Ticket #15087: VBoxHardening.log

File VBoxHardening.log, 84.9 KB (added by zadarum, 9 years ago)

Line
1	37a0.3ff8: Log file opened: 5.0.14r105127 g_hStartupLog=00000000000000ac g_uNtVerCombined=0x611db110
2	37a0.3ff8: \SystemRoot\System32\ntdll.dll:
3	37a0.3ff8: CreationTime: 2016-01-05T15:15:33.635876900Z
4	37a0.3ff8: LastWriteTime: 2015-10-20T01:09:05.164170200Z
5	37a0.3ff8: ChangeTime: 2016-01-05T23:14:24.453534400Z
6	37a0.3ff8: FileAttributes: 0x20
7	37a0.3ff8: Size: 0x1a67c0
8	37a0.3ff8: NT Headers: 0xe0
9	37a0.3ff8: Timestamp: 0x56259295
10	37a0.3ff8: Machine: 0x8664 - amd64
11	37a0.3ff8: Timestamp: 0x56259295
12	37a0.3ff8: Image Version: 6.1
13	37a0.3ff8: SizeOfImage: 0x1a9000 (1740800)
14	37a0.3ff8: Resource Dir: 0x14d000 LB 0x5a028
15	37a0.3ff8: ProductName: Microsoft® Windows® Operating System
16	37a0.3ff8: ProductVersion: 6.1.7601.19045
17	37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
18	37a0.3ff8: FileDescription: NT Layer DLL
19	37a0.3ff8: \SystemRoot\System32\kernel32.dll:
20	37a0.3ff8: CreationTime: 2016-01-05T15:15:33.089890900Z
21	37a0.3ff8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
22	37a0.3ff8: ChangeTime: 2016-01-05T23:14:25.077514400Z
23	37a0.3ff8: FileAttributes: 0x20
24	37a0.3ff8: Size: 0x11c600
25	37a0.3ff8: NT Headers: 0xe8
26	37a0.3ff8: Timestamp: 0x56259270
27	37a0.3ff8: Machine: 0x8664 - amd64
28	37a0.3ff8: Timestamp: 0x56259270
29	37a0.3ff8: Image Version: 6.1
30	37a0.3ff8: SizeOfImage: 0x120000 (1179648)
31	37a0.3ff8: Resource Dir: 0x117000 LB 0x528
32	37a0.3ff8: ProductName: Microsoft® Windows® Operating System
33	37a0.3ff8: ProductVersion: 6.1.7601.19045
34	37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
35	37a0.3ff8: FileDescription: Windows NT BASE API Client DLL
36	37a0.3ff8: \SystemRoot\System32\KernelBase.dll:
37	37a0.3ff8: CreationTime: 2016-01-05T15:15:36.615400500Z
38	37a0.3ff8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
39	37a0.3ff8: ChangeTime: 2016-01-05T23:14:25.093113900Z
40	37a0.3ff8: FileAttributes: 0x20
41	37a0.3ff8: Size: 0x67c00
42	37a0.3ff8: NT Headers: 0xe8
43	37a0.3ff8: Timestamp: 0x56259271
44	37a0.3ff8: Machine: 0x8664 - amd64
45	37a0.3ff8: Timestamp: 0x56259271
46	37a0.3ff8: Image Version: 6.1
47	37a0.3ff8: SizeOfImage: 0x6c000 (442368)
48	37a0.3ff8: Resource Dir: 0x6a000 LB 0x530
49	37a0.3ff8: ProductName: Microsoft® Windows® Operating System
50	37a0.3ff8: ProductVersion: 6.1.7601.19045
51	37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
52	37a0.3ff8: FileDescription: Windows NT BASE API Client DLL
53	37a0.3ff8: \SystemRoot\System32\apisetschema.dll:
54	37a0.3ff8: CreationTime: 2016-01-05T15:15:41.841266500Z
55	37a0.3ff8: LastWriteTime: 2015-10-20T00:53:47.280000000Z
56	37a0.3ff8: ChangeTime: 2016-01-05T23:14:24.079146400Z
57	37a0.3ff8: FileAttributes: 0x20
58	37a0.3ff8: Size: 0x1a00
59	37a0.3ff8: NT Headers: 0xc0
60	37a0.3ff8: Timestamp: 0x562590e2
61	37a0.3ff8: Machine: 0x8664 - amd64
62	37a0.3ff8: Timestamp: 0x562590e2
63	37a0.3ff8: Image Version: 6.1
64	37a0.3ff8: SizeOfImage: 0x50000 (327680)
65	37a0.3ff8: Resource Dir: 0x30000 LB 0x3f8
66	37a0.3ff8: ProductName: Microsoft® Windows® Operating System
67	37a0.3ff8: ProductVersion: 6.1.7601.19045
68	37a0.3ff8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
69	37a0.3ff8: FileDescription: ApiSet Schema DLL
70	37a0.3ff8: Found driver mfewfpk (0x20)
71	37a0.3ff8: Found driver mfehidk (0x20)
72	37a0.3ff8: Found driver mfeavfk (0x20)
73	37a0.3ff8: Found driver mfefirek (0x20)
74	37a0.3ff8: supR3HardenedWinFindAdversaries: 0x20
75	37a0.3ff8: \SystemRoot\System32\drivers\mfeapfk.sys:
76	37a0.3ff8: CreationTime: 2014-08-27T13:53:23.447070100Z
77	37a0.3ff8: LastWriteTime: 2014-08-27T13:53:11.606254300Z
78	37a0.3ff8: ChangeTime: 2015-08-26T11:18:34.144626700Z
79	37a0.3ff8: FileAttributes: 0x20
80	37a0.3ff8: Size: 0x2c030
81	37a0.3ff8: NT Headers: 0xe8
82	37a0.3ff8: Timestamp: 0x52ab7fef
83	37a0.3ff8: Machine: 0x8664 - amd64
84	37a0.3ff8: Timestamp: 0x52ab7fef
85	37a0.3ff8: Image Version: 0.0
86	37a0.3ff8: SizeOfImage: 0x29d00 (171264)
87	37a0.3ff8: Resource Dir: 0x29500 LB 0x340
88	37a0.3ff8: ProductName: SYSCORE
89	37a0.3ff8: FileVersion: SYSCORE.15.1.0.656
