3a60.288c: PrivateBuild: SYSCORE.15.1.0.656 F16 3a60.288c: FileDescription: Access Protection Filter Driver 3a60.288c: \SystemRoot\System32\drivers\mfeavfk.sys: 3a60.288c: CreationTime: 2014-08-27T13:53:23.326082200Z 3a60.288c: LastWriteTime: 2015-10-22T18:41:49.066172200Z 3a60.288c: ChangeTime: 2015-10-22T18:41:59.236070500Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x54e98 3a60.288c: NT Headers: 0xf8 3a60.288c: Timestamp: 0x558ddc3c 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x558ddc3c 3a60.288c: Image Version: 0.0 3a60.288c: SizeOfImage: 0x50580 (329088) 3a60.288c: Resource Dir: 0x4f700 LB 0x758 3a60.288c: ProductName: SYSCORE 3a60.288c: ProductVersion: 15.4.0.674 3a60.288c: FileVersion: SYSCORE.15.4.0.674 3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 3a60.288c: FileDescription: Anti-Virus File System Filter Driver 3a60.288c: \SystemRoot\System32\drivers\mfefirek.sys: 3a60.288c: CreationTime: 2015-10-26T20:59:00.916917600Z 3a60.288c: LastWriteTime: 2015-10-26T20:57:28.083102900Z 3a60.288c: ChangeTime: 2015-10-26T20:57:28.083102900Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x794f8 3a60.288c: NT Headers: 0xe8 3a60.288c: Timestamp: 0x558ddc7b 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x558ddc7b 3a60.288c: Image Version: 0.0 3a60.288c: SizeOfImage: 0x74880 (477312) 3a60.288c: Resource Dir: 0x72000 LB 0x388 3a60.288c: ProductName: SYSCORE 3a60.288c: ProductVersion: 15.4.0.674 3a60.288c: FileVersion: SYSCORE.15.4.0.674 3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 3a60.288c: FileDescription: McAfee Core Firewall Engine Driver 3a60.288c: \SystemRoot\System32\drivers\mfehidk.sys: 3a60.288c: CreationTime: 2014-08-27T13:53:22.847130100Z 3a60.288c: LastWriteTime: 2015-10-22T18:41:49.016172700Z 3a60.288c: ChangeTime: 2015-10-22T18:41:49.016172700Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0xd5d98 3a60.288c: NT Headers: 0x108 3a60.288c: Timestamp: 0x558ddbf8 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x558ddbf8 3a60.288c: Image Version: 0.0 3a60.288c: SizeOfImage: 0xd0880 (854144) 3a60.288c: Resource Dir: 0xcd980 LB 0x758 3a60.288c: ProductName: SYSCORE 3a60.288c: ProductVersion: 15.4.0.674 3a60.288c: FileVersion: SYSCORE.15.4.0.674 3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 3a60.288c: FileDescription: McAfee Link Driver 3a60.288c: \SystemRoot\System32\drivers\mfewfpk.sys: 3a60.288c: CreationTime: 2014-08-27T13:53:16.103804500Z 3a60.288c: LastWriteTime: 2015-10-26T20:57:27.817908000Z 3a60.288c: ChangeTime: 2015-10-26T20:57:27.817908000Z 3a60.288c: FileAttributes: 0x20 3a60.288c: Size: 0x54280 3a60.288c: NT Headers: 0x100 3a60.288c: Timestamp: 0x558ddc06 3a60.288c: Machine: 0x8664 - amd64 3a60.288c: Timestamp: 0x558ddc06 3a60.288c: Image Version: 0.0 3a60.288c: SizeOfImage: 0x4f980 (326016) 3a60.288c: Resource Dir: 0x4ef00 LB 0x380 3a60.288c: ProductName: SYSCORE 3a60.288c: ProductVersion: 15.4.0.674 3a60.288c: FileVersion: SYSCORE.15.4.0.674 3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 3a60.288c: FileDescription: Anti-Virus Mini-Firewall Driver 3a60.288c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3a60.288c: Calling main() 3a60.288c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 3a60.288c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3a60.288c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 3a60.288c: SUPR3HardenedMain: Final process, opening VBoxDrv... 3a60.288c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000) 3a60.288c: supR3HardNtEnableThreadCreation: 3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000795640:C:\Windows\system32 [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fef8220000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000795640:C:\Windows\system32 [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcb50000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\Wintrust.dll' 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080b490:C:\Windows\system32 [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc340000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc340000 'C:\Windows\system32\bcrypt.dll' 3a60.288c: bcrypt.dll loaded at 000007fefc340000, BCryptOpenAlgorithmProvider at 000007fefc342640, preloading providers: 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefbde0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefea70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbde0000 'C:\Windows\system32\bcryptprimitives.dll' 3a60.288c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000080cb70) 3a60.288c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000080fa30) 3a60.288c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000080fb50) 3a60.288c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000080fd60) 3a60.288c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000080fe80) 3a60.288c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000080ffa0) 3a60.288c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008101e0) 3a60.288c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000810300) 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc1f0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1f0000 'C:\Windows\system32\CRYPTSP.dll' 3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefbef0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbef0000 'C:\Windows\system32\rsaenh.dll' 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\Windows\system32\ADVAPI32.dll' 3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling] 3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc850000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\CRYPTBASE.dll' 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll) 3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3a60.3424: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 3a60.3424: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x0002d000 C:\Windows\system32\privman64.dll [fFlags=0x0] 3a60.3424: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 3304.3124: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47 ms, the end); 37a0.3ff8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 688 ms, the end);