4c84.6498: \SystemRoot\System32\ntdll.

dll:

4c84.6498: CreationTime: 2023-10-05T06:15:31.963703500Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:32.010636100Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.724455100Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x212fa0

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x7a9f67f2

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x7a9f67f2

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x214000 (2179072)

4c84.6498: Resource Dir: 0x19e000 LB 0x74c30

4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: NT Layer DLL

4c84.6498: \SystemRoot\System32\kernel32.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:09.965858700Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:09.981491400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.660990400Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xc71d0

4c84.6498: NT Headers: 0xe8

4c84.6498: Timestamp: 0xfe3dc5c1

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0xfe3dc5c1

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xc4000 (802816)

4c84.6498: Resource Dir: 0xc2000 LB 0x520

4c84.6498: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: Windows NT BASE API Client DLL

4c84.6498: \SystemRoot\System32\KernelBase.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:32.854231400Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:32.948038400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.724455100Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x3ab8f8

4c84.6498: NT Headers: 0xf0

4c84.6498: Timestamp: 0x83983b0b

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x83983b0b

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x3a4000 (3817472)

4c84.6498: Resource Dir: 0x373000 LB 0x548

4c84.6498: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2215

4c84.6498: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

4c84.6498: FileDescription: Windows NT BASE API Client DLL

4c84.6498: \SystemRoot\System32\apisetschema.dll:

4c84.6498: CreationTime: 2023-10-05T06:15:06.403744400Z

4c84.6498: LastWriteTime: 2023-10-05T06:15:06.403744400Z

4c84.6498: ChangeTime: 2023-10-14T08:27:05.472291700Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x24580

4c84.6498: NT Headers: 0xc8

4c84.6498: Timestamp: 0xd4ae1653

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0xd4ae1653

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x23000 (143360)

4c84.6498: Resource Dir: 0x22000 LB 0x408

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Microsoft® Windows® Operating System

4c84.6498: ProductVersion: 10.0.22621.2070

4c84.6498: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

4c84.6498: FileDescription: ApiSet Schema DLL

4c84.6498: Found driver cfwids (0x20)

4c84.6498: Found driver mfencbdc (0x20)

4c84.6498: Found driver mfehidk (0x20)

4c84.6498: Found driver mfeavfk (0x20)

4c84.6498: Found driver mfefirek (0x20)

4c84.6498: supR3HardenedWinFindAdversaries: 0x20

4c84.6498: \SystemRoot\System32\drivers\cfwids.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:40.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.517289300Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x13040

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x13000 (77824)

4c84.6498: Resource Dir: 0x11000 LB 0x558

4c84.6498: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191

4c84.6498: FileDescription: McAfee Personal Firewall IDS Plugin

4c84.6498: \SystemRoot\System32\drivers\mfeavfk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.297767900Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x55640

4c84.6498: NT Headers: 0xf0

4c84.6498: Timestamp: 0x62b93070

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b93070

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x54000 (344064)

4c84.6498: Resource Dir: 0x52000 LB 0x760

4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

4c84.6498: FileDescription: Anti-Virus File System Filter Driver

4c84.6498: \SystemRoot\System32\drivers\mfefirek.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:12.266521400Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x6cc40

4c84.6498: NT Headers: 0xe8

4c84.6498: Timestamp: 0x62b93093

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b93093

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x6c000 (442368)

4c84.6498: Resource Dir: 0x6a000 LB 0x390

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

4c84.6498: FileDescription: McAfee Core Firewall Engine Driver

4c84.6498: \SystemRoot\System32\drivers\mfehidk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:40.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:11.824327000Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xe0a40

4c84.6498: NT Headers: 0x100

4c84.6498: Timestamp: 0x62b9314a

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9314a

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xe9000 (954368)

4c84.6498: Resource Dir: 0xe6000 LB 0x788

4c84.6498: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

4c84.6498: FileDescription: McAfee Link Driver

4c84.6498: \SystemRoot\System32\drivers\mfencbdc.sys:

4c84.6498: CreationTime: 2021-09-16T09:52:14.000000000Z

4c84.6498: LastWriteTime: 2022-07-07T02:24:02.000000000Z

4c84.6498: ChangeTime: 2023-10-05T06:23:25.737631000Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0xa2750

4c84.6498: NT Headers: 0xd8

4c84.6498: Timestamp: 0x62bc4151

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62bc4151

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0xb3000 (733184)

4c84.6498: Resource Dir: 0xb1000 LB 0x3e0

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: Anti-Malware Core

4c84.6498: ProductVersion: 22.7.0

4c84.6498: FileVersion: Anti-Malware Core.22.7.0.567

4c84.6498: PrivateBuild: Anti-Malware Core.22.7.0.567

4c84.6498: FileDescription: Event Driver

4c84.6498: \SystemRoot\System32\drivers\mfewfpk.sys:

4c84.6498: CreationTime: 2021-09-28T22:02:42.000000000Z

4c84.6498: LastWriteTime: 2022-09-14T20:55:50.000000000Z

4c84.6498: ChangeTime: 2023-10-04T16:58:11.110295100Z

4c84.6498: FileAttributes: 0x20

4c84.6498: Size: 0x39458

4c84.6498: NT Headers: 0xe0

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Machine: 0x8664 - amd64

4c84.6498: Timestamp: 0x62b9306e

4c84.6498: Image Version: 10.0

4c84.6498: SizeOfImage: 0x53000 (339968)

4c84.6498: Resource Dir: 0x51000 LB 0x388

4c84.6498: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

4c84.6498: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

4c84.6498: ProductName: SYSCORE

4c84.6498: ProductVersion: 22.7.0.191

4c84.6498: FileVersion: SYSCORE.22.7.0.191

4c84.6498: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

4c84.6498: FileDescription: Anti-Virus Mini-Firewall Driver

4c84.6498: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

4c84.6498: Calling main()

4c84.6498: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

4c84.6498: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

4c84.6498: SUPR3HardenedMain: Respawn #1

4c84.6498: System32: \Device\HarddiskVolume3\Windows\System32

4c84.6498: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

4c84.6498: KnownDllPath: C:\WINDOWS\System32

4c84.6498: supR3HardenedWinInit: Performing a limited self purification...

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000552ae9ffff 0x0001/0x0000 0x0000000

4c84.6498: *000000552aea0000-000000552af50fff 0x0000/0x0004 0x0020000

4c84.6498: 000000552af51000-000000552af53fff 0x0104/0x0004 0x0020000

4c84.6498: 000000552af54000-000000552af9ffff 0x0004/0x0004 0x0020000

4c84.6498: 000000552afa0000-000000552affffff 0x0001/0x0000 0x0000000

4c84.6498: *000000552b000000-000000552b089fff 0x0000/0x0004 0x0020000

4c84.6498: 000000552b08a000-000000552b08cfff 0x0004/0x0004 0x0020000

4c84.6498: 000000552b08d000-000000552b1fffff 0x0000/0x0004 0x0020000

4c84.6498: 000000552b200000-000001ba7598ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75990000-000001ba7599ffff 0x0004/0x0004 0x0040000

4c84.6498: *000001ba759a0000-000001ba759a2fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759a3000-000001ba759affff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759b0000-000001ba759cefff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759cf000-000001ba759cffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759d0000-000001ba759d3fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759d4000-000001ba759dffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759e0000-000001ba759e0fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba759e1000-000001ba759effff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba759f0000-000001ba759f1fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba759f2000-000001ba759fffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a00000-000001ba75a02fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a03000-000001ba75a0ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a10000-000001ba75a11fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75a12000-000001ba75a71fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75a72000-000001ba75a7ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a80000-000001ba75a80fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a81000-000001ba75a8ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75a90000-000001ba75a90fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75a91000-000001ba75a9ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75aa0000-000001ba75aa0fff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75aa1000-000001ba75aaffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75ab0000-000001ba75ab1fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75ab2000-000001ba75b11fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75b12000-000001ba75b3ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75b40000-000001ba75b50fff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75b51000-000001ba75c3ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75c40000-000001ba75d0dfff 0x0002/0x0002 0x0040000

4c84.6498: 000001ba75d0e000-000001ba75d0ffff 0x0001/0x0000 0x0000000

4c84.6498: *000001ba75d10000-000001ba75d3dfff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75d3e000-000001ba75e0ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75e10000-000001ba75e1efff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba75e1f000-000001ba75e1ffff 0x0000/0x0004 0x0020000

4c84.6498: *000001ba75e20000-000001ba75e29fff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba75e2a000-000001ba7603efff 0x0004/0x0004 0x0020000