90	37a0.3ff8: PrivateBuild: SYSCORE.15.1.0.656 F16
91	37a0.3ff8: FileDescription: Access Protection Filter Driver
92	37a0.3ff8: \SystemRoot\System32\drivers\mfeavfk.sys:
93	37a0.3ff8: CreationTime: 2014-08-27T13:53:23.326082200Z
94	37a0.3ff8: LastWriteTime: 2015-10-22T18:41:49.066172200Z
95	37a0.3ff8: ChangeTime: 2015-10-22T18:41:59.236070500Z
96	37a0.3ff8: FileAttributes: 0x20
97	37a0.3ff8: Size: 0x54e98
98	37a0.3ff8: NT Headers: 0xf8
99	37a0.3ff8: Timestamp: 0x558ddc3c
100	37a0.3ff8: Machine: 0x8664 - amd64
101	37a0.3ff8: Timestamp: 0x558ddc3c
102	37a0.3ff8: Image Version: 0.0
103	37a0.3ff8: SizeOfImage: 0x50580 (329088)
104	37a0.3ff8: Resource Dir: 0x4f700 LB 0x758
105	37a0.3ff8: ProductName: SYSCORE
106	37a0.3ff8: ProductVersion: 15.4.0.674
107	37a0.3ff8: FileVersion: SYSCORE.15.4.0.674
108	37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
109	37a0.3ff8: FileDescription: Anti-Virus File System Filter Driver
110	37a0.3ff8: \SystemRoot\System32\drivers\mfefirek.sys:
111	37a0.3ff8: CreationTime: 2015-10-26T20:59:00.916917600Z
112	37a0.3ff8: LastWriteTime: 2015-10-26T20:57:28.083102900Z
113	37a0.3ff8: ChangeTime: 2015-10-26T20:57:28.083102900Z
114	37a0.3ff8: FileAttributes: 0x20
115	37a0.3ff8: Size: 0x794f8
116	37a0.3ff8: NT Headers: 0xe8
117	37a0.3ff8: Timestamp: 0x558ddc7b
118	37a0.3ff8: Machine: 0x8664 - amd64
119	37a0.3ff8: Timestamp: 0x558ddc7b
120	37a0.3ff8: Image Version: 0.0
121	37a0.3ff8: SizeOfImage: 0x74880 (477312)
122	37a0.3ff8: Resource Dir: 0x72000 LB 0x388
123	37a0.3ff8: ProductName: SYSCORE
124	37a0.3ff8: ProductVersion: 15.4.0.674
125	37a0.3ff8: FileVersion: SYSCORE.15.4.0.674
126	37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
127	37a0.3ff8: FileDescription: McAfee Core Firewall Engine Driver
128	37a0.3ff8: \SystemRoot\System32\drivers\mfehidk.sys:
129	37a0.3ff8: CreationTime: 2014-08-27T13:53:22.847130100Z
130	37a0.3ff8: LastWriteTime: 2015-10-22T18:41:49.016172700Z
131	37a0.3ff8: ChangeTime: 2015-10-22T18:41:49.016172700Z
132	37a0.3ff8: FileAttributes: 0x20
133	37a0.3ff8: Size: 0xd5d98
134	37a0.3ff8: NT Headers: 0x108
135	37a0.3ff8: Timestamp: 0x558ddbf8
136	37a0.3ff8: Machine: 0x8664 - amd64
137	37a0.3ff8: Timestamp: 0x558ddbf8
138	37a0.3ff8: Image Version: 0.0
139	37a0.3ff8: SizeOfImage: 0xd0880 (854144)
140	37a0.3ff8: Resource Dir: 0xcd980 LB 0x758
141	37a0.3ff8: ProductName: SYSCORE
142	37a0.3ff8: ProductVersion: 15.4.0.674
143	37a0.3ff8: FileVersion: SYSCORE.15.4.0.674
144	37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
145	37a0.3ff8: FileDescription: McAfee Link Driver
146	37a0.3ff8: \SystemRoot\System32\drivers\mfewfpk.sys:
147	37a0.3ff8: CreationTime: 2014-08-27T13:53:16.103804500Z
148	37a0.3ff8: LastWriteTime: 2015-10-26T20:57:27.817908000Z
149	37a0.3ff8: ChangeTime: 2015-10-26T20:57:27.817908000Z
150	37a0.3ff8: FileAttributes: 0x20
151	37a0.3ff8: Size: 0x54280
152	37a0.3ff8: NT Headers: 0x100
153	37a0.3ff8: Timestamp: 0x558ddc06
154	37a0.3ff8: Machine: 0x8664 - amd64
155	37a0.3ff8: Timestamp: 0x558ddc06
156	37a0.3ff8: Image Version: 0.0
157	37a0.3ff8: SizeOfImage: 0x4f980 (326016)
158	37a0.3ff8: Resource Dir: 0x4ef00 LB 0x380
159	37a0.3ff8: ProductName: SYSCORE
160	37a0.3ff8: ProductVersion: 15.4.0.674
161	37a0.3ff8: FileVersion: SYSCORE.15.4.0.674
162	37a0.3ff8: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
163	37a0.3ff8: FileDescription: Anti-Virus Mini-Firewall Driver
164	37a0.3ff8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
165	37a0.3ff8: Calling main()
166	37a0.3ff8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
167	37a0.3ff8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
168	37a0.3ff8: SUPR3HardenedMain: Respawn #1
169	37a0.3ff8: System32: \Device\HarddiskVolume1\Windows\System32
170	37a0.3ff8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
171	37a0.3ff8: KnownDllPath: C:\Windows\system32
172	37a0.3ff8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
173	37a0.3ff8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
174	37a0.3ff8: supR3HardNtEnableThreadCreation:
175	37a0.3ff8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0
176	37a0.3ff8: supR3HardenedWinDoReSpawn(1): New child 3304.3124 [kernel32].
