528.a00: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000160 g_uNtVerCombined=0x611db110 528.a00: \SystemRoot\System32\ntdll.dll: 528.a00: CreationTime: 2016-04-21T17:32:22.763270800Z 528.a00: LastWriteTime: 2016-03-17T23:01:02.536172600Z 528.a00: ChangeTime: 2016-04-21T22:37:55.149991300Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x1a7100 528.a00: NT Headers: 0xe0 528.a00: Timestamp: 0x56eb3625 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x56eb3625 528.a00: Image Version: 6.1 528.a00: SizeOfImage: 0x1aa000 (1744896) 528.a00: Resource Dir: 0x14e000 LB 0x5a028 528.a00: ProductName: Microsoft® Windows® Operating System 528.a00: ProductVersion: 6.1.7601.23392 528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 528.a00: FileDescription: NT Layer DLL 528.a00: \SystemRoot\System32\kernel32.dll: 528.a00: CreationTime: 2016-04-21T17:32:23.137721200Z 528.a00: LastWriteTime: 2016-03-17T22:53:15.811000000Z 528.a00: ChangeTime: 2016-04-21T22:37:55.586805300Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x11c000 528.a00: NT Headers: 0xe0 528.a00: Timestamp: 0x56eb3603 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x56eb3603 528.a00: Image Version: 6.1 528.a00: SizeOfImage: 0x11f000 (1175552) 528.a00: Resource Dir: 0x116000 LB 0x528 528.a00: ProductName: Microsoft® Windows® Operating System 528.a00: ProductVersion: 6.1.7601.23392 528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 528.a00: FileDescription: Windows NT BASE API Client DLL 528.a00: \SystemRoot\System32\KernelBase.dll: 528.a00: CreationTime: 2016-04-21T17:32:24.183061900Z 528.a00: LastWriteTime: 2016-03-17T22:53:15.858000000Z 528.a00: ChangeTime: 2016-04-21T22:37:55.602405800Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x66800 528.a00: NT Headers: 0xe8 528.a00: Timestamp: 0x56eb3604 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x56eb3604 528.a00: Image Version: 6.1 528.a00: SizeOfImage: 0x6a000 (434176) 528.a00: Resource Dir: 0x68000 LB 0x530 528.a00: ProductName: Microsoft® Windows® Operating System 528.a00: ProductVersion: 6.1.7601.23392 528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 528.a00: FileDescription: Windows NT BASE API Client DLL 528.a00: \SystemRoot\System32\apisetschema.dll: 528.a00: CreationTime: 2016-04-21T17:32:25.602853000Z 528.a00: LastWriteTime: 2016-03-17T22:50:11.213000000Z 528.a00: ChangeTime: 2016-04-21T22:37:54.993986300Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x1a00 528.a00: NT Headers: 0xc0 528.a00: Timestamp: 0x56eb34e9 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x56eb34e9 528.a00: Image Version: 6.1 528.a00: SizeOfImage: 0x50000 (327680) 528.a00: Resource Dir: 0x30000 LB 0x3f8 528.a00: ProductName: Microsoft® Windows® Operating System 528.a00: ProductVersion: 6.1.7601.23392 528.a00: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 528.a00: FileDescription: ApiSet Schema DLL 528.a00: Found driver mfewfpk (0x20) 528.a00: Found driver mfehidk (0x20) 528.a00: Found driver mfeavfk (0x20) 528.a00: Found driver mfefirek (0x20) 528.a00: supR3HardenedWinFindAdversaries: 0x20 528.a00: \SystemRoot\System32\drivers\mfeapfk.sys: 528.a00: CreationTime: 2016-01-08T19:13:20.657537600Z 528.a00: LastWriteTime: 2013-12-17T16:25:26.000000000Z 528.a00: ChangeTime: 2016-01-08T19:13:11.359937600Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x2c030 528.a00: NT Headers: 0xe8 528.a00: Timestamp: 0x52ab7fef 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x52ab7fef 528.a00: Image Version: 0.0 528.a00: SizeOfImage: 0x29d00 (171264) 528.a00: Resource Dir: 0x29500 LB 0x340 528.a00: ProductName: SYSCORE 528.a00: FileVersion: SYSCORE.15.1.0.656 528.a00: PrivateBuild: SYSCORE.15.1.0.656 F16 528.a00: FileDescription: Access Protection Filter Driver 528.a00: \SystemRoot\System32\drivers\mfeavfk.sys: 528.a00: CreationTime: 2016-01-08T19:10:52.629137600Z 528.a00: LastWriteTime: 2016-01-08T19:10:38.667137600Z 528.a00: ChangeTime: 2016-01-08T19:10:38.667137600Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x54e98 528.a00: NT Headers: 0xf8 528.a00: Timestamp: 0x558ddc3c 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x558ddc3c 528.a00: Image Version: 0.0 528.a00: SizeOfImage: 0x50580 (329088) 528.a00: Resource Dir: 0x4f700 LB 0x758 528.a00: ProductName: SYSCORE 528.a00: ProductVersion: 15.4.0.674 528.a00: FileVersion: SYSCORE.15.4.0.674 528.a00: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 528.a00: FileDescription: Anti-Virus File System Filter Driver 528.a00: \SystemRoot\System32\drivers\mfefirek.sys: 528.a00: CreationTime: 2016-01-08T19:11:02.566337600Z 528.a00: LastWriteTime: 2016-01-08T19:10:39.197537600Z 528.a00: ChangeTime: 2016-01-08T19:10:39.197537600Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x794f8 528.a00: NT Headers: 0xe8 528.a00: Timestamp: 0x558ddc7b 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x558ddc7b 528.a00: Image Version: 0.0 528.a00: SizeOfImage: 0x74880 (477312) 528.a00: Resource Dir: 0x72000 LB 0x388 528.a00: ProductName: SYSCORE 528.a00: ProductVersion: 15.4.0.674 528.a00: FileVersion: SYSCORE.15.4.0.674 528.a00: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 528.a00: FileDescription: McAfee Core Firewall Engine Driver 528.a00: \SystemRoot\System32\drivers\mfehidk.sys: 528.a00: CreationTime: 2016-01-08T19:10:51.287537600Z 528.a00: LastWriteTime: 2016-01-08T19:10:38.823137600Z 528.a00: ChangeTime: 2016-01-08T19:10:38.823137600Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0xd5d98 528.a00: NT Headers: 0x108 528.a00: Timestamp: 0x558ddbf8 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x558ddbf8 528.a00: Image Version: 0.0 528.a00: SizeOfImage: 0xd0880 (854144) 528.a00: Resource Dir: 0xcd980 LB 0x758 528.a00: ProductName: SYSCORE 528.a00: ProductVersion: 15.4.0.674 528.a00: FileVersion: SYSCORE.15.4.0.674 528.a00: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 528.a00: FileDescription: McAfee Link Driver 528.a00: \SystemRoot\System32\drivers\mfewfpk.sys: 528.a00: CreationTime: 2016-01-08T19:10:46.950737600Z 528.a00: LastWriteTime: 2016-01-08T19:10:38.947937600Z 528.a00: ChangeTime: 2016-01-08T19:10:38.947937600Z 528.a00: FileAttributes: 0x20 528.a00: Size: 0x54280 528.a00: NT Headers: 0x100 528.a00: Timestamp: 0x558ddc06 528.a00: Machine: 0x8664 - amd64 528.a00: Timestamp: 0x558ddc06 528.a00: Image Version: 0.0 528.a00: SizeOfImage: 0x4f980 (326016) 528.a00: Resource Dir: 0x4ef00 LB 0x380 528.a00: ProductName: SYSCORE 528.a00: ProductVersion: 15.4.0.674 528.a00: FileVersion: SYSCORE.15.4.0.674 528.a00: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 528.a00: FileDescription: Anti-Virus Mini-Firewall Driver 528.a00: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 528.a00: Calling main() 528.a00: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 528.a00: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 528.a00: SUPR3HardenedMain: Respawn #1 528.a00: System32: \Device\HarddiskVolume1\Windows\System32 528.a00: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 528.a00: KnownDllPath: C:\windows\system32 528.a00: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 528.a00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 528.a00: supR3HardNtEnableThreadCreation: 528.a00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060 528.a00: supR3HardenedWinDoReSpawn(1): New child 18b4.ca0 [kernel32]. 528.a00: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380 528.a00: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000 528.a00: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b5a0e0 528.a00: supR3HardenedWinSetupChildInit: Start child. 528.a00: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 528.a00: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps 528.a00: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 528.a00: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 528.a00: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 528.a00: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 528.a00: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 528.a00: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 528.a00: 0000000000041000-fffffffffffe1fff 0x0001/0x0000 0x0000000 528.a00: *00000000000a0000-fffffffffffa3fff 0x0000/0x0004 0x0020000 528.a00: 000000000019c000-0000000000198fff 0x0104/0x0004 0x0020000 528.a00: 000000000019f000-000000000019dfff 0x0004/0x0004 0x0020000 528.a00: 00000000001a0000-ffffffff8880ffff 0x0001/0x0000 0x0000000 528.a00: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077b31000-0000000077c2dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077c2e000-0000000077c5cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077c5d000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077c67000-0000000077c67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077c68000-0000000077c6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077c6b000-0000000077cd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 528.a00: 0000000077cda000-00000000709d3fff 0x0001/0x0000 0x0000000 