Scribd
Upload
24 views68 pages

4 C 84

Uploaded by

Biancaa R

The document contains log output from a system analysis tool detailing file metadata for several core Windows system files and McAfee antivirus driver files. Key details reported include file paths, version information, sizes, and timestamps. The files analyzed include ntdll.dll, kernel32.dll, KernelBase.dll, and various McAfee driver files.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt

4 C 84

Uploaded by

Biancaa R
24 views68 pages
The document contains log output from a system analysis tool detailing file metadata for several core Windows system files and McAfee antivirus driver files. Key details reported include file paths, version information, sizes, and timestamps. The files analyzed include ntdll.dll, kernel32.dll, KernelBase.dll, and various McAfee driver files.

Original Title

4c84

Copyright

© © All Rights Reserved

Available Formats

DOCX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

The document contains log output from a system analysis tool detailing file metadata for several core Windows system files and McAfee antivirus driver files. Key details reported include file paths, version information, sizes, and timestamps. The files analyzed include ntdll.dll, kernel32.dll, KernelBase.dll, and various McAfee driver files.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
24 views68 pages

4 C 84

Uploaded by

Biancaa R
The document contains log output from a system analysis tool detailing file metadata for several core Windows system files and McAfee antivirus driver files. Key details reported include file paths, version information, sizes, and timestamps. The files analyzed include ntdll.dll, kernel32.dll, KernelBase.dll, and various McAfee driver files.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 68

4c84.6498: \SystemRoot\System32\ntdll.

dll:

4c84.6498: CreationTime: 2023-10-05T06:15:31.963703500Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:32.010636100Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.724455100Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x212fa0

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x7a9f67f2

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x7a9f67f2

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x214000 (2179072)

4c84.6498: Resource Dir: 0x19e000 LB 0x74c30

4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: NT Layer DLL

4c84.6498: \SystemRoot\System32\kernel32.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:09.965858700Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:09.981491400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.660990400Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xc71d0

4c84.6498: NT Headers: 0xe8

4c84.6498: Timestamp: 0xfe3dc5c1

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0xfe3dc5c1

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xc4000 (802816)


4c84.6498: Resource Dir: 0xc2000 LB 0x520

4c84.6498: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: Windows NT BASE API Client DLL

4c84.6498: \SystemRoot\System32\KernelBase.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:32.854231400Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:32.948038400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.724455100Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x3ab8f8

4c84.6498: NT Headers: 0xf0

4c84.6498: Timestamp: 0x83983b0b

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x83983b0b

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x3a4000 (3817472)

4c84.6498: Resource Dir: 0x373000 LB 0x548

4c84.6498: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: Windows NT BASE API Client DLL

4c84.6498: \SystemRoot\System32\apisetschema.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:06.403744400Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:06.403744400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.472291700Z

4c84.6498: FileAttributes: 0x20


4c84.6498: Size: 0x24580

4c84.6498: NT Headers: 0xc8

4c84.6498: Timestamp: 0xd4ae1653

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0xd4ae1653

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x23000 (143360)

4c84.6498: Resource Dir: 0x22000 LB 0x408

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2070

4c84.6498: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

4c84.6498: FileDescription: ApiSet Schema DLL

4c84.6498: Found driver cfwids (0x20)

4c84.6498: Found driver mfencbdc (0x20)

4c84.6498: Found driver mfehidk (0x20)

4c84.6498: Found driver mfeavfk (0x20)

4c84.6498: Found driver mfefirek (0x20)

4c84.6498: supR3HardenedWinFindAdversaries: 0x20

4c84.6498: \SystemRoot\System32\drivers\cfwids.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:40.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.517289300Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x13040

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Image Version: 10.0


4c84.6498: SizeOfImage: 0x13000 (77824)

4c84.6498: Resource Dir: 0x11000 LB 0x558

4c84.6498: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191

4c84.6498: FileDescription: McAfee Personal Firewall IDS Plugin

4c84.6498: \SystemRoot\System32\drivers\mfeavfk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.297767900Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x55640

4c84.6498: NT Headers: 0xf0

4c84.6498: Timestamp: 0x62b93070

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b93070

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x54000 (344064)

4c84.6498: Resource Dir: 0x52000 LB 0x760

4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

4c84.6498: FileDescription: Anti-Virus File System Filter Driver

4c84.6498: \SystemRoot\System32\drivers\mfefirek.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z


4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.266521400Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x6cc40

4c84.6498: NT Headers: 0xe8

4c84.6498: Timestamp: 0x62b93093

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b93093

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x6c000 (442368)

4c84.6498: Resource Dir: 0x6a000 LB 0x390

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

4c84.6498: FileDescription: McAfee Core Firewall Engine Driver

4c84.6498: \SystemRoot\System32\drivers\mfehidk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:40.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:11.824327000Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xe0a40

4c84.6498: NT Headers: 0x100

4c84.6498: Timestamp: 0x62b9314a

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9314a

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xe9000 (954368)

4c84.6498: Resource Dir: 0xe6000 LB 0x788


4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

4c84.6498: FileDescription: McAfee Link Driver

4c84.6498: \SystemRoot\System32\drivers\mfencbdc.sys:

4c84.6498: CreationTime: 2021-09-16T09:52:14.000000000Z

4c84.6498: LastWriteTime: 2022-07-07T02:24:02.000000000Z

4c84.6498: ChangeTime: 2023-10-05T06:23:25.737631000Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xa2750

4c84.6498: NT Headers: 0xd8

4c84.6498: Timestamp: 0x62bc4151

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62bc4151

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xb3000 (733184)

4c84.6498: Resource Dir: 0xb1000 LB 0x3e0

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Anti-Malware Core

4c84.6498: ProductVersion: 22.7.0

4c84.6498: FileVersion: Anti-Malware Core.22.7.0.567

4c84.6498: PrivateBuild: Anti-Malware Core.22.7.0.567

4c84.6498: FileDescription: Event Driver

4c84.6498: \SystemRoot\System32\drivers\mfewfpk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:11.110295100Z


4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x39458

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x53000 (339968)

4c84.6498: Resource Dir: 0x51000 LB 0x388

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

4c84.6498: FileDescription: Anti-Virus Mini-Firewall Driver

4c84.6498: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

4c84.6498: Calling main()

4c84.6498: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

4c84.6498: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

4c84.6498: SUPR3HardenedMain: Respawn #1

4c84.6498: System32: \Device\HarddiskVolume3\Windows\System32

4c84.6498: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

4c84.6498: KnownDllPath: C:\WINDOWS\System32

4c84.6498: supR3HardenedWinInit: Performing a limited self purification...