177	37a0.3ff8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
178	37a0.3ff8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cb0000 uNtDllChildAddr=0000000076cb0000
179	37a0.3ff8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cdb630
180	37a0.3ff8: supR3HardenedWinSetupChildInit: Start child.
181	37a0.3ff8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
182	37a0.3ff8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
183	37a0.3ff8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
184	37a0.3ff8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
185	37a0.3ff8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
186	37a0.3ff8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
187	37a0.3ff8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
188	37a0.3ff8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
189	37a0.3ff8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
190	37a0.3ff8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
191	37a0.3ff8: 0000000000051000-ffffffffffea1fff 0x0001/0x0000 0x0000000
192	37a0.3ff8: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
193	37a0.3ff8: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000
194	37a0.3ff8: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000
195	37a0.3ff8: 0000000000300000-ffffffff8994ffff 0x0001/0x0000 0x0000000
196	37a0.3ff8: *0000000076cb0000-0000000076cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
197	37a0.3ff8: 0000000076cb1000-0000000076daefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
198	37a0.3ff8: 0000000076daf000-0000000076dddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
199	37a0.3ff8: 0000000076dde000-0000000076de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
200	37a0.3ff8: 0000000076de6000-0000000076de6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
201	37a0.3ff8: 0000000076de7000-0000000076de9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
202	37a0.3ff8: 0000000076dea000-0000000076e58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
203	37a0.3ff8: 0000000076e59000-000000006ecd1fff 0x0001/0x0000 0x0000000
204	37a0.3ff8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
205	37a0.3ff8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
206	37a0.3ff8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
207	37a0.3ff8: 000000007fff0000-ffffffffc077ffff 0x0001/0x0000 0x0000000
208	37a0.3ff8: *000000013f860000-000000013f860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
209	37a0.3ff8: 000000013f861000-000000013f8e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
210	37a0.3ff8: 000000013f8e8000-000000013f8e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
211	37a0.3ff8: 000000013f8e9000-000000013f933fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
212	37a0.3ff8: 000000013f934000-000000013f934fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
213	37a0.3ff8: 000000013f935000-000000013f935fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
214	37a0.3ff8: 000000013f936000-000000013f93afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
215	37a0.3ff8: 000000013f93b000-000000013f93bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
216	37a0.3ff8: 000000013f93c000-000000013f93cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
217	37a0.3ff8: 000000013f93d000-000000013f940fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
218	37a0.3ff8: 000000013f941000-000000013f98bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
219	37a0.3ff8: 000000013f98c000-fffff80380347fff 0x0001/0x0000 0x0000000
220	37a0.3ff8: *000007fefefd0000-000007fefefd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
221	37a0.3ff8: 000007fefefd1000-000007fdfdff1fff 0x0001/0x0000 0x0000000
222	37a0.3ff8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
223	37a0.3ff8: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
224	37a0.3ff8: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
225	37a0.3ff8: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
226	37a0.3ff8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
227	37a0.3ff8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
228	37a0.3ff8: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
229	37a0.3ff8: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
230	37a0.3ff8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
231	37a0.3ff8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
232	37a0.3ff8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
233	37a0.3ff8: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
234	37a0.3ff8: supR3HardNtEnableThreadCreation:
235	3304.3124: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
236	3304.3124: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cb0000
237	3304.3124: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
238	3304.3124: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation)
239	3304.3124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
240	3304.3124: System32: \Device\HarddiskVolume1\Windows\System32
241	3304.3124: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
242	3304.3124: KnownDllPath: C:\Windows\system32
243	3304.3124: supR3HardenedVmProcessInit: Opening vboxdrv stub...
244	3304.3124: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
245	3304.3124: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
246	3304.3124: Registered Dll notification callback with NTDLL.
247	3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
248	3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
249	3304.3124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
250	3304.3124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
251	3304.3124: supR3HardenedDllNotificationCallback: load 0000000076b90000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
252	3304.3124: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
253	3304.3124: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
254	3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
255	3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
256	3304.3124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b90000 'C:\Windows\system32\kernel32.dll'
257	3304.3124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0
258	37a0.3ff8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 26 ms.