4c84.6498: 000001ba7603f000-000001ba7603ffff 0x0000/0x0004 0x0020000

4c84.6498: 000001ba76040000-00007df471ecffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df471ed0000-00007df471ed4fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df471ed5000-00007df471fcffff 0x0000/0x0002 0x0040000

4c84.6498: *00007df471fd0000-00007df571feffff 0x0000/0x0004 0x0020000

4c84.6498: *00007df571ff0000-00007df573feffff 0x0000/0x0004 0x0020000

4c84.6498: 00007df573ff0000-00007df573ff0fff 0x0004/0x0004 0x0020000

4c84.6498: 00007df573ff1000-00007df573ffffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df574000000-00007df574000fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df574001000-00007df57400ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df574010000-00007df575967fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df575968000-00007df575a25fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df575a26000-00007df575df3fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df575df4000-00007df575df4fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df575df5000-00007ff54f19cfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff54f19d000-00007ff54f1a1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff54f1a2000-00007ff55c2fafff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff55c2fb000-00007ff55f7d0fff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f7d1000-00007ff55f7d3fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f7d4000-00007ff55f896fff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f897000-00007ff55f8a5fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f8a6000-00007ff55f8ecfff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f8ed000-00007ff55f8f0fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f8f1000-00007ff55f93ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff55f940000-00007ff55f948fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff55f949000-00007ff57400ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff574010000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c6411fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6412000-00007ff6c6414fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6415000-00007ff6c6417fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6418000-00007ff6c6418fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6419000-00007ff6c641afff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641b000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffadf04ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffadf050000-00007ffadf050fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf051000-00007ffadf0a2fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\apphelp.dll
4c84.6498: 00007ffadf0a3000-00007ffadf0c6fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0c7000-00007ffadf0c9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0ca000-00007ffadf0e6fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\apphelp.dll

4c84.6498: 00007ffadf0e7000-00007ffae21cffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae21d0000-00007ffae21d0fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae21d1000-00007ffae235ffff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2360000-00007ffae2523fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2524000-00007ffae2528fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2529000-00007ffae2573fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll

4c84.6498: 00007ffae2574000-00007ffae373ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae3740000-00007ffae3740fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae3741000-00007ffae37c1fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37c2000-00007ffae37f8fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37f9000-00007ffae37f9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37fa000-00007ffae37fafff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae37fb000-00007ffae3803fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\kernel32.dll

4c84.6498: 00007ffae3804000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll
4c84.6498: 00007ffae4d8e000-00007ffae4d8efff 0x0004/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8f000-00007ffae4d90fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d91000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: kernel32.dll: timestamp 0xfe3dc5c1 (rc=VINF_SUCCESS)

4c84.6498: kernelbase.dll: timestamp 0x83983b0b (rc=VINF_SUCCESS)

4c84.6498: apphelp.dll: timestamp 0x3ff675f6 (rc=VINF_SUCCESS)

4c84.6498: VBoxHeadless.exe: timestamp 0x652832c2 (rc=VINF_SUCCESS)

4c84.6498: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

4c84.6498: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

4c84.6498: VBoxHeadless.exe: Differences in section #7 (.00cfg) between file and memory:

4c84.6498: 00007ff6c6423000 / 0x00d3000: 00 != 80

4c84.6498: 00007ff6c6423001 / 0x00d3001: 0b != ea

4c84.6498: 00007ff6c6423002 / 0x00d3002: 37 != c9

4c84.6498: 00007ff6c6423003 / 0x00d3003: c6 != e4

4c84.6498: 00007ff6c6423004 / 0x00d3004: f6 != fa

4c84.6498: 00007ff6c6423008 / 0x00d3008: 00 != 80

4c84.6498: 00007ff6c6423009 / 0x00d3009: 0b != ea

4c84.6498: 00007ff6c642300a / 0x00d300a: 37 != c9

4c84.6498: 00007ff6c642300b / 0x00d300b: c6 != e4

4c84.6498: 00007ff6c642300c / 0x00d300c: f6 != fa

4c84.6498: 00007ff6c6423010 / 0x00d3010: 30 != c0

4c84.6498: 00007ff6c6423011 / 0x00d3011: a8 != eb

4c84.6498: 00007ff6c6423012 / 0x00d3012: 3b != c9

4c84.6498: 00007ff6c6423013 / 0x00d3013: c6 != e4

4c84.6498: 00007ff6c6423014 / 0x00d3014: f6 != fa

4c84.6498: 00007ff6c6423018 / 0x00d3018: 50 != c0

4c84.6498: 00007ff6c6423019 / 0x00d3019: a8 != eb

4c84.6498: 00007ff6c642301a / 0x00d301a: 3b != c9

4c84.6498: 00007ff6c642301b / 0x00d301b: c6 != e4

4c84.6498: 00007ff6c642301c / 0x00d301c: f6 != fa

4c84.6498: 00007ff6c6423020 / 0x00d3020: 50 != c0

4c84.6498: 00007ff6c6423021 / 0x00d3021: a8 != eb

4c84.6498: 00007ff6c6423022 / 0x00d3022: 3b != c9

4c84.6498: 00007ff6c6423023 / 0x00d3023: c6 != e4

4c84.6498: 00007ff6c6423024 / 0x00d3024: f6 != fa

4c84.6498: Restored 0x28 bytes of original file content at 00007ff6c6423000

4c84.6498: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

4c84.6498: 00007ff6c64625f8 / 0x01125f8: 00 != 50

4c84.6498: 00007ff6c64625f9 / 0x01125f9: 00 != 41

4c84.6498: 00007ff6c64625fa / 0x01125fa: 00 != 44

4c84.6498: 00007ff6c64625fb / 0x01125fb: 00 != 44

4c84.6498: 00007ff6c64625fc / 0x01125fc: 00 != 49

4c84.6498: 00007ff6c64625fd / 0x01125fd: 00 != 4e

4c84.6498: 00007ff6c64625fe / 0x01125fe: 00 != 47

4c84.6498: 00007ff6c64625ff / 0x01125ff: 00 != 58

4c84.6498: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

4c84.6498: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

4c84.6498: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:

4c84.6498: 00007ffae4dad000 / 0x019d000: 00 != c0

4c84.6498: 00007ffae4dad001 / 0x019d001: 2a != eb

4c84.6498: 00007ffae4dad002 / 0x019d002: cb != c9

4c84.6498: 00007ffae4dad008 / 0x019d008: 70 != 80

4c84.6498: 00007ffae4dad009 / 0x019d009: e9 != ea

4c84.6498: 00007ffae4dad010 / 0x019d010: 20 != c0

4c84.6498: 00007ffae4dad011 / 0x019d011: 2a != eb

4c84.6498: 00007ffae4dad012 / 0x019d012: cb != c9

4c84.6498: 00007ffae4dad018 / 0x019d018: 20 != c0

4c84.6498: 00007ffae4dad019 / 0x019d019: 2a != eb

4c84.6498: 00007ffae4dad01a / 0x019d01a: cb != c9

4c84.6498: Restored 0x28 bytes of original file content at 00007ffae4dad000

4c84.6498: kernel32.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae37c5be0 / 0x0085be0: 30 != 40

4c84.6498: 00007ffae37c5be1 / 0x0085be1: f9 != 85

4c84.6498: 00007ffae37c5be2 / 0x0085be2: ca != 09

4c84.6498: 00007ffae37c5be3 / 0x0085be3: e4 != df

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae37c4000

4c84.6498: kernel32.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae37c6000 / 0x0086000: 20 != 50