528.a00: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 528.a00: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 528.a00: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 528.a00: 000000007fff0000-ffffffffc000ffff 0x0001/0x0000 0x0000000 528.a00: *000000013ffd0000-000000013ffd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 000000013ffd1000-0000000140040fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140041000-0000000140041fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140042000-0000000140086fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140087000-0000000140087fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140088000-0000000140088fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140089000-000000014008dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 000000014008e000-000000014008efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 000000014008f000-000000014008ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140090000-0000000140093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 0000000140094000-00000001400dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 528.a00: 00000001400dc000-fffff80380367fff 0x0001/0x0000 0x0000000 528.a00: *000007feffe50000-000007feffe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 528.a00: 000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000 528.a00: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 528.a00: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000 528.a00: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000 528.a00: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000 528.a00: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000 528.a00: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 528.a00: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS) 528.a00: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS) 528.a00: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 528.a00: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 528.a00: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 528.a00: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0). 528.a00: supR3HardNtEnableThreadCreation: 18b4.ca0: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 18b4.ca0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100 18b4.ca0: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS) 18b4.ca0: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1744896 allocation) 18b4.ca0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 18b4.ca0: System32: \Device\HarddiskVolume1\Windows\System32 18b4.ca0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 18b4.ca0: KnownDllPath: C:\windows\system32 18b4.ca0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 18b4.ca0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 18b4.ca0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 18b4.ca0: Registered Dll notification callback with NTDLL. 18b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 18b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 18b4.ca0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 18b4.ca0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 18b4.ca0: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0] 18b4.ca0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 18b4.ca0: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0] 18b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 18b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 18b4.ca0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\windows\system32\kernel32.dll' 18b4.ca0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060 528.a00: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms. 18b4.ca0: \SystemRoot\System32\ntdll.dll: 18b4.ca0: CreationTime: 2016-04-21T17:32:22.763270800Z 18b4.ca0: LastWriteTime: 2016-03-17T23:01:02.536172600Z 18b4.ca0: ChangeTime: 2016-04-21T22:37:55.149991300Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x1a7100 18b4.ca0: NT Headers: 0xe0 18b4.ca0: Timestamp: 0x56eb3625 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x56eb3625 18b4.ca0: Image Version: 6.1 18b4.ca0: SizeOfImage: 0x1aa000 (1744896) 18b4.ca0: Resource Dir: 0x14e000 LB 0x5a028 18b4.ca0: ProductName: Microsoft® Windows® Operating System 18b4.ca0: ProductVersion: 6.1.7601.23392 18b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 18b4.ca0: FileDescription: NT Layer DLL 18b4.ca0: \SystemRoot\System32\kernel32.dll: 18b4.ca0: CreationTime: 2016-04-21T17:32:23.137721200Z 18b4.ca0: LastWriteTime: 