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000552ae9ffff 0x0001/0x0000 0x0000000


4c84.6498: *000000552aea0000-000000552af50fff 0x0000/0x0004 0x0020000

4c84.6498: 000000552af51000-000000552af53fff 0x0104/0x0004 0x0020000

4c84.6498: 000000552af54000-000000552af9ffff 0x0004/0x0004 0x0020000

4c84.6498: 000000552afa0000-000000552affffff 0x0001/0x0000 0x0000000

4c84.6498: *000000552b000000-000000552b089fff 0x0000/0x0004 0x0020000

4c84.6498: 000000552b08a000-000000552b08cfff 0x0004/0x0004 0x0020000

4c84.6498: 000000552b08d000-000000552b1fffff 0x0000/0x0004 0x0020000

4c84.6498: 000000552b200000-000001ba7598ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75990000-000001ba7599ffff 0x0004/0x0004 0x0040000

4c84.6498: *000001ba759a0000-000001ba759a2fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759a3000-000001ba759affff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759b0000-000001ba759cefff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759cf000-000001ba759cffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759d0000-000001ba759d3fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759d4000-000001ba759dffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759e0000-000001ba759e0fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759e1000-000001ba759effff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759f0000-000001ba759f1fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba759f2000-000001ba759fffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a00000-000001ba75a02fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a03000-000001ba75a0ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a10000-000001ba75a11fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75a12000-000001ba75a71fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75a72000-000001ba75a7ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a80000-000001ba75a80fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a81000-000001ba75a8ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a90000-000001ba75a90fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a91000-000001ba75a9ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75aa0000-000001ba75aa0fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75aa1000-000001ba75aaffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75ab0000-000001ba75ab1fff 0x0004/0x0004 0x0020000


4c84.6498: 000001ba75ab2000-000001ba75b11fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75b12000-000001ba75b3ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75b40000-000001ba75b50fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75b51000-000001ba75c3ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75c40000-000001ba75d0dfff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75d0e000-000001ba75d0ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75d10000-000001ba75d3dfff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75d3e000-000001ba75e0ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75e10000-000001ba75e1efff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75e1f000-000001ba75e1ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75e20000-000001ba75e29fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75e2a000-000001ba7603efff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba7603f000-000001ba7603ffff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba76040000-00007df471ecffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df471ed0000-00007df471ed4fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df471ed5000-00007df471fcffff 0x0000/0x0002 0x0040000

4c84.6498: *00007df471fd0000-00007df571feffff 0x0000/0x0004 0x0020000

4c84.6498: *00007df571ff0000-00007df573feffff 0x0000/0x0004 0x0020000

4c84.6498: 00007df573ff0000-00007df573ff0fff 0x0004/0x0004 0x0020000

4c84.6498: 00007df573ff1000-00007df573ffffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df574000000-00007df574000fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df574001000-00007df57400ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df574010000-00007df575967fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df575968000-00007df575a25fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df575a26000-00007df575df3fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df575df4000-00007df575df4fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df575df5000-00007ff54f19cfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff54f19d000-00007ff54f1a1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff54f1a2000-00007ff55c2fafff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff55c2fb000-00007ff55f7d0fff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f7d1000-00007ff55f7d3fff 0x0002/0x0001 0x0040000


4c84.6498: 00007ff55f7d4000-00007ff55f896fff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f897000-00007ff55f8a5fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f8a6000-00007ff55f8ecfff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f8ed000-00007ff55f8f0fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f8f1000-00007ff55f93ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f940000-00007ff55f948fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f949000-00007ff57400ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff574010000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c6411fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6412000-00007ff6c6414fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6415000-00007ff6c6417fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6418000-00007ff6c6418fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6419000-00007ff6c641afff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641b000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffadf04ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffadf050000-00007ffadf050fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf051000-00007ffadf0a2fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\apphelp.dll
4c84.6498: 00007ffadf0a3000-00007ffadf0c6fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0c7000-00007ffadf0c9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0ca000-00007ffadf0e6fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0e7000-00007ffae21cffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae21d0000-00007ffae21d0fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae21d1000-00007ffae235ffff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2360000-00007ffae2523fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2524000-00007ffae2528fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2529000-00007ffae2573fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2574000-00007ffae373ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae3740000-00007ffae3740fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae3741000-00007ffae37c1fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37c2000-00007ffae37f8fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37f9000-00007ffae37f9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37fa000-00007ffae37fafff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37fb000-00007ffae3803fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae3804000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll
4c84.6498: 00007ffae4d8e000-00007ffae4d8efff 0x0004/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8f000-00007ffae4d90fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d91000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: kernel32.dll: timestamp 0xfe3dc5c1 (rc=VINF_SUCCESS)

4c84.6498: kernelbase.dll: timestamp 0x83983b0b (rc=VINF_SUCCESS)

4c84.6498: apphelp.dll: timestamp 0x3ff675f6 (rc=VINF_SUCCESS)

4c84.6498: VBoxHeadless.exe: timestamp 0x652832c2 (rc=VINF_SUCCESS)

4c84.6498: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

4c84.6498: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

4c84.6498: VBoxHeadless.exe: Differences in section #7 (.00cfg) between file and memory:

4c84.6498: 00007ff6c6423000 / 0x00d3000: 00 != 80

4c84.6498: 00007ff6c6423001 / 0x00d3001: 0b != ea

4c84.6498: 00007ff6c6423002 / 0x00d3002: 37 != c9

4c84.6498: 00007ff6c6423003 / 0x00d3003: c6 != e4

4c84.6498: 00007ff6c6423004 / 0x00d3004: f6 != fa

4c84.6498: 00007ff6c6423008 / 0x00d3008: 00 != 80

4c84.6498: 00007ff6c6423009 / 0x00d3009: 0b != ea

4c84.6498: 00007ff6c642300a / 0x00d300a: 37 != c9

4c84.6498: 00007ff6c642300b / 0x00d300b: c6 != e4

4c84.6498: 00007ff6c642300c / 0x00d300c: f6 != fa

4c84.6498: 00007ff6c6423010 / 0x00d3010: 30 != c0

4c84.6498: 00007ff6c6423011 / 0x00d3011: a8 != eb

4c84.6498: 00007ff6c6423012 / 0x00d3012: 3b != c9

4c84.6498: 00007ff6c6423013 / 0x00d3013: c6 != e4

4c84.6498: 00007ff6c6423014 / 0x00d3014: f6 != fa

4c84.6498: 00007ff6c6423018 / 0x00d3018: 50 != c0


4c84.6498: 00007ff6c6423019 / 0x00d3019: a8 != eb

4c84.6498: 00007ff6c642301a / 0x00d301a: 3b != c9

4c84.6498: 00007ff6c642301b / 0x00d301b: c6 != e4

4c84.6498: 00007ff6c642301c / 0x00d301c: f6 != fa

4c84.6498: 00007ff6c6423020 / 0x00d3020: 50 != c0

4c84.6498: 00007ff6c6423021 / 0x00d3021: a8 != eb

4c84.6498: 00007ff6c6423022 / 0x00d3022: 3b != c9

4c84.6498: 00007ff6c6423023 / 0x00d3023: c6 != e4

4c84.6498: 00007ff6c6423024 / 0x00d3024: f6 != fa

4c84.6498: Restored 0x28 bytes of original file content at 00007ff6c6423000

4c84.6498: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

4c84.6498: 00007ff6c64625f8 / 0x01125f8: 00 != 50

4c84.6498: 00007ff6c64625f9 / 0x01125f9: 00 != 41

4c84.6498: 00007ff6c64625fa / 0x01125fa: 00 != 44

4c84.6498: 00007ff6c64625fb / 0x01125fb: 00 != 44

4c84.6498: 00007ff6c64625fc / 0x01125fc: 00 != 49

4c84.6498: 00007ff6c64625fd / 0x01125fd: 00 != 4e

4c84.6498: 00007ff6c64625fe / 0x01125fe: 00 != 47

4c84.6498: 00007ff6c64625ff / 0x01125ff: 00 != 58

4c84.6498: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

4c84.6498: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

4c84.6498: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:

4c84.6498: 00007ffae4dad000 / 0x019d000: 00 != c0

4c84.6498: 00007ffae4dad001 / 0x019d001: 2a != eb

4c84.6498: 00007ffae4dad002 / 0x019d002: cb != c9

4c84.6498: 00007ffae4dad008 / 0x019d008: 70 != 80

4c84.6498: 00007ffae4dad009 / 0x019d009: e9 != ea

4c84.6498: 00007ffae4dad010 / 0x019d010: 20 != c0

4c84.6498: 00007ffae4dad011 / 0x019d011: 2a != eb

4c84.6498: 00007ffae4dad012 / 0x019d012: cb != c9

4c84.6498: 00007ffae4dad018 / 0x019d018: 20 != c0


4c84.6498: 00007ffae4dad019 / 0x019d019: 2a != eb

4c84.6498: 00007ffae4dad01a / 0x019d01a: cb != c9

4c84.6498: Restored 0x28 bytes of original file content at 00007ffae4dad000

4c84.6498: kernel32.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae37c5be0 / 0x0085be0: 30 != 40

4c84.6498: 00007ffae37c5be1 / 0x0085be1: f9 != 85

4c84.6498: 00007ffae37c5be2 / 0x0085be2: ca != 09

4c84.6498: 00007ffae37c5be3 / 0x0085be3: e4 != df

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae37c4000

4c84.6498: kernel32.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae37c6000 / 0x0086000: 20 != 50

4c84.6498: 00007ffae37c6001 / 0x0086001: f2 != 7b

4c84.6498: 00007ffae37c6002 / 0x0086002: ca != 06

4c84.6498: 00007ffae37c6003 / 0x0086003: e4 != df

4c84.6498: 00007ffae37c6180 / 0x0086180: e0 != 50

4c84.6498: 00007ffae37c6181 / 0x0086181: f7 != 83

4c84.6498: 00007ffae37c6182 / 0x0086182: ca != 09

4c84.6498: 00007ffae37c6183 / 0x0086183: e4 != df

4c84.6498: 00007ffae37c6568 / 0x0086568: e0 != 50

4c84.6498: 00007ffae37c6569 / 0x0086569: f7 != 83

4c84.6498: 00007ffae37c656a / 0x008656a: ca != 09

4c84.6498: 00007ffae37c656b / 0x008656b: e4 != df

4c84.6498: 00007ffae37c66d8 / 0x00866d8: 70 != 80

4c84.6498: 00007ffae37c66d9 / 0x00866d9: ff != ea

4c84.6498: 00007ffae37c66da / 0x00866da: 75 != c9

4c84.6498: 00007ffae37c66db / 0x00866db: e3 != e4

4c84.6498: 00007ffae37c66e0 / 0x00866e0: 40 != c0

4c84.6498: 00007ffae37c66e1 / 0x00866e1: 42 != eb

4c84.6498: 00007ffae37c66e2 / 0x00866e2: 76 != c9

4c84.6498: 00007ffae37c66e3 / 0x00866e3: e3 != e4

4c84.6498: 00007ffae37c66e8 / 0x00866e8: 70 != 80


4c84.6498: 00007ffae37c66e9 / 0x00866e9: ff != ea

4c84.6498: 00007ffae37c66ea / 0x00866ea: 75 != c9

4c84.6498: 00007ffae37c66eb / 0x00866eb: e3 != e4

4c84.6498: 00007ffae37c66f0 / 0x00866f0: 60 != c0

4c84.6498: 00007ffae37c66f1 / 0x00866f1: 42 != eb

4c84.6498: 00007ffae37c66f2 / 0x00866f2: 76 != c9

4c84.6498: 00007ffae37c66f3 / 0x00866f3: e3 != e4

4c84.6498: 00007ffae37c66f8 / 0x00866f8: 60 != c0

4c84.6498: 00007ffae37c66f9 / 0x00866f9: 42 != eb

4c84.6498: 00007ffae37c66fa / 0x00866fa: 76 != c9

4c84.6498: 00007ffae37c66fb / 0x00866fb: e3 != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae37c6000

4c84.6498: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae242ec48 / 0x025ec48: 20 != 50

4c84.6498: 00007ffae242ec49 / 0x025ec49: f2 != 7b

4c84.6498: 00007ffae242ec4a / 0x025ec4a: ca != 06

4c84.6498: 00007ffae242ec4b / 0x025ec4b: e4 != df

4c84.6498: 00007ffae242ec88 / 0x025ec88: e0 != 50

4c84.6498: 00007ffae242ec89 / 0x025ec89: f7 != 83

4c84.6498: 00007ffae242ec8a / 0x025ec8a: ca != 09

4c84.6498: 00007ffae242ec8b / 0x025ec8b: e4 != df

4c84.6498: 00007ffae242edc0 / 0x025edc0: 30 != 40

4c84.6498: 00007ffae242edc1 / 0x025edc1: f9 != 85

4c84.6498: 00007ffae242edc2 / 0x025edc2: ca != 09

4c84.6498: 00007ffae242edc3 / 0x025edc3: e4 != df

4c84.6498: 00007ffae242f5b8 / 0x025f5b8: 30 != 40

4c84.6498: 00007ffae242f5b9 / 0x025f5b9: f9 != 85

4c84.6498: 00007ffae242f5ba / 0x025f5ba: ca != 09

4c84.6498: 00007ffae242f5bb / 0x025f5bb: e4 != df

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae242e000

4c84.6498: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:


4c84.6498: 00007ffae24301d0 / 0x02601d0: b0 != 80

4c84.6498: 00007ffae24301d1 / 0x02601d1: 37 != ea

4c84.6498: 00007ffae24301d2 / 0x02601d2: 29 != c9

4c84.6498: 00007ffae24301d3 / 0x02601d3: e2 != e4

4c84.6498: 00007ffae24301d8 / 0x02601d8: 60 != c0

4c84.6498: 00007ffae24301d9 / 0x02601d9: 3b != eb

4c84.6498: 00007ffae24301da / 0x02601da: 29 != c9

4c84.6498: 00007ffae24301db / 0x02601db: e2 != e4

4c84.6498: 00007ffae24301e0 / 0x02601e0: b0 != 80

4c84.6498: 00007ffae24301e1 / 0x02601e1: 37 != ea

4c84.6498: 00007ffae24301e2 / 0x02601e2: 29 != c9

4c84.6498: 00007ffae24301e3 / 0x02601e3: e2 != e4

4c84.6498: 00007ffae24301e8 / 0x02601e8: 80 != c0

4c84.6498: 00007ffae24301e9 / 0x02601e9: 3b != eb

4c84.6498: 00007ffae24301ea / 0x02601ea: 29 != c9

4c84.6498: 00007ffae24301eb / 0x02601eb: e2 != e4

4c84.6498: 00007ffae24301f0 / 0x02601f0: 80 != c0

4c84.6498: 00007ffae24301f1 / 0x02601f1: 3b != eb

4c84.6498: 00007ffae24301f2 / 0x02601f2: 29 != c9

4c84.6498: 00007ffae24301f3 / 0x02601f3: e2 != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae2430000

4c84.6498: apphelp.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffadf0a52a0 / 0x00552a0: 50 != f0