4c84.6498: 00007ffae37c6001 / 0x0086001: f2 != 7b

4c84.6498: 00007ffae37c6002 / 0x0086002: ca != 06

4c84.6498: 00007ffae37c6003 / 0x0086003: e4 != df

4c84.6498: 00007ffae37c6180 / 0x0086180: e0 != 50

4c84.6498: 00007ffae37c6181 / 0x0086181: f7 != 83

4c84.6498: 00007ffae37c6182 / 0x0086182: ca != 09

4c84.6498: 00007ffae37c6183 / 0x0086183: e4 != df

4c84.6498: 00007ffae37c6568 / 0x0086568: e0 != 50

4c84.6498: 00007ffae37c6569 / 0x0086569: f7 != 83

4c84.6498: 00007ffae37c656a / 0x008656a: ca != 09

4c84.6498: 00007ffae37c656b / 0x008656b: e4 != df

4c84.6498: 00007ffae37c66d8 / 0x00866d8: 70 != 80

4c84.6498: 00007ffae37c66d9 / 0x00866d9: ff != ea

4c84.6498: 00007ffae37c66da / 0x00866da: 75 != c9

4c84.6498: 00007ffae37c66db / 0x00866db: e3 != e4

4c84.6498: 00007ffae37c66e0 / 0x00866e0: 40 != c0

4c84.6498: 00007ffae37c66e1 / 0x00866e1: 42 != eb

4c84.6498: 00007ffae37c66e2 / 0x00866e2: 76 != c9

4c84.6498: 00007ffae37c66e3 / 0x00866e3: e3 != e4

4c84.6498: 00007ffae37c66e8 / 0x00866e8: 70 != 80

4c84.6498: 00007ffae37c66e9 / 0x00866e9: ff != ea

4c84.6498: 00007ffae37c66ea / 0x00866ea: 75 != c9

4c84.6498: 00007ffae37c66eb / 0x00866eb: e3 != e4

4c84.6498: 00007ffae37c66f0 / 0x00866f0: 60 != c0

4c84.6498: 00007ffae37c66f1 / 0x00866f1: 42 != eb

4c84.6498: 00007ffae37c66f2 / 0x00866f2: 76 != c9

4c84.6498: 00007ffae37c66f3 / 0x00866f3: e3 != e4

4c84.6498: 00007ffae37c66f8 / 0x00866f8: 60 != c0

4c84.6498: 00007ffae37c66f9 / 0x00866f9: 42 != eb

4c84.6498: 00007ffae37c66fa / 0x00866fa: 76 != c9

4c84.6498: 00007ffae37c66fb / 0x00866fb: e3 != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae37c6000

4c84.6498: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae242ec48 / 0x025ec48: 20 != 50

4c84.6498: 00007ffae242ec49 / 0x025ec49: f2 != 7b

4c84.6498: 00007ffae242ec4a / 0x025ec4a: ca != 06

4c84.6498: 00007ffae242ec4b / 0x025ec4b: e4 != df

4c84.6498: 00007ffae242ec88 / 0x025ec88: e0 != 50

4c84.6498: 00007ffae242ec89 / 0x025ec89: f7 != 83

4c84.6498: 00007ffae242ec8a / 0x025ec8a: ca != 09

4c84.6498: 00007ffae242ec8b / 0x025ec8b: e4 != df

4c84.6498: 00007ffae242edc0 / 0x025edc0: 30 != 40

4c84.6498: 00007ffae242edc1 / 0x025edc1: f9 != 85

4c84.6498: 00007ffae242edc2 / 0x025edc2: ca != 09

4c84.6498: 00007ffae242edc3 / 0x025edc3: e4 != df

4c84.6498: 00007ffae242f5b8 / 0x025f5b8: 30 != 40

4c84.6498: 00007ffae242f5b9 / 0x025f5b9: f9 != 85

4c84.6498: 00007ffae242f5ba / 0x025f5ba: ca != 09

4c84.6498: 00007ffae242f5bb / 0x025f5bb: e4 != df

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae242e000

4c84.6498: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffae24301d0 / 0x02601d0: b0 != 80

4c84.6498: 00007ffae24301d1 / 0x02601d1: 37 != ea

4c84.6498: 00007ffae24301d2 / 0x02601d2: 29 != c9

4c84.6498: 00007ffae24301d3 / 0x02601d3: e2 != e4

4c84.6498: 00007ffae24301d8 / 0x02601d8: 60 != c0

4c84.6498: 00007ffae24301d9 / 0x02601d9: 3b != eb

4c84.6498: 00007ffae24301da / 0x02601da: 29 != c9

4c84.6498: 00007ffae24301db / 0x02601db: e2 != e4

4c84.6498: 00007ffae24301e0 / 0x02601e0: b0 != 80

4c84.6498: 00007ffae24301e1 / 0x02601e1: 37 != ea

4c84.6498: 00007ffae24301e2 / 0x02601e2: 29 != c9

4c84.6498: 00007ffae24301e3 / 0x02601e3: e2 != e4

4c84.6498: 00007ffae24301e8 / 0x02601e8: 80 != c0

4c84.6498: 00007ffae24301e9 / 0x02601e9: 3b != eb

4c84.6498: 00007ffae24301ea / 0x02601ea: 29 != c9

4c84.6498: 00007ffae24301eb / 0x02601eb: e2 != e4

4c84.6498: 00007ffae24301f0 / 0x02601f0: 80 != c0

4c84.6498: 00007ffae24301f1 / 0x02601f1: 3b != eb

4c84.6498: 00007ffae24301f2 / 0x02601f2: 29 != c9

4c84.6498: 00007ffae24301f3 / 0x02601f3: e2 != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffae2430000

4c84.6498: apphelp.dll: Differences in section #2 (.rdata) between file and memory:

4c84.6498: 00007ffadf0a52a0 / 0x00552a0: 50 != f0

4c84.6498: 00007ffadf0a52a1 / 0x00552a1: ff != 55

4c84.6498: 00007ffadf0a52a2 / 0x00552a2: 23 != 75

4c84.6498: 00007ffadf0a52a3 / 0x00552a3: e2 != e3

4c84.6498: 00007ffadf0a52a8 / 0x00552a8: 00 != a0

4c84.6498: 00007ffadf0a52a9 / 0x00552a9: 07 != 61

4c84.6498: 00007ffadf0a52aa / 0x00552aa: 25 != 75

4c84.6498: 00007ffadf0a52ab / 0x00552ab: e2 != e3

4c84.6498: 00007ffadf0a52b0 / 0x00552b0: 70 != 00

4c84.6498: 00007ffadf0a52b1 / 0x00552b1: ef != 45

4c84.6498: 00007ffadf0a52b2 / 0x00552b2: 23 != 75

4c84.6498: 00007ffadf0a52b3 / 0x00552b3: e2 != e3

4c84.6498: 00007ffadf0a52b8 / 0x00552b8: 40 != c0

4c84.6498: 00007ffadf0a52b9 / 0x00552b9: 83 != 97

4c84.6498: 00007ffadf0a52ba / 0x00552ba: 25 != 75

4c84.6498: 00007ffadf0a52bb / 0x00552bb: e2 != e3

4c84.6498: 00007ffadf0a52c0 / 0x00552c0: 60 != 50

4c84.6498: 00007ffadf0a52c1 / 0x00552c1: cb != 27

4c84.6498: 00007ffadf0a52c2 / 0x00552c2: 1d != 74

4c84.6498: 00007ffadf0a52c3 / 0x00552c3: e2 != e3

4c84.6498: 00007ffadf0a52c8 / 0x00552c8: 10 != 60

4c84.6498: 00007ffadf0a52c9 / 0x00552c9: c5 != 01

4c84.6498: 00007ffadf0a52ca / 0x00552ca: 23 != 76

4c84.6498: 00007ffadf0a52cb / 0x00552cb: e2 != e3

4c84.6498: 00007ffadf0a52d0 / 0x00552d0: b0 != 70

4c84.6498: 00007ffadf0a52d1 / 0x00552d1: 0d != 01

4c84.6498: 00007ffadf0a52d2 / 0x00552d2: 23 != 76

4c84.6498: 00007ffadf0a52d3 / 0x00552d3: e2 != e3

4c84.6498: 00007ffadf0a52e0 / 0x00552e0: 80 != 30

4c84.6498: 00007ffadf0a52e1 / 0x00552e1: c5 != 47

4c84.6498: 00007ffadf0a52e2 / 0x00552e2: 1f != 75

4c84.6498: 00007ffadf0a52e3 / 0x00552e3: e2 != e3

4c84.6498: 00007ffadf0a58b8 / 0x00558b8: 40 != 80

4c84.6498: 00007ffadf0a58b9 / 0x00558b9: 4c != ea

4c84.6498: 00007ffadf0a58ba / 0x00558ba: 06 != c9

4c84.6498: 00007ffadf0a58bb / 0x00558bb: df != e4

4c84.6498: 00007ffadf0a58c1 / 0x00558c1: 4d != eb

4c84.6498: 00007ffadf0a58c2 / 0x00558c2: 06 != c9

4c84.6498: 00007ffadf0a58c3 / 0x00558c3: df != e4

4c84.6498: 00007ffadf0a58c8 / 0x00558c8: 40 != 80

4c84.6498: 00007ffadf0a58c9 / 0x00558c9: 4c != ea

4c84.6498: 00007ffadf0a58ca / 0x00558ca: 06 != c9

4c84.6498: 00007ffadf0a58cb / 0x00558cb: df != e4

4c84.6498: 00007ffadf0a58d0 / 0x00558d0: e0 != c0

4c84.6498: 00007ffadf0a58d1 / 0x00558d1: 4d != eb

4c84.6498: 00007ffadf0a58d2 / 0x00558d2: 06 != c9

4c84.6498: 00007ffadf0a58d3 / 0x00558d3: df != e4

4c84.6498: 00007ffadf0a58d8 / 0x00558d8: e0 != c0

4c84.6498: 00007ffadf0a58d9 / 0x00558d9: 4d != eb

4c84.6498: 00007ffadf0a58da / 0x00558da: 06 != c9

4c84.6498: 00007ffadf0a58db / 0x00558db: df != e4

4c84.6498: Restored 0x2000 bytes of original file content at 00007ffadf0a5000

4c84.6498: supHardNtVpCheckHandles:

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 000000000000006c

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000068

4c84.6498: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000064

4c84.6498: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED ->

VINF_SUCCESS, cFixes=8

4c84.6498: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

4c84.6498: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

4c84.6498: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\

VBoxHeadless.exe)

4c84.6498: supR3HardNtEnableThreadCreationEx:

4c84.6498: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0

pvNtTerminateThread=00007ffae4caf7a0

4c84.6498: supR3HardenedWinDoReSpawn(1): New child 6fec.6004 [kernel32].

4c84.6498: supR3HardNtChildGatherData: PebBaseAddress=000000d3c427e000 cbPeb=0x388

4c84.6498: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae4c10000

uNtDllChildAddr=00007ffae4c10000

4c84.6498: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae4c83de0

4c84.6498: supR3HardenedWinSetupChildInit: Initial context:

rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c635b5a0 rdx=000000d3c427e000

 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000

r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000

rip=00007ffae4c6aa40 rsp=000000d3c44ff908 rbp=0000000000000000 ctxflags=0010001b

cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80

P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000

dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000

dr3=0000000000000000

dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000

lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000

4c84.6498: supR3HardenedWinSetupChildInit: Start child.

4c84.6498: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after

0 ms.

4c84.6498: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 33 sleeps

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000d3c41fffff 0x0001/0x0000 0x0000000

4c84.6498: *000000d3c4200000-000000d3c427dfff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c427e000-000000d3c4280fff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4281000-000000d3c43fffff 0x0000/0x0004 0x0020000

4c84.6498: *000000d3c4400000-000000d3c44fafff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c44fb000-000000d3c44fdfff 0x0104/0x0004 0x0020000

4c84.6498: 000000d3c44fe000-000000d3c44fffff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4500000-000002c2388cffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c2388d0000-000002c2388effff 0x0004/0x0004 0x0020000

4c84.6498: *000002c2388f0000-000002c23890efff 0x0002/0x0002 0x0040000

4c84.6498: 000002c23890f000-000002c23890ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238910000-000002c238913fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238914000-000002c23891ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238920000-000002c238920fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238921000-000002c23892ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238930000-000002c238931fff 0x0004/0x0004 0x0020000

4c84.6498: 000002c238932000-00007df59882ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598830000-00007df598830fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df598831000-00007df59883ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598840000-00007df59a197fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a198000-00007df59a255fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a256000-00007df59a623fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a624000-00007df59a624fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a625000-00007ff5739ccfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff5739cd000-00007ff5739d1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff5739d2000-00007ff580b2afff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff580b2b000-00007ff58416ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff584170000-00007ff584178fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff584179000-00007ff59883ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff598840000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c640ffff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6410000-00007ff6c6410fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6411000-00007ff6c6415fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6416000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe
4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8e000-00007ffae4d99fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

4c84.6498: 00007ff6c64625f8 / 0x01125f8: 00 != 50

4c84.6498: 00007ff6c64625f9 / 0x01125f9: 00 != 41

4c84.6498: 00007ff6c64625fa / 0x01125fa: 00 != 44

4c84.6498: 00007ff6c64625fb / 0x01125fb: 00 != 44

4c84.6498: 00007ff6c64625fc / 0x01125fc: 00 != 49

4c84.6498: 00007ff6c64625fd / 0x01125fd: 00 != 4e

4c84.6498: 00007ff6c64625fe / 0x01125fe: 00 != 47

4c84.6498: 00007ff6c64625ff / 0x01125ff: 00 != 58

4c84.6498: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

4c84.6498: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20

4c84.6498: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 33 sleeps

4c84.6498: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

4c84.6498: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

4c84.6498: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

4c84.6498: 000000007ffe3000-000000d3c41fffff 0x0001/0x0000 0x0000000

4c84.6498: *000000d3c4200000-000000d3c427dfff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c427e000-000000d3c4280fff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4281000-000000d3c43fffff 0x0000/0x0004 0x0020000

4c84.6498: *000000d3c4400000-000000d3c44fafff 0x0000/0x0004 0x0020000

4c84.6498: 000000d3c44fb000-000000d3c44fdfff 0x0104/0x0004 0x0020000

4c84.6498: 000000d3c44fe000-000000d3c44fffff 0x0004/0x0004 0x0020000

4c84.6498: 000000d3c4500000-000002c2388cffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c2388d0000-000002c2388effff 0x0004/0x0004 0x0020000

4c84.6498: *000002c2388f0000-000002c23890efff 0x0002/0x0002 0x0040000

4c84.6498: 000002c23890f000-000002c23890ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238910000-000002c238913fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238914000-000002c23891ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238920000-000002c238920fff 0x0002/0x0002 0x0040000

4c84.6498: 000002c238921000-000002c23892ffff 0x0001/0x0000 0x0000000

4c84.6498: *000002c238930000-000002c238931fff 0x0004/0x0004 0x0020000

4c84.6498: 000002c238932000-00007df59882ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598830000-00007df598830fff 0x0002/0x0002 0x0040000

4c84.6498: 00007df598831000-00007df59883ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007df598840000-00007df59a197fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a198000-00007df59a255fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a256000-00007df59a623fff 0x0000/0x0001 0x0040000

4c84.6498: 00007df59a624000-00007df59a624fff 0x0001/0x0001 0x0040000

4c84.6498: 00007df59a625000-00007ff5739ccfff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff5739cd000-00007ff5739d1fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff5739d2000-00007ff580b2afff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff580b2b000-00007ff58416ffff 0x0001/0x0001 0x0040000

4c84.6498: 00007ff584170000-00007ff584178fff 0x0002/0x0001 0x0040000

4c84.6498: 00007ff584179000-00007ff59883ffff 0x0000/0x0001 0x0040000

4c84.6498: 00007ff598840000-00007ff6c634ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bb000-00007ff6c63bbfff 0x0040/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c640f000-00007ff6c641bfff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

4c84.6498: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

4c84.6498: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d8e000-00007ffae4d91fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d92000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

4c84.6498: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

4c84.6498: supR3HardNtChildPurify: Done after 1034 ms and 1 fixes (loop #1).

6fec.6004: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae4c10000

g_uNtVerCombined=0xa0585d00 (stack ~000000d3c44fe6d0)
6fec.6004: ntdll.dll: timestamp 0x7a9f67f2 (rc=VINF_SUCCESS)

6fec.6004: New simple heap: #1 000002c238a40000 LB 0x800000 (for 2179072 allocation)

4c84.6498: supR3HardNtEnableThreadCreationEx:

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: System32: \Device\HarddiskVolume3\Windows\System32

6fec.6004: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

6fec.6004: KnownDllPath: C:\WINDOWS\System32

6fec.6004: supR3HardenedVmProcessInit: Opening vboxsup stub...

6fec.6004: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...

6fec.6004: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...

6fec.6004: Registered Dll notification callback with NTDLL.

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\kernel32.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

kernel32.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL

(Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae21d0000 LB 0x003a4000 C:\

WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\KernelBase.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

KernelBase.dll

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae3740000 LB 0x000c4000 C:\

WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\

WINDOWS\System32\KERNEL32.DLL'

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ff6c6350000 LB 0x00114000 D:\

VBoxHeadless.exe [fFlags=0x0]

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

6fec.6004: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\
VBoxHeadless.exe)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxHeadless.exe

6fec.6004: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0

pvNtTerminateThread=00007ffae4caf7a0

4c84.6498: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.