259	3304.3124: \SystemRoot\System32\ntdll.dll:
260	3304.3124: CreationTime: 2016-01-05T15:15:33.635876900Z
261	3304.3124: LastWriteTime: 2015-10-20T01:09:05.164170200Z
262	3304.3124: ChangeTime: 2016-01-05T23:14:24.453534400Z
263	3304.3124: FileAttributes: 0x20
264	3304.3124: Size: 0x1a67c0
265	3304.3124: NT Headers: 0xe0
266	3304.3124: Timestamp: 0x56259295
267	3304.3124: Machine: 0x8664 - amd64
268	3304.3124: Timestamp: 0x56259295
269	3304.3124: Image Version: 6.1
270	3304.3124: SizeOfImage: 0x1a9000 (1740800)
271	3304.3124: Resource Dir: 0x14d000 LB 0x5a028
272	3304.3124: ProductName: Microsoft® Windows® Operating System
273	3304.3124: ProductVersion: 6.1.7601.19045
274	3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
275	3304.3124: FileDescription: NT Layer DLL
276	3304.3124: \SystemRoot\System32\kernel32.dll:
277	3304.3124: CreationTime: 2016-01-05T15:15:33.089890900Z
278	3304.3124: LastWriteTime: 2015-10-20T01:05:40.819000000Z
279	3304.3124: ChangeTime: 2016-01-05T23:14:25.077514400Z
280	3304.3124: FileAttributes: 0x20
281	3304.3124: Size: 0x11c600
282	3304.3124: NT Headers: 0xe8
283	3304.3124: Timestamp: 0x56259270
284	3304.3124: Machine: 0x8664 - amd64
285	3304.3124: Timestamp: 0x56259270
286	3304.3124: Image Version: 6.1
287	3304.3124: SizeOfImage: 0x120000 (1179648)
288	3304.3124: Resource Dir: 0x117000 LB 0x528
289	3304.3124: ProductName: Microsoft® Windows® Operating System
290	3304.3124: ProductVersion: 6.1.7601.19045
291	3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
292	3304.3124: FileDescription: Windows NT BASE API Client DLL
293	3304.3124: \SystemRoot\System32\KernelBase.dll:
294	3304.3124: CreationTime: 2016-01-05T15:15:36.615400500Z
295	3304.3124: LastWriteTime: 2015-10-20T01:05:40.819000000Z
296	3304.3124: ChangeTime: 2016-01-05T23:14:25.093113900Z
297	3304.3124: FileAttributes: 0x20
298	3304.3124: Size: 0x67c00
299	3304.3124: NT Headers: 0xe8
300	3304.3124: Timestamp: 0x56259271
301	3304.3124: Machine: 0x8664 - amd64
302	3304.3124: Timestamp: 0x56259271
303	3304.3124: Image Version: 6.1
304	3304.3124: SizeOfImage: 0x6c000 (442368)
305	3304.3124: Resource Dir: 0x6a000 LB 0x530
306	3304.3124: ProductName: Microsoft® Windows® Operating System
307	3304.3124: ProductVersion: 6.1.7601.19045
308	3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
309	3304.3124: FileDescription: Windows NT BASE API Client DLL
310	3304.3124: \SystemRoot\System32\apisetschema.dll:
311	3304.3124: CreationTime: 2016-01-05T15:15:41.841266500Z
312	3304.3124: LastWriteTime: 2015-10-20T00:53:47.280000000Z
313	3304.3124: ChangeTime: 2016-01-05T23:14:24.079146400Z
314	3304.3124: FileAttributes: 0x20
315	3304.3124: Size: 0x1a00
316	3304.3124: NT Headers: 0xc0
317	3304.3124: Timestamp: 0x562590e2
318	3304.3124: Machine: 0x8664 - amd64
319	3304.3124: Timestamp: 0x562590e2
320	3304.3124: Image Version: 6.1
321	3304.3124: SizeOfImage: 0x50000 (327680)
322	3304.3124: Resource Dir: 0x30000 LB 0x3f8
323	3304.3124: ProductName: Microsoft® Windows® Operating System
324	3304.3124: ProductVersion: 6.1.7601.19045
325	3304.3124: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
326	3304.3124: FileDescription: ApiSet Schema DLL
327	3304.3124: Found driver mfewfpk (0x20)
328	3304.3124: Found driver mfehidk (0x20)
329	3304.3124: Found driver mfeavfk (0x20)
330	3304.3124: Found driver mfefirek (0x20)
331	3304.3124: supR3HardenedWinFindAdversaries: 0x20
332	3304.3124: \SystemRoot\System32\drivers\mfeapfk.sys:
333	3304.3124: CreationTime: 2014-08-27T13:53:23.447070100Z
334	3304.3124: LastWriteTime: 2014-08-27T13:53:11.606254300Z
335	3304.3124: ChangeTime: 2015-08-26T11:18:34.144626700Z
336	3304.3124: FileAttributes: 0x20
337	3304.3124: Size: 0x2c030
338	3304.3124: NT Headers: 0xe8
339	3304.3124: Timestamp: 0x52ab7fef
340	3304.3124: Machine: 0x8664 - amd64
341	3304.3124: Timestamp: 0x52ab7fef
342	3304.3124: Image Version: 0.0
343	3304.3124: SizeOfImage: 0x29d00 (171264)
344	3304.3124: Resource Dir: 0x29500 LB 0x340
345	3304.3124: ProductName: SYSCORE
346	3304.3124: FileVersion: SYSCORE.15.1.0.656
347	3304.3124: PrivateBuild: SYSCORE.15.1.0.656 F16
348	3304.3124: FileDescription: Access Protection Filter Driver
349	3304.3124: \SystemRoot\System32\drivers\mfeavfk.sys:
350	3304.3124: CreationTime: 2014-08-27T13:53:23.326082200Z
351	3304.3124: LastWriteTime: 2015-10-22T18:41:49.066172200Z
352	3304.3124: ChangeTime: 2015-10-22T18:41:59.236070500Z
353	3304.3124: FileAttributes: 0x20
354	3304.3124: Size: 0x54e98
355	3304.3124: NT Headers: 0xf8
356	3304.3124: Timestamp: 0x558ddc3c
357	3304.3124: Machine: 0x8664 - amd64
358	3304.3124: Timestamp: 0x558ddc3c
359	3304.3124: Image Version: 0.0
360	3304.3124: SizeOfImage: 0x50580 (329088)
361	3304.3124: Resource Dir: 0x4f700 LB 0x758
362	3304.3124: ProductName: SYSCORE
363	3304.3124: ProductVersion: 15.4.0.674
364	3304.3124: FileVersion: SYSCORE.15.4.0.674
365	3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
366	3304.3124: FileDescription: Anti-Virus File System Filter Driver
367	3304.3124: \SystemRoot\System32\drivers\mfefirek.sys:
368	3304.3124: CreationTime: 2015-10-26T20:59:00.916917600Z
369	3304.3124: LastWriteTime: 2015-10-26T20:57:28.083102900Z
370	3304.3124: ChangeTime: 2015-10-26T20:57:28.083102900Z
371	3304.3124: FileAttributes: 0x20
372	3304.3124: Size: 0x794f8
373	3304.3124: NT Headers: 0xe8
374	3304.3124: Timestamp: 0x558ddc7b
375	3304.3124: Machine: 0x8664 - amd64
376	3304.3124: Timestamp: 0x558ddc7b
377	3304.3124: Image Version: 0.0
378	3304.3124: SizeOfImage: 0x74880 (477312)
379	3304.3124: Resource Dir: 0x72000 LB 0x388
380	3304.3124: ProductName: SYSCORE
381	3304.3124: ProductVersion: 15.4.0.674
382	3304.3124: FileVersion: SYSCORE.15.4.0.674
383	3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
384	3304.3124: FileDescription: McAfee Core Firewall Engine Driver
385	3304.3124: \SystemRoot\System32\drivers\mfehidk.sys:
386	3304.3124: CreationTime: 2014-08-27T13:53:22.847130100Z
387	3304.3124: LastWriteTime: 2015-10-22T18:41:49.016172700Z
388	3304.3124: ChangeTime: 2015-10-22T18:41:49.016172700Z
389	3304.3124: FileAttributes: 0x20
390	3304.3124: Size: 0xd5d98
391	3304.3124: NT Headers: 0x108
392	3304.3124: Timestamp: 0x558ddbf8
393	3304.3124: Machine: 0x8664 - amd64
394	3304.3124: Timestamp: 0x558ddbf8
395	3304.3124: Image Version: 0.0
396	3304.3124: SizeOfImage: 0xd0880 (854144)
397	3304.3124: Resource Dir: 0xcd980 LB 0x758
398	3304.3124: ProductName: SYSCORE
399	3304.3124: ProductVersion: 15.4.0.674
400	3304.3124: FileVersion: SYSCORE.15.4.0.674
401	3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