4c84.6498: 00007ffadf0a52a1 / 0x00552a1: ff != 55

4c84.6498: 00007ffadf0a52a2 / 0x00552a2: 23 != 75

4c84.6498: 00007ffadf0a52a3 / 0x00552a3: e2 != e3

4c84.6498: 00007ffadf0a52a8 / 0x00552a8: 00 != a0

4c84.6498: 00007ffadf0a52a9 / 0x00552a9: 07 != 61

4c84.6498: 00007ffadf0a52aa / 0x00552aa: 25 != 75

4c84.6498: 00007ffadf0a52ab / 0x00552ab: e2 != e3

4c84.6498: 00007ffadf0a52b0 / 0x00552b0: 70 != 00


4c84.6498: 00007ffadf0a52b1 / 0x00552b1: ef != 45

4c84.6498: 00007ffadf0a52b2 / 0x00552b2: 23 != 75

4c84.6498: 00007ffadf0a52b3 / 0x00552b3: e2 != e3

4c84.6498: 00007ffadf0a52b8 / 0x00552b8: 40 != c0

4c84.6498: 00007ffadf0a52b9 / 0x00552b9: 83 != 97

4c84.6498: 00007ffadf0a52ba / 0x00552ba: 25 != 75

4c84.6498: 00007ffadf0a52bb / 0x00552bb: e2 != e3

4c84.6498: 00007ffadf0a52c0 / 0x00552c0: 60 != 50

4c84.6498: 00007ffadf0a52c1 / 0x00552c1: cb != 27

4c84.6498: 00007ffadf0a52c2 / 0x00552c2: 1d != 74

4c84.6498: 00007ffadf0a52c3 / 0x00552c3: e2 != e3

4c84.6498: 00007ffadf0a52c8 / 0x00552c8: 10 != 60

4c84.6498: 00007ffadf0a52c9 / 0x00552c9: c5 != 01

4c84.6498: 00007ffadf0a52ca / 0x00552ca: 23 != 76

4c84.6498: 00007ffadf0a52cb / 0x00552cb: e2 != e3

4c84.6498: 00007ffadf0a52d0 / 0x00552d0: b0 != 70

4c84.6498: 00007ffadf0a52d1 / 0x00552d1: 0d != 01

4c84.6498: 00007ffadf0a52d2 / 0x00552d2: 23 != 76

4c84.6498: 00007ffadf0a52d3 / 0x00552d3: e2 != e3

4c84.6498: 00007ffadf0a52e0 / 0x00552e0: 80 != 30

4c84.6498: 00007ffadf0a52e1 / 0x00552e1: c5 != 47

4c84.6498: 00007ffadf0a52e2 / 0x00552e2: 1f != 75

4c84.6498: 00007ffadf0a52e3 / 0x00552e3: e2 != e3

4c84.6498: 00007ffadf0a58b8 / 0x00558b8: 40 != 80

4c84.6498: 00007ffadf0a58b9 / 0x00558b9: 4c != ea

4c84.6498: 00007ffadf0a58ba / 0x00558ba: 06 != c9

4c84.6498: 00007ffadf0a58bb / 0x00558bb: df != e4

4c84.6498: 00007ffadf0a58c1 / 0x00558c1: 4d != eb

4c84.6498: 00007ffadf0a58c2 / 0x00558c2: 06 != c9

4c84.6498: 00007ffadf0a58c3 / 0x00558c3: df != e4

4c84.6498: 00007ffadf0a58c8 / 0x00558c8: 40 != 80


4c84.6498: 00007ffadf0a58c9 / 0x00558c9: 4c != ea

4c84.6498: 00007ffadf0a58ca / 0x00558ca: 06 != c9

4c84.6498: 00007ffadf0a58cb / 0x00558cb: df != e4

4c84.6498: 00007ffadf0a58d0 / 0x00558d0: e0 != c0

4c84.6498: 00007ffadf0a58d1 / 0x00558d1: 4d != eb

4c84.6498: 00007ffadf0a58d2 / 0x00558d2: 06 != c9

4c84.6498: 00007ffadf0a58d3 / 0x00558d3: df != e4

4c84.6498: 00007ffadf0a58d8 / 0x00558d8: e0 != c0

4c84.6498: 00007ffadf0a58d9 / 0x00558d9: 4d != eb

4c84.6498: 00007ffadf0a58da / 0x00558da: 06 != c9

4c84.6498: 00007ffadf0a58db / 0x00558db: df != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffadf0a5000

4c84.6498: supHardNtVpCheckHandles:

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 000000000000006c

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000068

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000064

4c84.6498: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED ->


VINF_SUCCESS, cFixes=8

4c84.6498: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

4c84.6498: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

4c84.6498: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\


VBoxHeadless.exe)

4c84.6498: supR3HardNtEnableThreadCreationEx:

4c84.6498: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0


pvNtTerminateThread=00007ffae4caf7a0

4c84.6498: supR3HardenedWinDoReSpawn(1): New child 6fec.6004 [kernel32].

4c84.6498: supR3HardNtChildGatherData: PebBaseAddress=000000d3c427e000 cbPeb=0x388

4c84.6498: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae4c10000


uNtDllChildAddr=00007ffae4c10000

4c84.6498: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae4c83de0

4c84.6498: supR3HardenedWinSetupChildInit: Initial context:

rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c635b5a0 rdx=000000d3c427e000


rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000

r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000

rip=00007ffae4c6aa40 rsp=000000d3c44ff908 rbp=0000000000000000 ctxflags=0010001b

cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80

P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000

dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000


dr3=0000000000000000

dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000

lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000

4c84.6498: supR3HardenedWinSetupChildInit: Start child.

4c84.6498: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after


0 ms.

4c84.6498: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 33 sleeps

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000d3c41fffff 0x0001/0x0000 0x0000000

4c84.6498: *000000d3c4200000-000000d3c427dfff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c427e000-000000d3c4280fff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4281000-000000d3c43fffff 0x0000/0x0004 0x0020000

4c84.6498: *000000d3c4400000-000000d3c44fafff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c44fb000-000000d3c44fdfff 0x0104/0x0004 0x0020000

4c84.6498: 000000d3c44fe000-000000d3c44fffff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4500000-000002c2388cffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c2388d0000-000002c2388effff 0x0004/0x0004 0x0020000

4c84.6498: *000002c2388f0000-000002c23890efff 0x0002/0x0002 0x0040000

4c84.6498: 000002c23890f000-000002c23890ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238910000-000002c238913fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238914000-000002c23891ffff 0x0001/0x0000 0x0000000


4c84.6498: *000002c238920000-000002c238920fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238921000-000002c23892ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238930000-000002c238931fff 0x0004/0x0004 0x0020000

4c84.6498: 000002c238932000-00007df59882ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598830000-00007df598830fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df598831000-00007df59883ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598840000-00007df59a197fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a198000-00007df59a255fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a256000-00007df59a623fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a624000-00007df59a624fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a625000-00007ff5739ccfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff5739cd000-00007ff5739d1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff5739d2000-00007ff580b2afff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff580b2b000-00007ff58416ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff584170000-00007ff584178fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff584179000-00007ff59883ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff598840000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c640ffff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6410000-00007ff6c6410fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6411000-00007ff6c6415fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6416000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe
4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8e000-00007ffae4d99fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

4c84.6498: 00007ff6c64625f8 / 0x01125f8: 00 != 50

4c84.6498: 00007ff6c64625f9 / 0x01125f9: 00 != 41

4c84.6498: 00007ff6c64625fa / 0x01125fa: 00 != 44

4c84.6498: 00007ff6c64625fb / 0x01125fb: 00 != 44

4c84.6498: 00007ff6c64625fc / 0x01125fc: 00 != 49

4c84.6498: 00007ff6c64625fd / 0x01125fd: 00 != 4e

4c84.6498: 00007ff6c64625fe / 0x01125fe: 00 != 47

4c84.6498: 00007ff6c64625ff / 0x01125ff: 00 != 58

4c84.6498: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

4c84.6498: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20

4c84.6498: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 33 sleeps

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000


4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000d3c41fffff 0x0001/0x0000 0x0000000

4c84.6498: *000000d3c4200000-000000d3c427dfff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c427e000-000000d3c4280fff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4281000-000000d3c43fffff 0x0000/0x0004 0x0020000