6fec.6004: \SystemRoot\System32\ntdll.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:31.963703500Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:32.010636100Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.724455100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x212fa0

6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x7a9f67f2

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x7a9f67f2

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x214000 (2179072)

6fec.6004: Resource Dir: 0x19e000 LB 0x74c30

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: NT Layer DLL

6fec.6004: \SystemRoot\System32\kernel32.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:09.965858700Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:09.981491400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.660990400Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xc71d0

6fec.6004: NT Headers: 0xe8

6fec.6004: Timestamp: 0xfe3dc5c1

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0xfe3dc5c1

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xc4000 (802816)

6fec.6004: Resource Dir: 0xc2000 LB 0x520

6fec.6004: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: Windows NT BASE API Client DLL

6fec.6004: \SystemRoot\System32\KernelBase.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:32.854231400Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:32.948038400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.724455100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x3ab8f8

6fec.6004: NT Headers: 0xf0

6fec.6004: Timestamp: 0x83983b0b

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x83983b0b

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x3a4000 (3817472)

6fec.6004: Resource Dir: 0x373000 LB 0x548

6fec.6004: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2215

6fec.6004: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

6fec.6004: FileDescription: Windows NT BASE API Client DLL

6fec.6004: \SystemRoot\System32\apisetschema.dll:

6fec.6004: CreationTime: 2023-10-05T06:15:06.403744400Z

6fec.6004: LastWriteTime: 2023-10-05T06:15:06.403744400Z

6fec.6004: ChangeTime: 2023-10-14T08:27:05.472291700Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x24580

6fec.6004: NT Headers: 0xc8

6fec.6004: Timestamp: 0xd4ae1653

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0xd4ae1653

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x23000 (143360)

6fec.6004: Resource Dir: 0x22000 LB 0x408

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Microsoft® Windows® Operating System

6fec.6004: ProductVersion: 10.0.22621.2070

6fec.6004: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

6fec.6004: FileDescription: ApiSet Schema DLL

6fec.6004: Found driver cfwids (0x20)

6fec.6004: Found driver mfencbdc (0x20)

6fec.6004: Found driver mfehidk (0x20)

6fec.6004: Found driver mfeavfk (0x20)

6fec.6004: Found driver mfefirek (0x20)

6fec.6004: supR3HardenedWinFindAdversaries: 0x20

6fec.6004: \SystemRoot\System32\drivers\cfwids.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:40.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.517289300Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x13040

6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x13000 (77824)

6fec.6004: Resource Dir: 0x11000 LB 0x558

6fec.6004: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191

6fec.6004: FileDescription: McAfee Personal Firewall IDS Plugin

6fec.6004: \SystemRoot\System32\drivers\mfeavfk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.297767900Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x55640

6fec.6004: NT Headers: 0xf0

6fec.6004: Timestamp: 0x62b93070

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b93070

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x54000 (344064)

6fec.6004: Resource Dir: 0x52000 LB 0x760

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

6fec.6004: FileDescription: Anti-Virus File System Filter Driver

6fec.6004: \SystemRoot\System32\drivers\mfefirek.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:12.266521400Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x6cc40

6fec.6004: NT Headers: 0xe8

6fec.6004: Timestamp: 0x62b93093

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b93093

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x6c000 (442368)

6fec.6004: Resource Dir: 0x6a000 LB 0x390

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

6fec.6004: FileDescription: McAfee Core Firewall Engine Driver

6fec.6004: \SystemRoot\System32\drivers\mfehidk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:40.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:11.824327000Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xe0a40

6fec.6004: NT Headers: 0x100

6fec.6004: Timestamp: 0x62b9314a

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9314a

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xe9000 (954368)

6fec.6004: Resource Dir: 0xe6000 LB 0x788

6fec.6004: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

6fec.6004: FileDescription: McAfee Link Driver

6fec.6004: \SystemRoot\System32\drivers\mfencbdc.sys:

6fec.6004: CreationTime: 2021-09-16T09:52:14.000000000Z

6fec.6004: LastWriteTime: 2022-07-07T02:24:02.000000000Z

6fec.6004: ChangeTime: 2023-10-05T06:23:25.737631000Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0xa2750

6fec.6004: NT Headers: 0xd8

6fec.6004: Timestamp: 0x62bc4151

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62bc4151

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0xb3000 (733184)

6fec.6004: Resource Dir: 0xb1000 LB 0x3e0

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: Anti-Malware Core

6fec.6004: ProductVersion: 22.7.0

6fec.6004: FileVersion: Anti-Malware Core.22.7.0.567

6fec.6004: PrivateBuild: Anti-Malware Core.22.7.0.567

6fec.6004: FileDescription: Event Driver

6fec.6004: \SystemRoot\System32\drivers\mfewfpk.sys:

6fec.6004: CreationTime: 2021-09-28T22:02:42.000000000Z

6fec.6004: LastWriteTime: 2022-09-14T20:55:50.000000000Z

6fec.6004: ChangeTime: 2023-10-04T16:58:11.110295100Z

6fec.6004: FileAttributes: 0x20

6fec.6004: Size: 0x39458

6fec.6004: NT Headers: 0xe0

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Machine: 0x8664 - amd64

6fec.6004: Timestamp: 0x62b9306e

6fec.6004: Image Version: 10.0

6fec.6004: SizeOfImage: 0x53000 (339968)

6fec.6004: Resource Dir: 0x51000 LB 0x388

6fec.6004: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

6fec.6004: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

6fec.6004: ProductName: SYSCORE

6fec.6004: ProductVersion: 22.7.0.191

6fec.6004: FileVersion: SYSCORE.22.7.0.191

6fec.6004: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

6fec.6004: FileDescription: Anti-Virus Mini-Firewall Driver

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: Calling main()

6fec.6004: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

6fec.6004: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

6fec.6004: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\

VBoxHeadless.exe)

6fec.6004: SUPR3HardenedMain: Respawn #2

6fec.6004: supR3HardNtEnableThreadCreationEx:
6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffae3810000 LB 0x000a6000 C:\
WINDOWS\System32\sechost.dll [fFlags=0x0]

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\sechost.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

sechost.dll

6fec.6004: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\ntdll.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

ntdll.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll

(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\

WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll

(Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'C:\

WINDOWS\System32\KernelBase.dll'

6fec.6004: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\apphelp.dll)

6fec.6004: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

apphelp.dll

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll

(rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]

6fec.6004: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedDllNotificationCallback: load 00007ffadf050000 LB 0x00097000 C:\

WINDOWS\system32\apphelp.dll [fFlags=0x0]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll
(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\

WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll

(Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000801:<flags> [calling]

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4c10000 'C:\

WINDOWS\System32\ntdll.dll'

6fec.6004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf050000 'C:\

WINDOWS\system32\apphelp.dll'

6fec.6004: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0

pvNtTerminateThread=00007ffae4caf7a0

6fec.6004: supR3HardenedWinDoReSpawn(2): New child 5758.5ee8 [kernel32].

6fec.6004: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed:

0xc0000022 (harmless)

6fec.6004: supR3HardNtChildGatherData: PebBaseAddress=0000008a53b22000 cbPeb=0x388

6fec.6004: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae4c10000

uNtDllChildAddr=00007ffae4c10000

6fec.6004: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae4c83de0

6fec.6004: supR3HardenedWinSetupChildInit: Initial context:

rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c635b5a0 rdx=0000008a53b22000

rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000

r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000

rip=00007ffae4c6aa40 rsp=0000008a53cff888 rbp=0000000000000000 ctxflags=0010001b

cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80

P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000

dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000

dr3=0000000000000000

dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000

lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000

6fec.6004: kernel32.dll: timestamp 0xfe3dc5c1 (rc=VINF_SUCCESS)

6fec.6004: supR3HardenedWinSetupChildInit: Start child.

6fec.6004: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after

0 ms.