402	3304.3124: FileDescription: McAfee Link Driver
403	3304.3124: \SystemRoot\System32\drivers\mfewfpk.sys:
404	3304.3124: CreationTime: 2014-08-27T13:53:16.103804500Z
405	3304.3124: LastWriteTime: 2015-10-26T20:57:27.817908000Z
406	3304.3124: ChangeTime: 2015-10-26T20:57:27.817908000Z
407	3304.3124: FileAttributes: 0x20
408	3304.3124: Size: 0x54280
409	3304.3124: NT Headers: 0x100
410	3304.3124: Timestamp: 0x558ddc06
411	3304.3124: Machine: 0x8664 - amd64
412	3304.3124: Timestamp: 0x558ddc06
413	3304.3124: Image Version: 0.0
414	3304.3124: SizeOfImage: 0x4f980 (326016)
415	3304.3124: Resource Dir: 0x4ef00 LB 0x380
416	3304.3124: ProductName: SYSCORE
417	3304.3124: ProductVersion: 15.4.0.674
418	3304.3124: FileVersion: SYSCORE.15.4.0.674
419	3304.3124: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
420	3304.3124: FileDescription: Anti-Virus Mini-Firewall Driver
421	3304.3124: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
422	3304.3124: Calling main()
423	3304.3124: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
424	3304.3124: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
425	3304.3124: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
426	3304.3124: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
427	3304.3124: SUPR3HardenedMain: Respawn #2
428	3304.3124: supR3HardNtEnableThreadCreation:
429	3304.3124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
430	3304.3124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
431	3304.3124: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
432	3304.3124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
433	3304.3124: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
434	3304.3124: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
435	3304.3124: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\apphelp.dll'
436	3304.3124: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0
437	3304.3124: supR3HardenedWinDoReSpawn(2): New child 3a60.288c [kernel32].
438	3304.3124: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
439	3304.3124: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cb0000 uNtDllChildAddr=0000000076cb0000
440	3304.3124: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cdb630
441	3304.3124: supR3HardenedWinSetupChildInit: Start child.
442	3304.3124: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
443	3304.3124: supR3HardNtChildPurify: Startup delay kludge #1/0: 525 ms, 53 sleeps
444	3304.3124: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
445	3304.3124: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
446	3304.3124: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
447	3304.3124: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
448	3304.3124: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
449	3304.3124: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
450	3304.3124: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
451	3304.3124: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
452	3304.3124: 0000000000051000-fffffffffffa1fff 0x0001/0x0000 0x0000000
453	3304.3124: *0000000000100000-0000000000003fff 0x0000/0x0004 0x0020000
454	3304.3124: 00000000001fc000-00000000001f8fff 0x0104/0x0004 0x0020000
455	3304.3124: 00000000001ff000-00000000001fdfff 0x0004/0x0004 0x0020000
456	3304.3124: 0000000000200000-ffffffff8974ffff 0x0001/0x0000 0x0000000
457	3304.3124: *0000000076cb0000-0000000076cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
458	3304.3124: 0000000076cb1000-0000000076daefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
459	3304.3124: 0000000076daf000-0000000076dddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
460	3304.3124: 0000000076dde000-0000000076de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
461	3304.3124: 0000000076de6000-0000000076de6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
462	3304.3124: 0000000076de7000-0000000076de9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
463	3304.3124: 0000000076dea000-0000000076e58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
464	3304.3124: 0000000076e59000-000000006ecd1fff 0x0001/0x0000 0x0000000
465	3304.3124: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
466	3304.3124: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
467	3304.3124: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
468	3304.3124: 000000007fff0000-ffffffffc077ffff 0x0001/0x0000 0x0000000
469	3304.3124: *000000013f860000-000000013f860fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
470	3304.3124: 000000013f861000-000000013f8e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
471	3304.3124: 000000013f8e8000-000000013f8e8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
472	3304.3124: 000000013f8e9000-000000013f933fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
473	3304.3124: 000000013f934000-000000013f934fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
474	3304.3124: 000000013f935000-000000013f935fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
475	3304.3124: 000000013f936000-000000013f93afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
476	3304.3124: 000000013f93b000-000000013f93bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
477	3304.3124: 000000013f93c000-000000013f93cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
478	3304.3124: 000000013f93d000-000000013f940fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
479	3304.3124: 000000013f941000-000000013f98bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
480	3304.3124: 000000013f98c000-fffff80380347fff 0x0001/0x0000 0x0000000
481	3304.3124: *000007fefefd0000-000007fefefd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
482	3304.3124: 000007fefefd1000-000007fdfdff1fff 0x0001/0x0000 0x0000000
483	3304.3124: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
484	3304.3124: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
485	3304.3124: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
486	3304.3124: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
487	3304.3124: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
488	3304.3124: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
489	3304.3124: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
490	3304.3124: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
491	3304.3124: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
492	3304.3124: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
493	3304.3124: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
494	3304.3124: supR3HardNtChildPurify: Done after 572 ms and 0 fixes (loop #0).