4c84.6498: *000000d3c4400000-000000d3c44fafff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c44fb000-000000d3c44fdfff 0x0104/0x0004 0x0020000

4c84.6498: 000000d3c44fe000-000000d3c44fffff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4500000-000002c2388cffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c2388d0000-000002c2388effff 0x0004/0x0004 0x0020000

4c84.6498: *000002c2388f0000-000002c23890efff 0x0002/0x0002 0x0040000

4c84.6498: 000002c23890f000-000002c23890ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238910000-000002c238913fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238914000-000002c23891ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238920000-000002c238920fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238921000-000002c23892ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238930000-000002c238931fff 0x0004/0x0004 0x0020000

4c84.6498: 000002c238932000-00007df59882ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598830000-00007df598830fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df598831000-00007df59883ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598840000-00007df59a197fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a198000-00007df59a255fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a256000-00007df59a623fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a624000-00007df59a624fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a625000-00007ff5739ccfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff5739cd000-00007ff5739d1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff5739d2000-00007ff580b2afff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff580b2b000-00007ff58416ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff584170000-00007ff584178fff 0x0002/0x0001 0x0040000


4c84.6498: 00007ff584179000-00007ff59883ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff598840000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0040/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c641bfff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8e000-00007ffae4d91fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d92000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: supR3HardNtChildPurify: Done after 1034 ms and 1 fixes (loop #1).

6fec.6004: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae4c10000


g_uNtVerCombined=0xa0585d00 (stack ~000000d3c44fe6d0)
6fec.6004: ntdll.dll: timestamp 0x7a9f67f2 (rc=VINF_SUCCESS)

6fec.6004: New simple heap: #1 000002c238a40000 LB 0x800000 (for 2179072 allocation)

4c84.6498: supR3HardNtEnableThreadCreationEx:

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: System32: \Device\HarddiskVolume3\Windows\System32

6fec.6004: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

6fec.6004: KnownDllPath: C:\WINDOWS\System32

6fec.6004: supR3HardenedVmProcessInit: Opening vboxsup stub...

6fec.6004: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...

6fec.6004: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...

6fec.6004: Registered Dll notification callback with NTDLL.

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\kernel32.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


kernel32.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL


(Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae21d0000 LB 0x003a4000 C:\


WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\KernelBase.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


KernelBase.dll

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae3740000 LB 0x000c4000 C:\


WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\


WINDOWS\System32\KERNEL32.DLL'

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ff6c6350000 LB 0x00114000 D:\


VBoxHeadless.exe [fFlags=0x0]

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports


6fec.6004: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\
VBoxHeadless.exe)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxHeadless.exe

6fec.6004: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0


pvNtTerminateThread=00007ffae4caf7a0

4c84.6498: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.

6fec.6004: \SystemRoot\System32\ntdll.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:31.963703500Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:32.010636100Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.724455100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x212fa0

6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x7a9f67f2

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x7a9f67f2

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x214000 (2179072)

6fec.6004: Resource Dir: 0x19e000 LB 0x74c30

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: NT Layer DLL

6fec.6004: \SystemRoot\System32\kernel32.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:09.965858700Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:09.981491400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.660990400Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xc71d0

6fec.6004: NT Headers: 0xe8


6fec.6004: Timestamp: 0xfe3dc5c1

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0xfe3dc5c1

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xc4000 (802816)

6fec.6004: Resource Dir: 0xc2000 LB 0x520

6fec.6004: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: Windows NT BASE API Client DLL

6fec.6004: \SystemRoot\System32\KernelBase.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:32.854231400Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:32.948038400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.724455100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x3ab8f8

6fec.6004: NT Headers: 0xf0

6fec.6004: Timestamp: 0x83983b0b

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x83983b0b

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x3a4000 (3817472)

6fec.6004: Resource Dir: 0x373000 LB 0x548

6fec.6004: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: Windows NT BASE API Client DLL


6fec.6004: \SystemRoot\System32\apisetschema.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:06.403744400Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:06.403744400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.472291700Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x24580

6fec.6004: NT Headers: 0xc8

6fec.6004: Timestamp: 0xd4ae1653

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0xd4ae1653

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x23000 (143360)

6fec.6004: Resource Dir: 0x22000 LB 0x408

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2070

6fec.6004: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

6fec.6004: FileDescription: ApiSet Schema DLL

6fec.6004: Found driver cfwids (0x20)

6fec.6004: Found driver mfencbdc (0x20)

6fec.6004: Found driver mfehidk (0x20)

6fec.6004: Found driver mfeavfk (0x20)

6fec.6004: Found driver mfefirek (0x20)

6fec.6004: supR3HardenedWinFindAdversaries: 0x20

6fec.6004: \SystemRoot\System32\drivers\cfwids.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:40.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.517289300Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x13040


6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x13000 (77824)

6fec.6004: Resource Dir: 0x11000 LB 0x558

6fec.6004: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191

6fec.6004: FileDescription: McAfee Personal Firewall IDS Plugin

6fec.6004: \SystemRoot\System32\drivers\mfeavfk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.297767900Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x55640

6fec.6004: NT Headers: 0xf0

6fec.6004: Timestamp: 0x62b93070

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b93070

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x54000 (344064)

6fec.6004: Resource Dir: 0x52000 LB 0x760

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191


6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

6fec.6004: FileDescription: Anti-Virus File System Filter Driver

6fec.6004: \SystemRoot\System32\drivers\mfefirek.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.266521400Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x6cc40

6fec.6004: NT Headers: 0xe8

6fec.6004: Timestamp: 0x62b93093

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b93093

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x6c000 (442368)

6fec.6004: Resource Dir: 0x6a000 LB 0x390

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

6fec.6004: FileDescription: McAfee Core Firewall Engine Driver

6fec.6004: \SystemRoot\System32\drivers\mfehidk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:40.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:11.824327000Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xe0a40

6fec.6004: NT Headers: 0x100

6fec.6004: Timestamp: 0x62b9314a


6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9314a

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xe9000 (954368)

6fec.6004: Resource Dir: 0xe6000 LB 0x788

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

6fec.6004: FileDescription: McAfee Link Driver

6fec.6004: \SystemRoot\System32\drivers\mfencbdc.sys:

6fec.6004: CreationTime: 2021-09-16T09:52:14.000000000Z

6fec.6004: LastWriteTime: 2022-07-07T02:24:02.000000000Z

6fec.6004: ChangeTime: 2023-10-05T06:23:25.737631000Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xa2750

6fec.6004: NT Headers: 0xd8

6fec.6004: Timestamp: 0x62bc4151

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62bc4151

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xb3000 (733184)

6fec.6004: Resource Dir: 0xb1000 LB 0x3e0

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Anti-Malware Core

6fec.6004: ProductVersion: 22.7.0

6fec.6004: FileVersion: Anti-Malware Core.22.7.0.567

6fec.6004: PrivateBuild: Anti-Malware Core.22.7.0.567


6fec.6004: FileDescription: Event Driver

6fec.6004: \SystemRoot\System32\drivers\mfewfpk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:11.110295100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x39458

6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x53000 (339968)

6fec.6004: Resource Dir: 0x51000 LB 0x388

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

6fec.6004: FileDescription: Anti-Virus Mini-Firewall Driver

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: Calling main()

6fec.6004: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

6fec.6004: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\


VBoxHeadless.exe)

6fec.6004: SUPR3HardenedMain: Respawn #2

6fec.6004: supR3HardNtEnableThreadCreationEx:
6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae3810000 LB 0x000a6000 C:\
WINDOWS\System32\sechost.dll [fFlags=0x0]

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\sechost.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


sechost.dll

6fec.6004: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\ntdll.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


ntdll.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll


(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\


WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll


(Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'C:\


WINDOWS\System32\KernelBase.dll'

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\apphelp.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


apphelp.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll


(rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]

6fec.6004: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffadf050000 LB 0x00097000 C:\


WINDOWS\system32\apphelp.dll [fFlags=0x0]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll
(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\


WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll


(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\


WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf050000 'C:\


WINDOWS\system32\apphelp.dll'

6fec.6004: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0


pvNtTerminateThread=00007ffae4caf7a0

6fec.6004: supR3HardenedWinDoReSpawn(2): New child 5758.5ee8 [kernel32].