6fec.6004: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 32 sleeps

6fec.6004: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

6fec.6004: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe3000-0000008a539fffff 0x0001/0x0000 0x0000000

6fec.6004: *0000008a53a00000-0000008a53b21fff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53b22000-0000008a53b24fff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53b25000-0000008a53bfffff 0x0000/0x0004 0x0020000

6fec.6004: *0000008a53c00000-0000008a53cfafff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53cfb000-0000008a53cfdfff 0x0104/0x0004 0x0020000

6fec.6004: 0000008a53cfe000-0000008a53cfffff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53d00000-0000025e70ddffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70de0000-0000025e70dfffff 0x0004/0x0004 0x0020000

6fec.6004: *0000025e70e00000-0000025e70e1efff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e1f000-0000025e70e1ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e20000-0000025e70e23fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e24000-0000025e70e2ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e30000-0000025e70e30fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e31000-0000025e70e3ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e40000-0000025e70e41fff 0x0004/0x0004 0x0020000

6fec.6004: 0000025e70e42000-00007df5c40effff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c40f0000-00007df5c40f0fff 0x0002/0x0002 0x0040000

6fec.6004: 00007df5c40f1000-00007df5c40fffff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c4100000-00007df5c5a57fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5a58000-00007df5c5b15fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5b16000-00007df5c5ee3fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5ee4000-00007df5c5ee4fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5ee5000-00007ff59f28cfff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff59f28d000-00007ff59f291fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff59f292000-00007ff5ac3eafff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5ac3eb000-00007ff5afa2ffff 0x0001/0x0001 0x0040000

6fec.6004: 00007ff5afa30000-00007ff5afa38fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff5afa39000-00007ff5c40fffff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5c4100000-00007ff6c634ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bb000-00007ff6c63bbfff 0x0080/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c640f000-00007ff6c640ffff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6410000-00007ff6c6410fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6411000-00007ff6c6415fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6416000-00007ff6c641bfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d8e000-00007ffae4d99fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll
6fec.6004: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\
HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

6fec.6004: VBoxHeadless.exe: timestamp 0x652832c2 (rc=VINF_SUCCESS)

6fec.6004: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

6fec.6004: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

6fec.6004: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:

6fec.6004: 00007ff6c64625f8 / 0x01125f8: 00 != 50

6fec.6004: 00007ff6c64625f9 / 0x01125f9: 00 != 41

6fec.6004: 00007ff6c64625fa / 0x01125fa: 00 != 44

6fec.6004: 00007ff6c64625fb / 0x01125fb: 00 != 44

6fec.6004: 00007ff6c64625fc / 0x01125fc: 00 != 49

6fec.6004: 00007ff6c64625fd / 0x01125fd: 00 != 4e

6fec.6004: 00007ff6c64625fe / 0x01125fe: 00 != 47

6fec.6004: 00007ff6c64625ff / 0x01125ff: 00 != 58

6fec.6004: Restored 0xa08 bytes of original file content at 00007ff6c64625f8

6fec.6004: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports

6fec.6004: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20

6fec.6004: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 32 sleeps

6fec.6004: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION

6fec.6004: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000

6fec.6004: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000

6fec.6004: 000000007ffe3000-0000008a539fffff 0x0001/0x0000 0x0000000

6fec.6004: *0000008a53a00000-0000008a53b21fff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53b22000-0000008a53b24fff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53b25000-0000008a53bfffff 0x0000/0x0004 0x0020000

6fec.6004: *0000008a53c00000-0000008a53cfafff 0x0000/0x0004 0x0020000

6fec.6004: 0000008a53cfb000-0000008a53cfdfff 0x0104/0x0004 0x0020000

6fec.6004: 0000008a53cfe000-0000008a53cfffff 0x0004/0x0004 0x0020000

6fec.6004: 0000008a53d00000-0000025e70ddffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70de0000-0000025e70dfffff 0x0004/0x0004 0x0020000

6fec.6004: *0000025e70e00000-0000025e70e1efff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e1f000-0000025e70e1ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e20000-0000025e70e23fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e24000-0000025e70e2ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e30000-0000025e70e30fff 0x0002/0x0002 0x0040000

6fec.6004: 0000025e70e31000-0000025e70e3ffff 0x0001/0x0000 0x0000000

6fec.6004: *0000025e70e40000-0000025e70e41fff 0x0004/0x0004 0x0020000

6fec.6004: 0000025e70e42000-00007df5c40effff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c40f0000-00007df5c40f0fff 0x0002/0x0002 0x0040000

6fec.6004: 00007df5c40f1000-00007df5c40fffff 0x0001/0x0000 0x0000000

6fec.6004: *00007df5c4100000-00007df5c5a57fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5a58000-00007df5c5b15fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5b16000-00007df5c5ee3fff 0x0000/0x0001 0x0040000

6fec.6004: 00007df5c5ee4000-00007df5c5ee4fff 0x0001/0x0001 0x0040000

6fec.6004: 00007df5c5ee5000-00007ff59f28cfff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff59f28d000-00007ff59f291fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff59f292000-00007ff5ac3eafff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5ac3eb000-00007ff5afa2ffff 0x0001/0x0001 0x0040000

6fec.6004: 00007ff5afa30000-00007ff5afa38fff 0x0002/0x0001 0x0040000

6fec.6004: 00007ff5afa39000-00007ff5c40fffff 0x0000/0x0001 0x0040000

6fec.6004: 00007ff5c4100000-00007ff6c634ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ff6c6350000-00007ff6c6350fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6351000-00007ff6c63bafff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe
6fec.6004: 00007ff6c63bb000-00007ff6c63bbfff 0x0040/0x0080 0x1000000 \Device\
HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c63bc000-00007ff6c640efff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c640f000-00007ff6c641bfff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c641c000-00007ff6c6463fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume5\VBoxHeadless.exe

6fec.6004: 00007ff6c6464000-00007ffae4c0ffff 0x0001/0x0000 0x0000000

6fec.6004: *00007ffae4c10000-00007ffae4c10fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4c11000-00007ffae4d40fff 0x0020/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d41000-00007ffae4d8dfff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d8e000-00007ffae4d91fff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d92000-00007ffae4d99fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4d9a000-00007ffae4da8fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4da9000-00007ffae4da9fff 0x0004/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4daa000-00007ffae4dacfff 0x0008/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4dad000-00007ffae4e23fff 0x0002/0x0080 0x1000000 \Device\

HarddiskVolume3\Windows\System32\ntdll.dll

6fec.6004: 00007ffae4e24000-00007ffffffeffff 0x0001/0x0000 0x0000000

6fec.6004: supR3HardNtChildPurify: Done after 1046 ms and 1 fixes (loop #1).

6fec.6004: supR3HardenedEarlyCompact: Removed heap 1 (0x0002c238a40000 LB 0x800000)

5758.5ee8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae4c10000

g_uNtVerCombined=0xa0585d00 (stack ~0000008a53cfe650)

6fec.6004: supR3HardNtEnableThreadCreationEx:

5758.5ee8: ntdll.dll: timestamp 0x7a9f67f2 (rc=VINF_SUCCESS)

5758.5ee8: New simple heap: #1 0000025e70f50000 LB 0x800000 (for 2179072 allocation)

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

5758.5ee8: System32: \Device\HarddiskVolume3\Windows\System32

5758.5ee8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS

5758.5ee8: KnownDllPath: C:\WINDOWS\System32

5758.5ee8: supR3HardenedVmProcessInit: Opening vboxsup...

5758.5ee8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...

5758.5ee8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...

5758.5ee8: Registered Dll notification callback with NTDLL.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\kernel32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

kernel32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL

(Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae21d0000 LB 0x003a4000 C:\

WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\KernelBase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

KernelBase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3740000 LB 0x000c4000 C:\

WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\

WINDOWS\System32\KERNEL32.DLL'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ff6c6350000 LB 0x00114000 D:\

VBoxHeadless.exe [fFlags=0x0]

5758.5ee8: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

5758.5ee8: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\

VBoxHeadless.exe)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxHeadless.exe

5758.5ee8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae4c83de0

pvNtTerminateThread=00007ffae4caf7a0

5758.5ee8: \SystemRoot\System32\ntdll.dll:
5758.5ee8: CreationTime: 2023-10-05T06:15:31.963703500Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:32.010636100Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.724455100Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x212fa0

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x7a9f67f2

6fec.6004: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 89 ms.