2016-03-17T22:53:15.811000000Z 18b4.ca0: ChangeTime: 2016-04-21T22:37:55.586805300Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x11c000 18b4.ca0: NT Headers: 0xe0 18b4.ca0: Timestamp: 0x56eb3603 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x56eb3603 18b4.ca0: Image Version: 6.1 18b4.ca0: SizeOfImage: 0x11f000 (1175552) 18b4.ca0: Resource Dir: 0x116000 LB 0x528 18b4.ca0: ProductName: Microsoft® Windows® Operating System 18b4.ca0: ProductVersion: 6.1.7601.23392 18b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 18b4.ca0: FileDescription: Windows NT BASE API Client DLL 18b4.ca0: \SystemRoot\System32\KernelBase.dll: 18b4.ca0: CreationTime: 2016-04-21T17:32:24.183061900Z 18b4.ca0: LastWriteTime: 2016-03-17T22:53:15.858000000Z 18b4.ca0: ChangeTime: 2016-04-21T22:37:55.602405800Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x66800 18b4.ca0: NT Headers: 0xe8 18b4.ca0: Timestamp: 0x56eb3604 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x56eb3604 18b4.ca0: Image Version: 6.1 18b4.ca0: SizeOfImage: 0x6a000 (434176) 18b4.ca0: Resource Dir: 0x68000 LB 0x530 18b4.ca0: ProductName: Microsoft® Windows® Operating System 18b4.ca0: ProductVersion: 6.1.7601.23392 18b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 18b4.ca0: FileDescription: Windows NT BASE API Client DLL 18b4.ca0: \SystemRoot\System32\apisetschema.dll: 18b4.ca0: CreationTime: 2016-04-21T17:32:25.602853000Z 18b4.ca0: LastWriteTime: 2016-03-17T22:50:11.213000000Z 18b4.ca0: ChangeTime: 2016-04-21T22:37:54.993986300Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x1a00 18b4.ca0: NT Headers: 0xc0 18b4.ca0: Timestamp: 0x56eb34e9 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x56eb34e9 18b4.ca0: Image Version: 6.1 18b4.ca0: SizeOfImage: 0x50000 (327680) 18b4.ca0: Resource Dir: 0x30000 LB 0x3f8 18b4.ca0: ProductName: Microsoft® Windows® Operating System 18b4.ca0: ProductVersion: 6.1.7601.23392 18b4.ca0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 18b4.ca0: FileDescription: ApiSet Schema DLL 18b4.ca0: Found driver mfewfpk (0x20) 18b4.ca0: Found driver mfehidk (0x20) 18b4.ca0: Found driver mfeavfk (0x20) 18b4.ca0: Found driver mfefirek (0x20) 18b4.ca0: supR3HardenedWinFindAdversaries: 0x20 18b4.ca0: \SystemRoot\System32\drivers\mfeapfk.sys: 18b4.ca0: CreationTime: 2016-01-08T19:13:20.657537600Z 18b4.ca0: LastWriteTime: 2013-12-17T16:25:26.000000000Z 18b4.ca0: ChangeTime: 2016-01-08T19:13:11.359937600Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x2c030 18b4.ca0: NT Headers: 0xe8 18b4.ca0: Timestamp: 0x52ab7fef 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x52ab7fef 18b4.ca0: Image Version: 0.0 18b4.ca0: SizeOfImage: 0x29d00 (171264) 18b4.ca0: Resource Dir: 0x29500 LB 0x340 18b4.ca0: ProductName: SYSCORE 18b4.ca0: FileVersion: SYSCORE.15.1.0.656 18b4.ca0: PrivateBuild: SYSCORE.15.1.0.656 F16 18b4.ca0: FileDescription: Access Protection Filter Driver 18b4.ca0: \SystemRoot\System32\drivers\mfeavfk.sys: 18b4.ca0: CreationTime: 2016-01-08T19:10:52.629137600Z 18b4.ca0: LastWriteTime: 2016-01-08T19:10:38.667137600Z 18b4.ca0: ChangeTime: 2016-01-08T19:10:38.667137600Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x54e98 18b4.ca0: NT Headers: 0xf8 18b4.ca0: Timestamp: 0x558ddc3c 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x558ddc3c 18b4.ca0: Image Version: 0.0 18b4.ca0: SizeOfImage: 0x50580 (329088) 18b4.ca0: Resource Dir: 0x4f700 LB 0x758 18b4.ca0: ProductName: SYSCORE 18b4.ca0: ProductVersion: 15.4.0.674 18b4.ca0: FileVersion: SYSCORE.15.4.0.674 18b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 18b4.ca0: FileDescription: Anti-Virus File System Filter Driver 18b4.ca0: \SystemRoot\System32\drivers\mfefirek.sys: 18b4.ca0: CreationTime: 2016-01-08T19:11:02.566337600Z 18b4.ca0: LastWriteTime: 2016-01-08T19:10:39.197537600Z 18b4.ca0: ChangeTime: 2016-01-08T19:10:39.197537600Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x794f8 18b4.ca0: NT Headers: 0xe8 18b4.ca0: Timestamp: 0x558ddc7b 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x558ddc7b 18b4.ca0: Image Version: 0.0 18b4.ca0: SizeOfImage: 0x74880 (477312) 18b4.ca0: Resource Dir: 0x72000 LB 0x388 18b4.ca0: ProductName: SYSCORE 18b4.ca0: ProductVersion: 15.4.0.674 18b4.ca0: FileVersion: SYSCORE.15.4.0.674 18b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 18b4.ca0: FileDescription: McAfee Core Firewall Engine Driver 18b4.ca0: \SystemRoot\System32\drivers\mfehidk.sys: 18b4.ca0: CreationTime: 2016-01-08T19:10:51.287537600Z 18b4.ca0: LastWriteTime: 