6fec.6004: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed:


0xc0000022 (harmless)

6fec.6004: supR3HardNtChildGatherData: PebBaseAddress=0000008a53b22000 cbPeb=0x388

6fec.6004: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae4c10000


uNtDllChildAddr=00007ffae4c10000

6fec.6004: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae4c83de0

6fec.6004: supR3HardenedWinSetupChildInit: Initial context:

rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c635b5a0 rdx=0000008a53b22000

rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000

r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000

rip=00007ffae4c6aa40 rsp=0000008a53cff888 rbp=0000000000000000 ctxflags=0010001b

cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80

P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000

dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000


dr3=0000000000000000

dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000

lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000


6fec.6004: kernel32.dll: timestamp 0xfe3dc5c1 (rc=VINF_SUCCESS)

6fec.6004: supR3HardenedWinSetupChildInit: Start child.

6fec.6004: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after


0 ms.

6fec.6004: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 32 sleeps

6fec.6004: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

6fec.6004: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe3000-0000008a539fffff 0x0001/0x0000 0x0000000

6fec.6004: *0000008a53a00000-0000008a53b21fff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53b22000-0000008a53b24fff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53b25000-0000008a53bfffff 0x0000/0x0004 0x0020000

6fec.6004: *0000008a53c00000-0000008a53cfafff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53cfb000-0000008a53cfdfff 0x0104/0x0004 0x0020000

6fec.6004: 0000008a53cfe000-0000008a53cfffff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53d00000-0000025e70ddffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70de0000-0000025e70dfffff 0x0004/0x0004 0x0020000

6fec.6004: *0000025e70e00000-0000025e70e1efff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e1f000-0000025e70e1ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e20000-0000025e70e23fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e24000-0000025e70e2ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e30000-0000025e70e30fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e31000-0000025e70e3ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e40000-0000025e70e41fff 0x0004/0x0004 0x0020000

6fec.6004: 0000025e70e42000-00007df5c40effff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c40f0000-00007df5c40f0fff 0x0002/0x0002 0x0040000

6fec.6004: 00007df5c40f1000-00007df5c40fffff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c4100000-00007df5c5a57fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5a58000-00007df5c5b15fff 0x0001/0x0001 0x0040000


6fec.6004: 00007df5c5b16000-00007df5c5ee3fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5ee4000-00007df5c5ee4fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5ee5000-00007ff59f28cfff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff59f28d000-00007ff59f291fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff59f292000-00007ff5ac3eafff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5ac3eb000-00007ff5afa2ffff 0x0001/0x0001 0x0040000

6fec.6004: 00007ff5afa30000-00007ff5afa38fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff5afa39000-00007ff5c40fffff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5c4100000-00007ff6c634ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c640f000-00007ff6c640ffff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6410000-00007ff6c6410fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6411000-00007ff6c6415fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6416000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d8e000-00007ffae4d99fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll
6fec.6004: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

6fec.6004: VBoxHeadless.exe: timestamp 0x652832c2 (rc=VINF_SUCCESS)

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

6fec.6004: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

6fec.6004: 00007ff6c64625f8 / 0x01125f8: 00 != 50

6fec.6004: 00007ff6c64625f9 / 0x01125f9: 00 != 41

6fec.6004: 00007ff6c64625fa / 0x01125fa: 00 != 44

6fec.6004: 00007ff6c64625fb / 0x01125fb: 00 != 44

6fec.6004: 00007ff6c64625fc / 0x01125fc: 00 != 49

6fec.6004: 00007ff6c64625fd / 0x01125fd: 00 != 4e

6fec.6004: 00007ff6c64625fe / 0x01125fe: 00 != 47

6fec.6004: 00007ff6c64625ff / 0x01125ff: 00 != 58

6fec.6004: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

6fec.6004: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

6fec.6004: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20

6fec.6004: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 32 sleeps

6fec.6004: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

6fec.6004: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe3000-0000008a539fffff 0x0001/0x0000 0x0000000

6fec.6004: *0000008a53a00000-0000008a53b21fff 0x0000/0x0004 0x0020000


6fec.6004: 0000008a53b22000-0000008a53b24fff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53b25000-0000008a53bfffff 0x0000/0x0004 0x0020000

6fec.6004: *0000008a53c00000-0000008a53cfafff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53cfb000-0000008a53cfdfff 0x0104/0x0004 0x0020000

6fec.6004: 0000008a53cfe000-0000008a53cfffff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53d00000-0000025e70ddffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70de0000-0000025e70dfffff 0x0004/0x0004 0x0020000

6fec.6004: *0000025e70e00000-0000025e70e1efff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e1f000-0000025e70e1ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e20000-0000025e70e23fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e24000-0000025e70e2ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e30000-0000025e70e30fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e31000-0000025e70e3ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e40000-0000025e70e41fff 0x0004/0x0004 0x0020000

6fec.6004: 0000025e70e42000-00007df5c40effff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c40f0000-00007df5c40f0fff 0x0002/0x0002 0x0040000

6fec.6004: 00007df5c40f1000-00007df5c40fffff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c4100000-00007df5c5a57fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5a58000-00007df5c5b15fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5b16000-00007df5c5ee3fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5ee4000-00007df5c5ee4fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5ee5000-00007ff59f28cfff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff59f28d000-00007ff59f291fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff59f292000-00007ff5ac3eafff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5ac3eb000-00007ff5afa2ffff 0x0001/0x0001 0x0040000

6fec.6004: 00007ff5afa30000-00007ff5afa38fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff5afa39000-00007ff5c40fffff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5c4100000-00007ff6c634ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe
6fec.6004: 00007ff6c63bb000-00007ff6c63bbfff 0x0040/0x0080 0x1000000 \Device\
HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c640f000-00007ff6c641bfff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d8e000-00007ffae4d91fff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d92000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\


HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

6fec.6004: supR3HardNtChildPurify: Done after 1046 ms and 1 fixes (loop #1).

6fec.6004: supR3HardenedEarlyCompact: Removed heap 1 (0x0002c238a40000 LB 0x800000)

5758.5ee8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae4c10000


g_uNtVerCombined=0xa0585d00 (stack ~0000008a53cfe650)

6fec.6004: supR3HardNtEnableThreadCreationEx:

5758.5ee8: ntdll.dll: timestamp 0x7a9f67f2 (rc=VINF_SUCCESS)

5758.5ee8: New simple heap: #1 0000025e70f50000 LB 0x800000 (for 2179072 allocation)

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'


5758.5ee8: System32: \Device\HarddiskVolume3\Windows\System32

5758.5ee8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

5758.5ee8: KnownDllPath: C:\WINDOWS\System32

5758.5ee8: supR3HardenedVmProcessInit: Opening vboxsup...

5758.5ee8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...

5758.5ee8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...