495	3304.3124: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
496	3304.3124: supR3HardNtEnableThreadCreation:
497	3a60.288c: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
498	3a60.288c: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cb0000
499	3a60.288c: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
500	3a60.288c: New simple heap: #1 0000000000300000 LB 0x400000 (for 1740800 allocation)
501	3a60.288c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
502	3a60.288c: System32: \Device\HarddiskVolume1\Windows\System32
503	3a60.288c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
504	3a60.288c: KnownDllPath: C:\Windows\system32
505	3a60.288c: supR3HardenedVmProcessInit: Opening vboxdrv...
506	3a60.288c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
507	3a60.288c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
508	3a60.288c: Registered Dll notification callback with NTDLL.
509	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
510	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
511	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
512	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
513	3a60.288c: supR3HardenedDllNotificationCallback: load 0000000076b90000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
514	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
515	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
516	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
517	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
518	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b90000 'C:\Windows\system32\kernel32.dll'
519	3a60.288c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cdb630 pvNtTerminateThread=0000000076cfdee0
520	3304.3124: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms.
521	3a60.288c: \SystemRoot\System32\ntdll.dll:
522	3a60.288c: CreationTime: 2016-01-05T15:15:33.635876900Z
523	3a60.288c: LastWriteTime: 2015-10-20T01:09:05.164170200Z
524	3a60.288c: ChangeTime: 2016-01-05T23:14:24.453534400Z
525	3a60.288c: FileAttributes: 0x20
526	3a60.288c: Size: 0x1a67c0
527	3a60.288c: NT Headers: 0xe0
528	3a60.288c: Timestamp: 0x56259295
529	3a60.288c: Machine: 0x8664 - amd64
530	3a60.288c: Timestamp: 0x56259295
531	3a60.288c: Image Version: 6.1
532	3a60.288c: SizeOfImage: 0x1a9000 (1740800)
533	3a60.288c: Resource Dir: 0x14d000 LB 0x5a028
534	3a60.288c: ProductName: Microsoft® Windows® Operating System
535	3a60.288c: ProductVersion: 6.1.7601.19045
536	3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
537	3a60.288c: FileDescription: NT Layer DLL
538	3a60.288c: \SystemRoot\System32\kernel32.dll:
539	3a60.288c: CreationTime: 2016-01-05T15:15:33.089890900Z
540	3a60.288c: LastWriteTime: 2015-10-20T01:05:40.819000000Z
541	3a60.288c: ChangeTime: 2016-01-05T23:14:25.077514400Z
542	3a60.288c: FileAttributes: 0x20
543	3a60.288c: Size: 0x11c600
544	3a60.288c: NT Headers: 0xe8
545	3a60.288c: Timestamp: 0x56259270
546	3a60.288c: Machine: 0x8664 - amd64
547	3a60.288c: Timestamp: 0x56259270
548	3a60.288c: Image Version: 6.1
549	3a60.288c: SizeOfImage: 0x120000 (1179648)
550	3a60.288c: Resource Dir: 0x117000 LB 0x528
551	3a60.288c: ProductName: Microsoft® Windows® Operating System
552	3a60.288c: ProductVersion: 6.1.7601.19045
553	3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
554	3a60.288c: FileDescription: Windows NT BASE API Client DLL
555	3a60.288c: \SystemRoot\System32\KernelBase.dll:
556	3a60.288c: CreationTime: 2016-01-05T15:15:36.615400500Z
557	3a60.288c: LastWriteTime: 2015-10-20T01:05:40.819000000Z
558	3a60.288c: ChangeTime: 2016-01-05T23:14:25.093113900Z
559	3a60.288c: FileAttributes: 0x20
560	3a60.288c: Size: 0x67c00
561	3a60.288c: NT Headers: 0xe8
562	3a60.288c: Timestamp: 0x56259271
563	3a60.288c: Machine: 0x8664 - amd64
564	3a60.288c: Timestamp: 0x56259271
565	3a60.288c: Image Version: 6.1
566	3a60.288c: SizeOfImage: 0x6c000 (442368)
567	3a60.288c: Resource Dir: 0x6a000 LB 0x530
568	3a60.288c: ProductName: Microsoft® Windows® Operating System
569	3a60.288c: ProductVersion: 6.1.7601.19045
570	3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
571	3a60.288c: FileDescription: Windows NT BASE API Client DLL
572	3a60.288c: \SystemRoot\System32\apisetschema.dll:
573	3a60.288c: CreationTime: 2016-01-05T15:15:41.841266500Z
574	3a60.288c: LastWriteTime: 2015-10-20T00:53:47.280000000Z
575	3a60.288c: ChangeTime: 2016-01-05T23:14:24.079146400Z
576	3a60.288c: FileAttributes: 0x20
577	3a60.288c: Size: 0x1a00
578	3a60.288c: NT Headers: 0xc0
579	3a60.288c: Timestamp: 0x562590e2
580	3a60.288c: Machine: 0x8664 - amd64
581	3a60.288c: Timestamp: 0x562590e2
582	3a60.288c: Image Version: 6.1
583	3a60.288c: SizeOfImage: 0x50000 (327680)
584	3a60.288c: Resource Dir: 0x30000 LB 0x3f8
585	3a60.288c: ProductName: Microsoft® Windows® Operating System
586	3a60.288c: ProductVersion: 6.1.7601.19045
