VirtualBox

Ticket #19695: VBoxHardening.log

File VBoxHardening.log, 296.0 KB (added by bendem, 4 years ago)

box hardening logs for the debian box

Line 
14640.5010: Log file opened: 6.1.10r138449 g_hStartupLog=00000000000000c4 g_uNtVerCombined=0xa047bb00
24640.5010: \SystemRoot\System32\ntdll.dll:
34640.5010: CreationTime: 2020-06-04T21:52:07.120928700Z
44640.5010: LastWriteTime: 2020-06-04T21:52:07.168926100Z
54640.5010: ChangeTime: 2020-06-11T05:59:45.335821000Z
64640.5010: FileAttributes: 0x20
74640.5010: Size: 0x1e8460
84640.5010: NT Headers: 0xd8
94640.5010: Timestamp: 0xb29ecf52
104640.5010: Machine: 0x8664 - amd64
114640.5010: Timestamp: 0xb29ecf52
124640.5010: Image Version: 10.0
134640.5010: SizeOfImage: 0x1f0000 (2031616)
144640.5010: Resource Dir: 0x17f000 LB 0x6f310
154640.5010: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164640.5010: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174640.5010: ProductName: Microsoft® Windows® Operating System
184640.5010: ProductVersion: 10.0.18362.815
194640.5010: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
204640.5010: FileDescription: NT Layer DLL
214640.5010: \SystemRoot\System32\kernel32.dll:
224640.5010: CreationTime: 2020-06-11T05:59:00.265617100Z
234640.5010: LastWriteTime: 2020-06-11T05:59:00.286623800Z
244640.5010: ChangeTime: 2020-06-11T06:16:26.669942700Z
254640.5010: FileAttributes: 0x20
264640.5010: Size: 0xb0498
274640.5010: NT Headers: 0xe8
284640.5010: Timestamp: 0xce6bbd73
294640.5010: Machine: 0x8664 - amd64
304640.5010: Timestamp: 0xce6bbd73
314640.5010: Image Version: 10.0
324640.5010: SizeOfImage: 0xb2000 (729088)
334640.5010: Resource Dir: 0xb0000 LB 0x520
344640.5010: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354640.5010: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364640.5010: ProductName: Microsoft® Windows® Operating System
374640.5010: ProductVersion: 10.0.18362.900
384640.5010: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
394640.5010: FileDescription: Windows NT BASE API Client DLL
404640.5010: \SystemRoot\System32\KernelBase.dll:
414640.5010: CreationTime: 2020-06-04T21:52:07.848993500Z
424640.5010: LastWriteTime: 2020-06-04T21:52:07.921994800Z
434640.5010: ChangeTime: 2020-06-11T05:59:45.337821200Z
444640.5010: FileAttributes: 0x20
454640.5010: Size: 0x2a4068
464640.5010: NT Headers: 0xf8
474640.5010: Timestamp: 0xb89efff3
484640.5010: Machine: 0x8664 - amd64
494640.5010: Timestamp: 0xb89efff3
504640.5010: Image Version: 10.0
514640.5010: SizeOfImage: 0x2a4000 (2768896)
524640.5010: Resource Dir: 0x27e000 LB 0x548
534640.5010: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544640.5010: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554640.5010: ProductName: Microsoft® Windows® Operating System
564640.5010: ProductVersion: 10.0.18362.815
574640.5010: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
584640.5010: FileDescription: Windows NT BASE API Client DLL
594640.5010: \SystemRoot\System32\apisetschema.dll:
604640.5010: CreationTime: 2019-03-19T04:43:54.837151500Z
614640.5010: LastWriteTime: 2019-03-19T04:43:54.837151500Z
624640.5010: ChangeTime: 2020-06-11T05:59:45.205822100Z
634640.5010: FileAttributes: 0x20
644640.5010: Size: 0x1d028
654640.5010: NT Headers: 0xc8
664640.5010: Timestamp: 0xd6ced080
674640.5010: Machine: 0x8664 - amd64
684640.5010: Timestamp: 0xd6ced080
694640.5010: Image Version: 10.0
704640.5010: SizeOfImage: 0x1e000 (122880)
714640.5010: Resource Dir: 0x1d000 LB 0x408
724640.5010: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734640.5010: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744640.5010: ProductName: Microsoft® Windows® Operating System
754640.5010: ProductVersion: 10.0.18362.1
764640.5010: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
774640.5010: FileDescription: ApiSet Schema DLL
784640.5010: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794640.5010: supR3HardenedWinFindAdversaries: 0x0
804640.5010: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
814640.5010: Calling main()
824640.5010: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
834640.5010: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
844640.5010: SUPR3HardenedMain: Respawn #1
854640.5010: System32: \Device\HarddiskVolume3\Windows\System32