5758.5ee8: Registered Dll notification callback with NTDLL.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\kernel32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


kernel32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL


(Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae21d0000 LB 0x003a4000 C:\


WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\KernelBase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


KernelBase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3740000 LB 0x000c4000 C:\


WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\


WINDOWS\System32\KERNEL32.DLL'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ff6c6350000 LB 0x00114000 D:\


VBoxHeadless.exe [fFlags=0x0]

5758.5ee8: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

5758.5ee8: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\


VBoxHeadless.exe)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxHeadless.exe

5758.5ee8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0


pvNtTerminateThread=00007ffae4caf7a0

5758.5ee8: \SystemRoot\System32\ntdll.dll:
5758.5ee8: CreationTime: 2023-10-05T06:15:31.963703500Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:32.010636100Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.724455100Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x212fa0

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x7a9f67f2

6fec.6004: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 89 ms.

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x7a9f67f2

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x214000 (2179072)

5758.5ee8: Resource Dir: 0x19e000 LB 0x74c30

5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: NT Layer DLL

5758.5ee8: \SystemRoot\System32\kernel32.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:09.965858700Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:09.981491400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.660990400Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xc71d0

5758.5ee8: NT Headers: 0xe8

5758.5ee8: Timestamp: 0xfe3dc5c1

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0xfe3dc5c1

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xc4000 (802816)


5758.5ee8: Resource Dir: 0xc2000 LB 0x520

5758.5ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: Windows NT BASE API Client DLL

5758.5ee8: \SystemRoot\System32\KernelBase.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:32.854231400Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:32.948038400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.724455100Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x3ab8f8

5758.5ee8: NT Headers: 0xf0

5758.5ee8: Timestamp: 0x83983b0b

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x83983b0b

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x3a4000 (3817472)

5758.5ee8: Resource Dir: 0x373000 LB 0x548

5758.5ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: Windows NT BASE API Client DLL

5758.5ee8: \SystemRoot\System32\apisetschema.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:06.403744400Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:06.403744400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.472291700Z

5758.5ee8: FileAttributes: 0x20


5758.5ee8: Size: 0x24580

5758.5ee8: NT Headers: 0xc8

5758.5ee8: Timestamp: 0xd4ae1653

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0xd4ae1653

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x23000 (143360)

5758.5ee8: Resource Dir: 0x22000 LB 0x408

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2070

5758.5ee8: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

5758.5ee8: FileDescription: ApiSet Schema DLL

5758.5ee8: Found driver cfwids (0x20)

5758.5ee8: Found driver mfencbdc (0x20)

5758.5ee8: Found driver mfehidk (0x20)

5758.5ee8: Found driver mfeavfk (0x20)

5758.5ee8: Found driver mfefirek (0x20)

5758.5ee8: supR3HardenedWinFindAdversaries: 0x20

5758.5ee8: \SystemRoot\System32\drivers\cfwids.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:40.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.517289300Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x13040

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Image Version: 10.0


5758.5ee8: SizeOfImage: 0x13000 (77824)

5758.5ee8: Resource Dir: 0x11000 LB 0x558

5758.5ee8: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191

5758.5ee8: FileDescription: McAfee Personal Firewall IDS Plugin

5758.5ee8: \SystemRoot\System32\drivers\mfeavfk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.297767900Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x55640

5758.5ee8: NT Headers: 0xf0

5758.5ee8: Timestamp: 0x62b93070

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b93070

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x54000 (344064)

5758.5ee8: Resource Dir: 0x52000 LB 0x760

5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

5758.5ee8: FileDescription: Anti-Virus File System Filter Driver

5758.5ee8: \SystemRoot\System32\drivers\mfefirek.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z


5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.266521400Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x6cc40

5758.5ee8: NT Headers: 0xe8

5758.5ee8: Timestamp: 0x62b93093

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b93093

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x6c000 (442368)

5758.5ee8: Resource Dir: 0x6a000 LB 0x390

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

5758.5ee8: FileDescription: McAfee Core Firewall Engine Driver

5758.5ee8: \SystemRoot\System32\drivers\mfehidk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:40.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:11.824327000Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xe0a40

5758.5ee8: NT Headers: 0x100

5758.5ee8: Timestamp: 0x62b9314a

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9314a

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xe9000 (954368)

5758.5ee8: Resource Dir: 0xe6000 LB 0x788


5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

5758.5ee8: FileDescription: McAfee Link Driver

5758.5ee8: \SystemRoot\System32\drivers\mfencbdc.sys:

5758.5ee8: CreationTime: 2021-09-16T09:52:14.000000000Z

5758.5ee8: LastWriteTime: 2022-07-07T02:24:02.000000000Z

5758.5ee8: ChangeTime: 2023-10-05T06:23:25.737631000Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xa2750

5758.5ee8: NT Headers: 0xd8

5758.5ee8: Timestamp: 0x62bc4151

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62bc4151

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xb3000 (733184)

5758.5ee8: Resource Dir: 0xb1000 LB 0x3e0

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Anti-Malware Core

5758.5ee8: ProductVersion: 22.7.0

5758.5ee8: FileVersion: Anti-Malware Core.22.7.0.567

5758.5ee8: PrivateBuild: Anti-Malware Core.22.7.0.567

5758.5ee8: FileDescription: Event Driver

5758.5ee8: \SystemRoot\System32\drivers\mfewfpk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:11.110295100Z


5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x39458

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x53000 (339968)

5758.5ee8: Resource Dir: 0x51000 LB 0x388

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

5758.5ee8: FileDescription: Anti-Virus Mini-Firewall Driver

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

5758.5ee8: Calling main()

5758.5ee8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

5758.5ee8: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

5758.5ee8: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\


VBoxHeadless.exe)

5758.5ee8: SUPR3HardenedMain: Final process, opening VBoxDrv...

5758.5ee8: supR3HardenedEarlyCompact: Removed heap 1 (0x00025e70f50000 LB 0x800000)

5758.5ee8: supR3HardNtEnableThreadCreationEx:

5758.5ee8: \Device\HarddiskVolume5\VBoxSupLib.dll: Signature #1/2: info status: 24202

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\


VBoxSupLib.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxSupLib.dll


5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL
(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\


HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffadaec0000 LB 0x00005000 D:\


VBoxSupLib.DLL [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\


HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\


HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\


VBoxSupLib.DLL'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\


HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\


VBoxSupLib.DLL'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\


VBoxSupLib.DLL'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\wintrust.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


wintrust.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\rpcrt4.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


rpcrt4.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...