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x7a9f67f2

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x214000 (2179072)

5758.5ee8: Resource Dir: 0x19e000 LB 0x74c30

5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: NT Layer DLL

5758.5ee8: \SystemRoot\System32\kernel32.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:09.965858700Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:09.981491400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.660990400Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xc71d0

5758.5ee8: NT Headers: 0xe8

5758.5ee8: Timestamp: 0xfe3dc5c1

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0xfe3dc5c1

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xc4000 (802816)

5758.5ee8: Resource Dir: 0xc2000 LB 0x520

5758.5ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: Windows NT BASE API Client DLL

5758.5ee8: \SystemRoot\System32\KernelBase.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:32.854231400Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:32.948038400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.724455100Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x3ab8f8

5758.5ee8: NT Headers: 0xf0

5758.5ee8: Timestamp: 0x83983b0b

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x83983b0b

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x3a4000 (3817472)

5758.5ee8: Resource Dir: 0x373000 LB 0x548

5758.5ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x3730b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2215

5758.5ee8: FileVersion: 10.0.22621.2215 (WinBuild.160101.0800)

5758.5ee8: FileDescription: Windows NT BASE API Client DLL

5758.5ee8: \SystemRoot\System32\apisetschema.dll:

5758.5ee8: CreationTime: 2023-10-05T06:15:06.403744400Z

5758.5ee8: LastWriteTime: 2023-10-05T06:15:06.403744400Z

5758.5ee8: ChangeTime: 2023-10-14T08:27:05.472291700Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x24580

5758.5ee8: NT Headers: 0xc8

5758.5ee8: Timestamp: 0xd4ae1653

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0xd4ae1653

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x23000 (143360)

5758.5ee8: Resource Dir: 0x22000 LB 0x408

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Microsoft® Windows® Operating System

5758.5ee8: ProductVersion: 10.0.22621.2070

5758.5ee8: FileVersion: 10.0.22621.2070 (WinBuild.160101.0800)

5758.5ee8: FileDescription: ApiSet Schema DLL

5758.5ee8: Found driver cfwids (0x20)

5758.5ee8: Found driver mfencbdc (0x20)

5758.5ee8: Found driver mfehidk (0x20)

5758.5ee8: Found driver mfeavfk (0x20)

5758.5ee8: Found driver mfefirek (0x20)

5758.5ee8: supR3HardenedWinFindAdversaries: 0x20

5758.5ee8: \SystemRoot\System32\drivers\cfwids.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:40.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.517289300Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x13040

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x13000 (77824)

5758.5ee8: Resource Dir: 0x11000 LB 0x558

5758.5ee8: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x110a0 LB 0x320, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191

5758.5ee8: FileDescription: McAfee Personal Firewall IDS Plugin

5758.5ee8: \SystemRoot\System32\drivers\mfeavfk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.297767900Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x55640

5758.5ee8: NT Headers: 0xf0

5758.5ee8: Timestamp: 0x62b93070

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b93070

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x54000 (344064)

5758.5ee8: Resource Dir: 0x52000 LB 0x760

5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x52110 LB 0x33c, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F15,F16,F19

5758.5ee8: FileDescription: Anti-Virus File System Filter Driver

5758.5ee8: \SystemRoot\System32\drivers\mfefirek.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:12.266521400Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x6cc40

5758.5ee8: NT Headers: 0xe8

5758.5ee8: Timestamp: 0x62b93093

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b93093

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x6c000 (442368)

5758.5ee8: Resource Dir: 0x6a000 LB 0x390

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x6a060 LB 0x330, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

5758.5ee8: FileDescription: McAfee Core Firewall Engine Driver

5758.5ee8: \SystemRoot\System32\drivers\mfehidk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:40.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:11.824327000Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xe0a40

5758.5ee8: NT Headers: 0x100

5758.5ee8: Timestamp: 0x62b9314a

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9314a

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xe9000 (954368)

5758.5ee8: Resource Dir: 0xe6000 LB 0x788

5758.5ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xe6110 LB 0x328, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F14,F15,F16,F18,F20

5758.5ee8: FileDescription: McAfee Link Driver

5758.5ee8: \SystemRoot\System32\drivers\mfencbdc.sys:

5758.5ee8: CreationTime: 2021-09-16T09:52:14.000000000Z

5758.5ee8: LastWriteTime: 2022-07-07T02:24:02.000000000Z

5758.5ee8: ChangeTime: 2023-10-05T06:23:25.737631000Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0xa2750

5758.5ee8: NT Headers: 0xd8

5758.5ee8: Timestamp: 0x62bc4151

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62bc4151

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0xb3000 (733184)

5758.5ee8: Resource Dir: 0xb1000 LB 0x3e0

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0xb1060 LB 0x380, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: Anti-Malware Core

5758.5ee8: ProductVersion: 22.7.0

5758.5ee8: FileVersion: Anti-Malware Core.22.7.0.567

5758.5ee8: PrivateBuild: Anti-Malware Core.22.7.0.567

5758.5ee8: FileDescription: Event Driver

5758.5ee8: \SystemRoot\System32\drivers\mfewfpk.sys:

5758.5ee8: CreationTime: 2021-09-28T22:02:42.000000000Z

5758.5ee8: LastWriteTime: 2022-09-14T20:55:50.000000000Z

5758.5ee8: ChangeTime: 2023-10-04T16:58:11.110295100Z

5758.5ee8: FileAttributes: 0x20

5758.5ee8: Size: 0x39458

5758.5ee8: NT Headers: 0xe0

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Machine: 0x8664 - amd64

5758.5ee8: Timestamp: 0x62b9306e

5758.5ee8: Image Version: 10.0

5758.5ee8: SizeOfImage: 0x53000 (339968)

5758.5ee8: Resource Dir: 0x51000 LB 0x388

5758.5ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]

5758.5ee8: [Raw version resource data: 0x51060 LB 0x328, codepage 0x0 (reserved 0x0)]

5758.5ee8: ProductName: SYSCORE

5758.5ee8: ProductVersion: 22.7.0.191

5758.5ee8: FileVersion: SYSCORE.22.7.0.191

5758.5ee8: PrivateBuild: SYSCORE.22.7.0.191 F17,F18

5758.5ee8: FileDescription: Anti-Virus Mini-Firewall Driver

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

5758.5ee8: Calling main()

5758.5ee8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0

5758.5ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5'

5758.5ee8: \Device\HarddiskVolume5\VBoxHeadless.exe: Signature #1/2: info status: 24202

5758.5ee8: '\Device\HarddiskVolume5\VBoxHeadless.exe' has no imports

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\

VBoxHeadless.exe)

5758.5ee8: SUPR3HardenedMain: Final process, opening VBoxDrv...

5758.5ee8: supR3HardenedEarlyCompact: Removed heap 1 (0x00025e70f50000 LB 0x800000)

5758.5ee8: supR3HardNtEnableThreadCreationEx:

5758.5ee8: \Device\HarddiskVolume5\VBoxSupLib.dll: Signature #1/2: info status: 24202

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\

VBoxSupLib.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxSupLib.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL
(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\

HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffadaec0000 LB 0x00005000 D:\

VBoxSupLib.DLL [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\

HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\

HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\

VBoxSupLib.DLL'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\

HarddiskVolume5\VBoxSupLib.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxSupLib.DLL

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\

VBoxSupLib.DLL'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaec0000 'D:\

VBoxSupLib.DLL'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\wintrust.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

wintrust.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\rpcrt4.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

rpcrt4.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\
HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\msvcrt.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

msvcrt.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3ac0000 LB 0x000a7000 C:\

WINDOWS\System32\msvcrt.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3380000 LB 0x00117000 C:\

WINDOWS\System32\RPCRT4.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1ff0000 LB 0x0006b000 C:\

WINDOWS\System32\Wintrust.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae27c0000 LB 0x00111000 C:\

WINDOWS\System32\ucrtbase.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\ucrtbase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

ucrtbase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae2060000 LB 0x00166000 C:\

WINDOWS\System32\CRYPT32.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\crypt32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

crypt32.dll

5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -

> 0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0

(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-

ms-win-core-synch-l1-2-0'
5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) ->
0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1

(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-

ms-win-core-fibers-l1-1-1'

5758.5ee8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -

> 0x0, fPresent=1

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0

(rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae21d0000 'api-

ms-win-core-synch-l1-2-0'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\msasn1.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

msasn1.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1830000 LB 0x00012000 C:\

WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1ff0000 'C:\

WINDOWS\system32\Wintrust.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\bcrypt.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

bcrypt.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1990000 LB 0x00028000 C:\

WINDOWS\system32\bcrypt.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1990000 'C:\

WINDOWS\system32\bcrypt.dll'

5758.5ee8: bcrypt.dll loaded at 00007ffae1990000, BCryptOpenAlgorithmProvider at

00007ffae1994520, preloading providers:
5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\
System32\bcryptprimitives.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

bcryptprimitives.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\

bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae2580000 LB 0x0007a000 C:\

WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2580000 'C:\

WINDOWS\system32\bcryptprimitives.dll'

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000025e71911170)

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000025e71911e10)