587	3a60.288c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
588	3a60.288c: FileDescription: ApiSet Schema DLL
589	3a60.288c: Found driver mfewfpk (0x20)
590	3a60.288c: Found driver mfehidk (0x20)
591	3a60.288c: Found driver mfeavfk (0x20)
592	3a60.288c: Found driver mfefirek (0x20)
593	3a60.288c: supR3HardenedWinFindAdversaries: 0x20
594	3a60.288c: \SystemRoot\System32\drivers\mfeapfk.sys:
595	3a60.288c: CreationTime: 2014-08-27T13:53:23.447070100Z
596	3a60.288c: LastWriteTime: 2014-08-27T13:53:11.606254300Z
597	3a60.288c: ChangeTime: 2015-08-26T11:18:34.144626700Z
598	3a60.288c: FileAttributes: 0x20
599	3a60.288c: Size: 0x2c030
600	3a60.288c: NT Headers: 0xe8
601	3a60.288c: Timestamp: 0x52ab7fef
602	3a60.288c: Machine: 0x8664 - amd64
603	3a60.288c: Timestamp: 0x52ab7fef
604	3a60.288c: Image Version: 0.0
605	3a60.288c: SizeOfImage: 0x29d00 (171264)
606	3a60.288c: Resource Dir: 0x29500 LB 0x340
607	3a60.288c: ProductName: SYSCORE
608	3a60.288c: FileVersion: SYSCORE.15.1.0.656
609	3a60.288c: PrivateBuild: SYSCORE.15.1.0.656 F16
610	3a60.288c: FileDescription: Access Protection Filter Driver
611	3a60.288c: \SystemRoot\System32\drivers\mfeavfk.sys:
612	3a60.288c: CreationTime: 2014-08-27T13:53:23.326082200Z
613	3a60.288c: LastWriteTime: 2015-10-22T18:41:49.066172200Z
614	3a60.288c: ChangeTime: 2015-10-22T18:41:59.236070500Z
615	3a60.288c: FileAttributes: 0x20
616	3a60.288c: Size: 0x54e98
617	3a60.288c: NT Headers: 0xf8
618	3a60.288c: Timestamp: 0x558ddc3c
619	3a60.288c: Machine: 0x8664 - amd64
620	3a60.288c: Timestamp: 0x558ddc3c
621	3a60.288c: Image Version: 0.0
622	3a60.288c: SizeOfImage: 0x50580 (329088)
623	3a60.288c: Resource Dir: 0x4f700 LB 0x758
624	3a60.288c: ProductName: SYSCORE
625	3a60.288c: ProductVersion: 15.4.0.674
626	3a60.288c: FileVersion: SYSCORE.15.4.0.674
627	3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F15,F16,F19
628	3a60.288c: FileDescription: Anti-Virus File System Filter Driver
629	3a60.288c: \SystemRoot\System32\drivers\mfefirek.sys:
630	3a60.288c: CreationTime: 2015-10-26T20:59:00.916917600Z
631	3a60.288c: LastWriteTime: 2015-10-26T20:57:28.083102900Z
632	3a60.288c: ChangeTime: 2015-10-26T20:57:28.083102900Z
633	3a60.288c: FileAttributes: 0x20
634	3a60.288c: Size: 0x794f8
635	3a60.288c: NT Headers: 0xe8
636	3a60.288c: Timestamp: 0x558ddc7b
637	3a60.288c: Machine: 0x8664 - amd64
638	3a60.288c: Timestamp: 0x558ddc7b
639	3a60.288c: Image Version: 0.0
640	3a60.288c: SizeOfImage: 0x74880 (477312)
641	3a60.288c: Resource Dir: 0x72000 LB 0x388
642	3a60.288c: ProductName: SYSCORE
643	3a60.288c: ProductVersion: 15.4.0.674
644	3a60.288c: FileVersion: SYSCORE.15.4.0.674
645	3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
646	3a60.288c: FileDescription: McAfee Core Firewall Engine Driver
647	3a60.288c: \SystemRoot\System32\drivers\mfehidk.sys:
648	3a60.288c: CreationTime: 2014-08-27T13:53:22.847130100Z
649	3a60.288c: LastWriteTime: 2015-10-22T18:41:49.016172700Z
650	3a60.288c: ChangeTime: 2015-10-22T18:41:49.016172700Z
651	3a60.288c: FileAttributes: 0x20
652	3a60.288c: Size: 0xd5d98
653	3a60.288c: NT Headers: 0x108
654	3a60.288c: Timestamp: 0x558ddbf8
655	3a60.288c: Machine: 0x8664 - amd64
656	3a60.288c: Timestamp: 0x558ddbf8
657	3a60.288c: Image Version: 0.0
658	3a60.288c: SizeOfImage: 0xd0880 (854144)
659	3a60.288c: Resource Dir: 0xcd980 LB 0x758
660	3a60.288c: ProductName: SYSCORE
661	3a60.288c: ProductVersion: 15.4.0.674
662	3a60.288c: FileVersion: SYSCORE.15.4.0.674
663	3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F14,F15,F16,F18,F20
664	3a60.288c: FileDescription: McAfee Link Driver
665	3a60.288c: \SystemRoot\System32\drivers\mfewfpk.sys:
666	3a60.288c: CreationTime: 2014-08-27T13:53:16.103804500Z
667	3a60.288c: LastWriteTime: 2015-10-26T20:57:27.817908000Z
668	3a60.288c: ChangeTime: 2015-10-26T20:57:27.817908000Z
669	3a60.288c: FileAttributes: 0x20
670	3a60.288c: Size: 0x54280
671	3a60.288c: NT Headers: 0x100
672	3a60.288c: Timestamp: 0x558ddc06
673	3a60.288c: Machine: 0x8664 - amd64
674	3a60.288c: Timestamp: 0x558ddc06
675	3a60.288c: Image Version: 0.0
676	3a60.288c: SizeOfImage: 0x4f980 (326016)
677	3a60.288c: Resource Dir: 0x4ef00 LB 0x380
678	3a60.288c: ProductName: SYSCORE
679	3a60.288c: ProductVersion: 15.4.0.674
680	3a60.288c: FileVersion: SYSCORE.15.4.0.674
681	3a60.288c: PrivateBuild: SYSCORE.15.4.0.674 F17,F18
682	3a60.288c: FileDescription: Anti-Virus Mini-Firewall Driver
683	3a60.288c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
684	3a60.288c: Calling main()
685	3a60.288c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
686	3a60.288c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
687	3a60.288c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
688	3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
689	3a60.288c: SUPR3HardenedMain: Final process, opening VBoxDrv...