5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\
HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\msvcrt.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


msvcrt.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3ac0000 LB 0x000a7000 C:\


WINDOWS\System32\msvcrt.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3380000 LB 0x00117000 C:\


WINDOWS\System32\RPCRT4.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1ff0000 LB 0x0006b000 C:\


WINDOWS\System32\Wintrust.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae27c0000 LB 0x00111000 C:\


WINDOWS\System32\ucrtbase.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\ucrtbase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


ucrtbase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae2060000 LB 0x00166000 C:\


WINDOWS\System32\CRYPT32.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\crypt32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


crypt32.dll

5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -


> 0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0


(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-


ms-win-core-synch-l1-2-0'
5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) ->
0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1


(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-


ms-win-core-fibers-l1-1-1'

5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -


> 0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0


(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-


ms-win-core-synch-l1-2-0'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\msasn1.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


msasn1.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1830000 LB 0x00012000 C:\


WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1ff0000 'C:\


WINDOWS\system32\Wintrust.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\bcrypt.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


bcrypt.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1990000 LB 0x00028000 C:\


WINDOWS\system32\bcrypt.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1990000 'C:\


WINDOWS\system32\bcrypt.dll'

5758.5ee8: bcrypt.dll loaded at 00007ffae1990000, BCryptOpenAlgorithmProvider at


00007ffae1994520, preloading providers:
5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\
System32\bcryptprimitives.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


bcryptprimitives.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\


bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae2580000 LB 0x0007a000 C:\


WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2580000 'C:\


WINDOWS\system32\bcryptprimitives.dll'

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000025e71911170)

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000025e71911e10)

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000025e71912160)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000025e719124b0)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000025e71912800)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000025e71912b50)

5758.5ee8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000025e71912ea0)

5758.5ee8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000025e719131f0)

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\cryptsp.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


cryptsp.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae17d0000 LB 0x0001b000 C:\


WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\rsaenh.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


rsaenh.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1070000 LB 0x00035000 C:\


WINDOWS\system32\rsaenh.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\cryptbase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


cryptbase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae17f0000 LB 0x0000c000 C:\


WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll


(Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\


WINDOWS\System32\kernel32.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL


(Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1ff0000 'C:\


WINDOWS\System32\WINTRUST.DLL'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\CRYPT32.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae45d0000 LB 0x0001f000 C:\


WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\
System32\imagehlp.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


imagehlp.dll

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3810000 LB 0x000a6000 C:\


WINDOWS\System32\sechost.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\sechost.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


sechost.dll

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\gpapi.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


gpapi.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1610000 LB 0x00026000 C:\


WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\cryptnet.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


cryptnet.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\


HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\


HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\


HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffad32a0000 LB 0x00032000 C:\


Windows\System32\cryptnet.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll
(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll


(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'
5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


Windows\System32\cryptnet.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\profapi.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


profapi.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1ef0000 LB 0x00026000 C:\


WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\


WINDOWS\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3d00000 LB 0x000b0000 C:\


WINDOWS\System32\advapi32.dll [fFlags=0x0]

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\advapi32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


advapi32.dll

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...


5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\
HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\


HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\


HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\


SystemRoot\System32\ntdll.dll

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000025e719e0c80

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000025e719e0c80

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20


wszDigest=5D11066B1F9EC554A1F657EEF2032F2ACE968E6A

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll


(Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3380000 'C:\
WINDOWS\System32\rpcrt4.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\


system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-
Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.2283.cat'; file='\SystemRoot\
System32\ntdll.dll'

5758.5ee8: g_pfnWinVerifyTrust=00007ffae20024c0

5758.5ee8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\


HarddiskVolume3\Windows\System32\crypt32.dll'
5758.5ee8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\


HarddiskVolume3\Windows\System32\wintrust.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\advapi32.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\profapi.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\
WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\gpapi.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\sechost.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\imagehlp.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rsaenh.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll


(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\cryptsp.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\bcrypt.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\
WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\msasn1.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\msvcrt.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\


Device\HarddiskVolume5\VBoxSupLib.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\


Device\HarddiskVolume5\VBoxHeadless.exe'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'
5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\
Device\HarddiskVolume3\Windows\System32\KernelBase.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\


Device\HarddiskVolume3\Windows\System32\kernel32.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\system32\crypt32.dll'

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com,


DC=microsoft, CN=Microsoft Root Certificate Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western


Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater


Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c)


1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec


Corporation, CN=Symantec Enterprise Mobile Root for Microsoft

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US,


ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority
2011

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT,


CN=Microsoft Authenticode(tm) Root Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US,


ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority
2010

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US,


ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate
Authority 2018

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust


Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c)
1997 Microsoft Corp.

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust


Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED,
(c)97 VeriSign, Inc.
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US,
ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate
Authority 2018

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US,


ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate
Authority 2014

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft


Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc.,


OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte
Primary Root CA - G3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert


Inc, OU=www.digicert.com, CN=DigiCert Global Root G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis


Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert


Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature


Trust Co., CN=DST Root CA X3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root


CA - R3, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore,


OU=CyberTrust, CN=Baltimore CyberTrust Root

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater


Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet


Security Research Group, CN=ISRG Root X1

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona,


L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign


nv-sa, OU=Root CA, CN=GlobalSign Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield


Technologies, Inc., OU=Starfield Class 2 Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert


Inc, OU=www.digicert.com, CN=DigiCert Global Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc.,


OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte
Primary Root CA
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc.,
OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only,
CN=Entrust Root Certification Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust


Corporation, CN=SecureTrust CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root


CA - R6, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc,


OU=www.digicert.com, CN=DigiCert Global Root G3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign,


Inc., OU=Class 3 Public Primary Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc,


OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM


Trust Systems CO.,LTD., OU=Security Communication RootCA2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert,


Inc., CN=DigiCert CS RSA4096 Root G5

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net,


OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited,
CN=Entrust.net Certification Authority (2048)

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign


nv-sa, CN=GlobalSign Code Signing Root R45

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign,


Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 3 Public Primary Certification Authority - G5

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona,


L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign,


Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign
Universal Root Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New


Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go


Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC


Root CA - R5, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto


Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert
Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB,


OU=AddTrust External TTP Network, CN=AddTrust External CA Root

5758.5ee8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=47

5758.5ee8: SUPR3HardenedMain: Load Runtime...

5758.5ee8: \Device\HarddiskVolume5\VBoxRT.dll: Signature #1/2: info status: 24202

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\VBoxRT.dll)


WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxRT.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\


HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\ws2_32.dll) WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


ws2_32.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rpcrt4.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\


HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\rpcrt4.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\


System32\msvcp140.dll) WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\


msvcp140.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\


HarddiskVolume5\vcruntime140_1.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #1/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\


HarddiskVolume5\vcruntime140_1.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #1/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: Detected WinVerifyTrust recursion: rc=-5659 '\Device\HarddiskVolume5\


vcruntime140_1.dll'.
5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\
vcruntime140_1.dll)

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \


Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\


HarddiskVolume5\vcruntime140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140.dll: Signature #1/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x8e79cd85/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140.dll: Signature #2/2:


VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x8e79cd85/link.

5758.5ee8: Detected WinVerifyTrust recursion: rc=-5659 '\Device\HarddiskVolume5\


vcruntime140.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\


vcruntime140.dll)

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \


Device\HarddiskVolume5\vcruntime140.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\


WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll


(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\


WINDOWS\System32\crypt32.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\


vcruntime140_1.dll) WinVerifyTrust

5758.5ee8: Error (rc=0):


5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \
Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\


HarddiskVolume5\vcruntime140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (-5659) on \Device\HarddiskVolume5\


vcruntime140.dll [lacks WinVerifyTrust]

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: cached rc=-5659 fImage=1 fProtect=0x0


fAccess=0x0 cHits=1 \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxRT.dll (rcNtResolve=0xc0150008)


*pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\


HarddiskVolume5\VBoxRT.dll

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (-5659) on \Device\


HarddiskVolume5\vcruntime140.dll [lacks WinVerifyTrust]

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cached rc=-5659 fImage=1 fProtect=0x10


fAccess=0xd cHits=2 \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'D:\VBoxRT.dll'

5758.5ee8: Error -610 in supR3HardenedMainInitRuntime! (enmWhat=4)

5758.5ee8: LoadLibrary "D:/VBoxRT.dll" failed (rc=1790)

6fec.6004: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0,


rcNt2=0x103, rcNt3=0x103, 395 ms, the end);

4c84.6498: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0,


rcNt2=0x103, rcNt3=0x103, 1578 ms, the end);

You might also like