2016-01-08T19:10:38.823137600Z 18b4.ca0: ChangeTime: 2016-01-08T19:10:38.823137600Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0xd5d98 18b4.ca0: NT Headers: 0x108 18b4.ca0: Timestamp: 0x558ddbf8 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x558ddbf8 18b4.ca0: Image Version: 0.0 18b4.ca0: SizeOfImage: 0xd0880 (854144) 18b4.ca0: Resource Dir: 0xcd980 LB 0x758 18b4.ca0: ProductName: SYSCORE 18b4.ca0: ProductVersion: 15.4.0.674 18b4.ca0: FileVersion: SYSCORE.15.4.0.674 18b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 18b4.ca0: FileDescription: McAfee Link Driver 18b4.ca0: \SystemRoot\System32\drivers\mfewfpk.sys: 18b4.ca0: CreationTime: 2016-01-08T19:10:46.950737600Z 18b4.ca0: LastWriteTime: 2016-01-08T19:10:38.947937600Z 18b4.ca0: ChangeTime: 2016-01-08T19:10:38.947937600Z 18b4.ca0: FileAttributes: 0x20 18b4.ca0: Size: 0x54280 18b4.ca0: NT Headers: 0x100 18b4.ca0: Timestamp: 0x558ddc06 18b4.ca0: Machine: 0x8664 - amd64 18b4.ca0: Timestamp: 0x558ddc06 18b4.ca0: Image Version: 0.0 18b4.ca0: SizeOfImage: 0x4f980 (326016) 18b4.ca0: Resource Dir: 0x4ef00 LB 0x380 18b4.ca0: ProductName: SYSCORE 18b4.ca0: ProductVersion: 15.4.0.674 18b4.ca0: FileVersion: SYSCORE.15.4.0.674 18b4.ca0: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 18b4.ca0: FileDescription: Anti-Virus Mini-Firewall Driver 18b4.ca0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 18b4.ca0: Calling main() 18b4.ca0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 18b4.ca0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 18b4.ca0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 18b4.ca0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 18b4.ca0: SUPR3HardenedMain: Respawn #2 18b4.ca0: supR3HardNtEnableThreadCreation: 18b4.ca0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 18b4.ca0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 18b4.ca0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 18b4.ca0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 18b4.ca0: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0] 18b4.ca0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 18b4.ca0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6b0000 'C:\windows\system32\apphelp.dll' 18b4.ca0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060 18b4.ca0: supR3HardenedWinDoReSpawn(2): New child da4.2090 [kernel32]. 18b4.ca0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380 18b4.ca0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000 18b4.ca0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b5a0e0 18b4.ca0: supR3HardenedWinSetupChildInit: Start child. 18b4.ca0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 18b4.ca0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps 18b4.ca0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 18b4.ca0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 18b4.ca0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 18b4.ca0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 18b4.ca0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 18b4.ca0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 18b4.ca0: 0000000000041000-ffffffffffee1fff 0x0001/0x0000 0x0000000 18b4.ca0: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000 18b4.ca0: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000 18b4.ca0: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000 18b4.ca0: 00000000002a0000-ffffffff88a0ffff 0x0001/0x0000 0x0000000 18b4.ca0: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077b31000-0000000077c2dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077c2e000-0000000077c5cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077c5d000-0000000077c66fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077c67000-0000000077c67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077c68000-0000000077c6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077c6b000-0000000077cd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 18b4.ca0: 0000000077cda000-00000000709d3fff 0x0001/0x0000 0x0000000 18b4.ca0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 18b4.ca0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 18b4.ca0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 18b4.ca0: 000000007fff0000-ffffffffc000ffff 0x0001/0x0000 0x0000000 18b4.ca0: *000000013ffd0000-000000013ffd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 