690	3a60.288c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
691	3a60.288c: supR3HardNtEnableThreadCreation:
692	3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
693	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
694	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000795640:C:\Windows\system32 [calling]
695	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
696	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fef8220000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
697	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
698	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
699	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
700	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
701	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
702	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
703	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
704	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
705	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
706	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
707	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
708	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
709	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
710	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
711	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
712	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
713	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
714	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
715	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
716	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
717	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
718	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
719	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
720	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
721	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
722	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
723	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
724	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
725	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
726	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
727	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
728	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
729	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
730	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
731	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
732	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
733	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
734	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
735	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000795640:C:\Windows\system32 [calling]
736	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
737	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
738	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
739	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
740	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
741	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefcb50000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
742	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
743	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
744	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
745	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
746	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
747	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\Wintrust.dll'
748	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
749	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
750	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000080b490:C:\Windows\system32 [calling]
751	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
752	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc340000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
753	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
754	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc340000 'C:\Windows\system32\bcrypt.dll'
755	3a60.288c: bcrypt.dll loaded at 000007fefc340000, BCryptOpenAlgorithmProvider at 000007fefc342640, preloading providers:
756	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
757	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
758	3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
759	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
760	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
761	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
762	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
763	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
764	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
765	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
766	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
767	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
768	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
769	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
770	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
771	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
772	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
773	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
774	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
775	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
776	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
777	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefbde0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
778	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
779	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefea70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
780	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
781	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
782	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
783	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
784	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
785	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
786	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
787	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbde0000 'C:\Windows\system32\bcryptprimitives.dll'
788	3a60.288c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000080cb70)
789	3a60.288c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000080fa30)
790	3a60.288c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000080fb50)
791	3a60.288c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000080fd60)
792	3a60.288c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000080fe80)
793	3a60.288c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000080ffa0)
794	3a60.288c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008101e0)
795	3a60.288c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000810300)
796	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
797	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
798	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
799	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
800	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
801	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
802	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
803	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
804	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
805	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
806	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc1f0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
807	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
808	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1f0000 'C:\Windows\system32\CRYPTSP.dll'
809	3a60.288c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
810	3a60.288c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
811	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
812	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
813	3a60.288c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
814	3a60.288c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
815	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
816	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
817	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefbef0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
818	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
819	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbef0000 'C:\Windows\system32\rsaenh.dll'
820	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
821	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
822	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\Windows\system32\ADVAPI32.dll'
823	3a60.288c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
824	3a60.288c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
825	3a60.288c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007965d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Google\Chrome\Application;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\TortoiseGit\bin;C:\Program Files\TortoiseSVN\bin;C:\Users\574790\AppData\Local\Programs\Git\cmd [calling]
826	3a60.288c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
827	3a60.288c: supR3HardenedDllNotificationCallback: load 000007fefc850000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
828	3a60.288c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
829	3a60.288c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\CRYPTBASE.dll'
830	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'.
831	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
832	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
833	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
834	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
835	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
836	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
837	3a60.3424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\privman64.dll)
838	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\privman64.dll
839	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
840	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
841	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
842	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
843	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
844	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
845	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
846	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
847	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
848	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
849	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
850	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
851	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
852	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
853	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
854	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
855	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
856	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
857	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
858	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
859	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
860	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
861	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
862	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
863	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
864	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
865	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
866	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
867	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
868	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
869	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
870	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
871	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
872	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\version.dll)
873	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
874	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
875	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
876	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
877	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
878	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
879	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
880	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
881	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
882	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
883	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
884	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
885	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
886	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
887	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
888	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
889	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
890	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
891	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
892	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
893	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
894	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
895	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
896	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
897	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
898	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
899	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
900	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
901	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
902	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
903	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
904	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
905	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
906	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
907	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
908	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
909	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
910	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
911	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
912	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
913	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
914	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
915	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
916	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
917	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
918	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
919	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
920	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
921	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
922	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
923	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
924	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
925	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
926	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
927	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
928	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
929	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
930	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
931	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
932	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
933	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
934	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
935	3a60.3424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
936	3a60.3424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
937	3a60.3424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
938	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
939	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
940	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
941	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
942	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
943	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
944	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
945	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
946	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
947	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
948	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
949	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
950	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
951	3a60.3424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
952	3a60.3424: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
953	3a60.3424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\privman64.dll (Input=privman64.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
954	3a60.3424: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
955	3a60.3424: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x0002d000 C:\Windows\system32\privman64.dll [fFlags=0x0]
956	3a60.3424: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\privman64.dll [lacks WinVerifyTrust]
957	3304.3124: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47 ms, the end);
958	37a0.3ff8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 688 ms, the end);

Download in other formats:

Original Format