5758.5ee8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000025e71912160)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000025e719124b0)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000025e71912800)

5758.5ee8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000025e71912b50)

5758.5ee8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000025e71912ea0)

5758.5ee8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000025e719131f0)

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\cryptsp.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

cryptsp.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae17d0000 LB 0x0001b000 C:\

WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\rsaenh.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

rsaenh.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1070000 LB 0x00035000 C:\

WINDOWS\system32\rsaenh.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\cryptbase.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

cryptbase.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae17f0000 LB 0x0000c000 C:\

WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll

(Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3740000 'C:\

WINDOWS\System32\kernel32.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL

(Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1ff0000 'C:\

WINDOWS\System32\WINTRUST.DLL'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\CRYPT32.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae45d0000 LB 0x0001f000 C:\

WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\
System32\imagehlp.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

imagehlp.dll

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3810000 LB 0x000a6000 C:\

WINDOWS\System32\sechost.dll [fFlags=0x0]

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\sechost.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

sechost.dll

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\gpapi.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

gpapi.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1610000 LB 0x00026000 C:\

WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\cryptnet.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

cryptnet.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\

HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\

HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\

HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffad32a0000 LB 0x00032000 C:\

Windows\System32\cryptnet.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll
(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll

(rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'
5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

Windows\System32\cryptnet.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\profapi.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

profapi.dll

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae1ef0000 LB 0x00026000 C:\

WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad32a0000 'C:\

WINDOWS\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedDllNotificationCallback: load 00007ffae3d00000 LB 0x000b0000 C:\

WINDOWS\System32\advapi32.dll [fFlags=0x0]

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\advapi32.dll)

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

advapi32.dll

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\
HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\

HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\

HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\

SystemRoot\System32\ntdll.dll

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000025e719e0c80

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000025e719e0c80

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20

wszDigest=5D11066B1F9EC554A1F657EEF2032F2ACE968E6A

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll

(Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3380000 'C:\
WINDOWS\System32\rpcrt4.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\

system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-
Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.2283.cat'; file='\SystemRoot\
System32\ntdll.dll'

5758.5ee8: g_pfnWinVerifyTrust=00007ffae20024c0

5758.5ee8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\

HarddiskVolume3\Windows\System32\crypt32.dll'
5758.5ee8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\

HarddiskVolume3\Windows\System32\wintrust.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\advapi32.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\profapi.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\
WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\cryptnet.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\gpapi.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\sechost.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\imagehlp.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rsaenh.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll

(rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\cryptsp.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\bcrypt.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'
5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\
WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\msasn1.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\msvcrt.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\

Device\HarddiskVolume5\VBoxSupLib.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\

Device\HarddiskVolume5\VBoxHeadless.exe'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'
5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\
Device\HarddiskVolume3\Windows\System32\KernelBase.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\

Device\HarddiskVolume3\Windows\System32\kernel32.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\system32\crypt32.dll'

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com,

DC=microsoft, CN=Microsoft Root Certificate Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western

Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater

Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c)

1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec

Corporation, CN=Symantec Enterprise Mobile Root for Microsoft

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US,

ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority
2011

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT,

CN=Microsoft Authenticode(tm) Root Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US,

ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority
2010

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US,

ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate
Authority 2018

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust

Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c)
1997 Microsoft Corp.

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust

Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED,
(c)97 VeriSign, Inc.
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US,
ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate
Authority 2018

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US,

ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate
Authority 2014

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft

Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc.,

OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte
Primary Root CA - G3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert

Inc, OU=www.digicert.com, CN=DigiCert Global Root G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis

Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert

Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature

Trust Co., CN=DST Root CA X3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root

CA - R3, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore,

OU=CyberTrust, CN=Baltimore CyberTrust Root

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater

Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet

Security Research Group, CN=ISRG Root X1

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona,

L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign

nv-sa, OU=Root CA, CN=GlobalSign Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield

Technologies, Inc., OU=Starfield Class 2 Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert

Inc, OU=www.digicert.com, CN=DigiCert Global Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc.,

OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte
Primary Root CA
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc.,
OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only,
CN=Entrust Root Certification Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust

Corporation, CN=SecureTrust CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root

CA - R6, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc,

OU=www.digicert.com, CN=DigiCert Global Root G3

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign,

Inc., OU=Class 3 Public Primary Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc,

OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM

Trust Systems CO.,LTD., OU=Security Communication RootCA2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert,

Inc., CN=DigiCert CS RSA4096 Root G5

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net,

OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited,
CN=Entrust.net Certification Authority (2048)

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign

nv-sa, CN=GlobalSign Code Signing Root R45

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign,

Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign
Class 3 Public Primary Certification Authority - G5

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona,

L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign,

Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign
Universal Root Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New

Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go

Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC

Root CA - R5, O=GlobalSign, CN=GlobalSign

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto

Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert
Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA

5758.5ee8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB,

OU=AddTrust External TTP Network, CN=AddTrust External CA Root

5758.5ee8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=47

5758.5ee8: SUPR3HardenedMain: Load Runtime...

5758.5ee8: \Device\HarddiskVolume5\VBoxRT.dll: Signature #1/2: info status: 24202

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\VBoxRT.dll)

WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\VBoxRT.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\

HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\ws2_32.dll) WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

ws2_32.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\
HarddiskVolume3\Windows\System32\rpcrt4.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\

HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\rpcrt4.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.

5758.5ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\

System32\msvcp140.dll) WinVerifyTrust

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\

msvcp140.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\

HarddiskVolume5\vcruntime140_1.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #1/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\

HarddiskVolume5\vcruntime140_1.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #1/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x652832c2/link.

5758.5ee8: Detected WinVerifyTrust recursion: rc=-5659 '\Device\HarddiskVolume5\

vcruntime140_1.dll'.
5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\
vcruntime140_1.dll)

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \

Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\

HarddiskVolume5\vcruntime140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: \Device\HarddiskVolume5\vcruntime140.dll: Signature #1/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x8e79cd85/link.

5758.5ee8: \Device\HarddiskVolume5\vcruntime140.dll: Signature #2/2:

VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659) w/ timestamp=0x8e79cd85/link.

5758.5ee8: Detected WinVerifyTrust recursion: rc=-5659 '\Device\HarddiskVolume5\

vcruntime140.dll'.

5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\

vcruntime140.dll)

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \

Device\HarddiskVolume5\vcruntime140.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1070000 'C:\

WINDOWS\system32\rsaenh.dll'

5758.5ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume3\Windows\System32\crypt32.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll

(Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0
pwszSearchPath=0000000000000001:<flags> [calling]

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2060000 'C:\

WINDOWS\System32\crypt32.dll'

5758.5ee8: supHardenedWinVerifyImageByHandle: -> -5659 (\Device\HarddiskVolume5\

vcruntime140_1.dll) WinVerifyTrust

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: rc=-5659 fImage=1 fProtect=0x0 fAccess=0x0 \
Device\HarddiskVolume5\vcruntime140_1.dll: Signature #2/2: Not valid kernel code signature.: \
Device\HarddiskVolume5\vcruntime140_1.dll

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...

5758.5ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\

HarddiskVolume5\vcruntime140.dll' [rcNtRedir=0xc0150008]

5758.5ee8: supR3HardenedScreenImage/Imports: cache hit (-5659) on \Device\HarddiskVolume5\

vcruntime140.dll [lacks WinVerifyTrust]

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/Imports: cached rc=-5659 fImage=1 fProtect=0x0

fAccess=0x0 cHits=1 \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: pName=D:\VBoxRT.dll (rcNtResolve=0xc0150008)

*pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\

HarddiskVolume5\VBoxRT.dll

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (-5659) on \Device\

HarddiskVolume5\vcruntime140.dll [lacks WinVerifyTrust]

5758.5ee8: Error (rc=0):

5758.5ee8: supR3HardenedScreenImage/NtCreateSection: cached rc=-5659 fImage=1 fProtect=0x10

fAccess=0xd cHits=2 \Device\HarddiskVolume5\vcruntime140.dll

5758.5ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'D:\VBoxRT.dll'

5758.5ee8: Error -610 in supR3HardenedMainInitRuntime! (enmWhat=4)

5758.5ee8: LoadLibrary "D:/VBoxRT.dll" failed (rc=1790)

6fec.6004: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0,

rcNt2=0x103, rcNt3=0x103, 395 ms, the end);

4c84.6498: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0,

rcNt2=0x103, rcNt3=0x103, 1578 ms, the end);