000000013ffd1000-0000000140040fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140041000-0000000140041fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140042000-0000000140086fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140087000-0000000140087fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140088000-0000000140088fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140089000-000000014008dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 000000014008e000-000000014008efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 000000014008f000-000000014008ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140090000-0000000140093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 0000000140094000-00000001400dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 18b4.ca0: 00000001400dc000-fffff80380367fff 0x0001/0x0000 0x0000000 18b4.ca0: *000007feffe50000-000007feffe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 18b4.ca0: 000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000 18b4.ca0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 18b4.ca0: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 18b4.ca0: *000007fffffdd000-000007fffffdbfff 0x0004/0x0004 0x0020000 18b4.ca0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 18b4.ca0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 18b4.ca0: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS) 18b4.ca0: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS) 18b4.ca0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 18b4.ca0: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 18b4.ca0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 18b4.ca0: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0). 18b4.ca0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000) 18b4.ca0: supR3HardNtEnableThreadCreation: da4.2090: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 da4.2090: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100 da4.2090: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS) da4.2090: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1744896 allocation) da4.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' da4.2090: System32: \Device\HarddiskVolume1\Windows\System32 da4.2090: WinSxS: \Device\HarddiskVolume1\Windows\winsxs da4.2090: KnownDllPath: C:\windows\system32 da4.2090: supR3HardenedVmProcessInit: Opening vboxdrv... da4.2090: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... da4.2090: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... da4.2090: Registered Dll notification callback with NTDLL. da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0] da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\windows\system32\kernel32.dll' da4.2090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5a0e0 pvNtTerminateThread=0000000077b7c060 18b4.ca0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms. da4.2090: \SystemRoot\System32\ntdll.dll: da4.2090: CreationTime: 2016-04-21T17:32:22.763270800Z da4.2090: LastWriteTime: 2016-03-17T23:01:02.536172600Z da4.2090: ChangeTime: 2016-04-21T22:37:55.149991300Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x1a7100 da4.2090: NT Headers: 0xe0 da4.2090: Timestamp: 0x56eb3625 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x56eb3625 da4.2090: Image Version: 6.1 da4.2090: SizeOfImage: 0x1aa000 (1744896) da4.2090: Resource Dir: 0x14e000 LB 0x5a028 da4.2090: ProductName: Microsoft® Windows® Operating System da4.2090: ProductVersion: 6.1.7601.23392 da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) da4.2090: FileDescription: NT Layer DLL da4.2090: \SystemRoot\System32\kernel32.dll: da4.2090: CreationTime: 2016-04-21T17:32:23.137721200Z da4.2090: LastWriteTime: 2016-03-17T22:53:15.811000000Z da4.2090: ChangeTime: 2016-04-21T22:37:55.586805300Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x11c000 da4.2090: NT Headers: 0xe0 da4.2090: Timestamp: 0x56eb3603 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x56eb3603 da4.2090: Image Version: 6.1 da4.2090: SizeOfImage: 0x11f000 (1175552) da4.2090: Resource Dir: 0x116000 LB 0x528 da4.2090: ProductName: Microsoft® Windows® Operating System da4.2090: ProductVersion: 6.1.7601.23392 da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) da4.2090: FileDescription: Windows NT BASE API Client DLL da4.2090: \SystemRoot\System32\KernelBase.dll: da4.2090: CreationTime: 2016-04-21T17:32:24.183061900Z da4.2090: LastWriteTime: 2016-03-17T22:53:15.858000000Z da4.2090: ChangeTime: 2016-04-21T22:37:55.602405800Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x66800 da4.2090: NT Headers: 0xe8 da4.2090: Timestamp: 0x56eb3604 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x56eb3604 da4.2090: Image Version: 6.1 da4.2090: SizeOfImage: 0x6a000 (434176) da4.2090: Resource Dir: 0x68000 LB 0x530 da4.2090: ProductName: Microsoft® Windows® Operating System da4.2090: ProductVersion: 6.1.7601.23392 da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) da4.2090: FileDescription: Windows NT BASE API Client DLL da4.2090: \SystemRoot\System32\apisetschema.dll: da4.2090: CreationTime: 2016-04-21T17:32:25.602853000Z da4.2090: LastWriteTime: 2016-03-17T22:50:11.213000000Z da4.2090: ChangeTime: 2016-04-21T22:37:54.993986300Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x1a00 da4.2090: NT Headers: 0xc0 da4.2090: Timestamp: 0x56eb34e9 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x56eb34e9 da4.2090: Image Version: 6.1 da4.2090: SizeOfImage: 0x50000 (327680) da4.2090: Resource Dir: 0x30000 LB 0x3f8 da4.2090: ProductName: Microsoft® Windows® Operating System da4.2090: ProductVersion: 6.1.7601.23392 da4.2090: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) da4.2090: FileDescription: ApiSet Schema DLL da4.2090: Found driver mfewfpk (0x20) da4.2090: Found driver mfehidk (0x20) da4.2090: Found driver mfeavfk (0x20) da4.2090: Found driver mfefirek (0x20) da4.2090: supR3HardenedWinFindAdversaries: 0x20 da4.2090: \SystemRoot\System32\drivers\mfeapfk.sys: da4.2090: CreationTime: 2016-01-08T19:13:20.657537600Z da4.2090: LastWriteTime: 2013-12-17T16:25:26.000000000Z da4.2090: ChangeTime: 2016-01-08T19:13:11.359937600Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x2c030 da4.2090: NT Headers: 0xe8 da4.2090: Timestamp: 0x52ab7fef da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x52ab7fef da4.2090: Image Version: 0.0 da4.2090: SizeOfImage: 0x29d00 (171264) da4.2090: Resource Dir: 0x29500 LB 0x340 da4.2090: ProductName: SYSCORE da4.2090: FileVersion: SYSCORE.15.1.0.656 da4.2090: PrivateBuild: SYSCORE.15.1.0.656 F16 da4.2090: FileDescription: Access Protection Filter Driver da4.2090: \SystemRoot\System32\drivers\mfeavfk.sys: da4.2090: CreationTime: 2016-01-08T19:10:52.629137600Z da4.2090: LastWriteTime: 2016-01-08T19:10:38.667137600Z da4.2090: ChangeTime: 2016-01-08T19:10:38.667137600Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x54e98 da4.2090: NT Headers: 0xf8 da4.2090: Timestamp: 0x558ddc3c da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x558ddc3c da4.2090: Image Version: 0.0 da4.2090: SizeOfImage: 0x50580 (329088) da4.2090: Resource Dir: 0x4f700 LB 0x758 da4.2090: ProductName: SYSCORE da4.2090: ProductVersion: 15.4.0.674 da4.2090: FileVersion: SYSCORE.15.4.0.674 da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19 da4.2090: FileDescription: Anti-Virus File System Filter Driver da4.2090: \SystemRoot\System32\drivers\mfefirek.sys: da4.2090: CreationTime: 2016-01-08T19:11:02.566337600Z da4.2090: LastWriteTime: 2016-01-08T19:10:39.197537600Z da4.2090: ChangeTime: 2016-01-08T19:10:39.197537600Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x794f8 da4.2090: NT Headers: 0xe8 da4.2090: Timestamp: 0x558ddc7b da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x558ddc7b da4.2090: Image Version: 0.0 da4.2090: SizeOfImage: 0x74880 (477312) da4.2090: Resource Dir: 0x72000 LB 0x388 da4.2090: ProductName: SYSCORE da4.2090: ProductVersion: 15.4.0.674 da4.2090: FileVersion: SYSCORE.15.4.0.674 da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 da4.2090: FileDescription: McAfee Core Firewall Engine Driver da4.2090: \SystemRoot\System32\drivers\mfehidk.sys: da4.2090: CreationTime: 2016-01-08T19:10:51.287537600Z da4.2090: LastWriteTime: 2016-01-08T19:10:38.823137600Z da4.2090: ChangeTime: 2016-01-08T19:10:38.823137600Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0xd5d98 da4.2090: NT Headers: 0x108 da4.2090: Timestamp: 0x558ddbf8 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x558ddbf8 da4.2090: Image Version: 0.0 da4.2090: SizeOfImage: 0xd0880 (854144) da4.2090: Resource Dir: 0xcd980 LB 0x758 da4.2090: ProductName: SYSCORE da4.2090: ProductVersion: 15.4.0.674 da4.2090: FileVersion: SYSCORE.15.4.0.674 da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20 da4.2090: FileDescription: McAfee Link Driver da4.2090: \SystemRoot\System32\drivers\mfewfpk.sys: da4.2090: CreationTime: 2016-01-08T19:10:46.950737600Z da4.2090: LastWriteTime: 2016-01-08T19:10:38.947937600Z da4.2090: ChangeTime: 2016-01-08T19:10:38.947937600Z da4.2090: FileAttributes: 0x20 da4.2090: Size: 0x54280 da4.2090: NT Headers: 0x100 da4.2090: Timestamp: 0x558ddc06 da4.2090: Machine: 0x8664 - amd64 da4.2090: Timestamp: 0x558ddc06 da4.2090: Image Version: 0.0 da4.2090: SizeOfImage: 0x4f980 (326016) da4.2090: Resource Dir: 0x4ef00 LB 0x380 da4.2090: ProductName: SYSCORE da4.2090: ProductVersion: 15.4.0.674 da4.2090: FileVersion: SYSCORE.15.4.0.674 da4.2090: PrivateBuild: SYSCORE.15.4.0.674 F17,F18 da4.2090: FileDescription: Anti-Virus Mini-Firewall Driver da4.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' da4.2090: Calling main() da4.2090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 da4.2090: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' da4.2090: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) da4.2090: SUPR3HardenedMain: Final process, opening VBoxDrv... da4.2090: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000) da4.2090: supR3HardNtEnableThreadCreation: da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b8e1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefab40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299061: [calling] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299061: [calling] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6f1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007feff5f0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefdac0000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd8c0000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007feff690000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\windows\system32\Wintrust.dll' da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6f1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\windows\system32\bcrypt.dll' da4.2090: bcrypt.dll loaded at 000007fefd240000, BCryptOpenAlgorithmProvider at 000007fefd242640, preloading providers: da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d6e1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007feff510000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll da4.2090: supR3HardenedDllNotificationCallback: load 000007fefdf10000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccf0000 'C:\windows\system32\bcryptprimitives.dll' da4.2090: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008fbda0) da4.2090: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008fdc60) da4.2090: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008fdd80) da4.2090: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008fdf90) da4.2090: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008fe0b0) da4.2090: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008fe1d0) da4.2090: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008fe410) da4.2090: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008fe530) da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d241: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\windows\system32\CRYPTSP.dll' da4.2090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2090: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d1d1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\rsaenh.dll' da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ca61: [calling] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff510000 'C:\windows\system32\ADVAPI32.dll' da4.2090: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) da4.2090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll da4.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cde1: [calling] da4.2090: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0] da4.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] da4.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\windows\system32\CRYPTBASE.dll' da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcp90.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr90.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. da4.2088: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. da4.2088: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll) da4.2088: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... da4.2088: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] da4.2088: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] da4.2088: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] da4.2088: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x0001f000 C:\windows\system32\privman64.dll [fFlags=0x0] da4.2088: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust] 18b4.ca0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 390 ms, the end); 528.a00: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 951 ms, the end);