864640.5010: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
874640.5010: KnownDllPath: C:\windows\System32
884640.5010: supR3HardenedWinInit: Performing a limited self purification...
894640.5010: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
904640.5010: *0000000000000000-000000000031ffff 0x0001/0x0000 0x0000000
914640.5010: *0000000000320000-000000000032ffff 0x0004/0x0004 0x0040000
924640.5010: *0000000000330000-0000000000331fff 0x0004/0x0004 0x0040000
934640.5010: 0000000000332000-000000000033ffff 0x0001/0x0000 0x0000000
944640.5010: *0000000000340000-000000000035afff 0x0002/0x0002 0x0040000
954640.5010: 000000000035b000-000000000035ffff 0x0001/0x0000 0x0000000
964640.5010: *0000000000360000-0000000000360fff 0x0040/0x0040 0x0020000 !!
974640.5010: 0000000000361000-000000000036ffff 0x0001/0x0000 0x0000000
984640.5010: *0000000000370000-0000000000373fff 0x0002/0x0002 0x0040000
994640.5010: 0000000000374000-000000000037ffff 0x0001/0x0000 0x0000000
1004640.5010: *0000000000380000-0000000000381fff 0x0004/0x0004 0x0020000
1014640.5010: 0000000000382000-000000000038ffff 0x0001/0x0000 0x0000000
1024640.5010: *0000000000390000-0000000000390fff 0x0002/0x0002 0x0040000
1034640.5010: 0000000000391000-000000000039ffff 0x0001/0x0000 0x0000000
1044640.5010: *00000000003a0000-00000000003a1fff 0x0004/0x0004 0x0020000
1054640.5010: 00000000003a2000-00000000003d1fff 0x0000/0x0004 0x0020000
1064640.5010: 00000000003d2000-00000000003dffff 0x0001/0x0000 0x0000000
1074640.5010: *00000000003e0000-00000000003e0fff 0x0004/0x0004 0x0020000
1084640.5010: 00000000003e1000-00000000003effff 0x0001/0x0000 0x0000000
1094640.5010: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
1104640.5010: 00000000003f4000-00000000003f7fff 0x0000/0x0002 0x0040000
1114640.5010: 00000000003f8000-00000000003fffff 0x0001/0x0000 0x0000000
1124640.5010: *0000000000400000-0000000000403fff 0x0004/0x0004 0x0020000
1134640.5010: 0000000000404000-00000000005fafff 0x0000/0x0004 0x0020000
1144640.5010: 00000000005fb000-00000000005fffff 0x0004/0x0004 0x0020000
1154640.5010: *0000000000600000-00000000006b8fff 0x0000/0x0004 0x0020000
1164640.5010: 00000000006b9000-00000000006bbfff 0x0104/0x0004 0x0020000
1174640.5010: 00000000006bc000-00000000006fffff 0x0004/0x0004 0x0020000
1184640.5010: *0000000000700000-00000000007c6fff 0x0002/0x0002 0x0040000
1194640.5010: 00000000007c7000-00000000007cffff 0x0001/0x0000 0x0000000
1204640.5010: *00000000007d0000-00000000007d0fff 0x0002/0x0002 0x0040000
1214640.5010: 00000000007d1000-00000000007dffff 0x0001/0x0000 0x0000000
1224640.5010: *00000000007e0000-00000000007e0fff 0x0004/0x0004 0x0020000
1234640.5010: 00000000007e1000-00000000007effff 0x0001/0x0000 0x0000000
1244640.5010: *00000000007f0000-00000000007f0fff 0x0002/0x0002 0x0040000
1254640.5010: 00000000007f1000-00000000007fffff 0x0001/0x0000 0x0000000
1264640.5010: *0000000000800000-0000000000837fff 0x0004/0x0004 0x0020000
1274640.5010: 0000000000838000-00000000008fffff 0x0000/0x0004 0x0020000
1284640.5010: *0000000000900000-00000000009fafff 0x0000/0x0004 0x0020000
1294640.5010: 00000000009fb000-00000000009fdfff 0x0104/0x0004 0x0020000
1304640.5010: 00000000009fe000-00000000009fffff 0x0004/0x0004 0x0020000
1314640.5010: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
1324640.5010: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
1334640.5010: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
1344640.5010: *0000000000b00000-0000000000bfafff 0x0000/0x0004 0x0020000
1354640.5010: 0000000000bfb000-0000000000bfdfff 0x0104/0x0004 0x0020000
1364640.5010: 0000000000bfe000-0000000000bfffff 0x0004/0x0004 0x0020000
1374640.5010: *0000000000c00000-0000000000c1dfff 0x0002/0x0002 0x0040000
1384640.5010: 0000000000c1e000-0000000000dfffff 0x0000/0x0002 0x0040000
1394640.5010: *0000000000e00000-0000000000f80fff 0x0002/0x0002 0x0040000
1404640.5010: 0000000000f81000-0000000000f8ffff 0x0001/0x0000 0x0000000
1414640.5010: *0000000000f90000-0000000001089fff 0x0002/0x0002 0x0040000
1424640.5010: 000000000108a000-0000000002390fff 0x0000/0x0002 0x0040000
1434640.5010: 0000000002391000-000000000239ffff 0x0001/0x0000 0x0000000
1444640.5010: *00000000023a0000-00000000023a0fff 0x0004/0x0004 0x0020000
1454640.5010: 00000000023a1000-00000000023d1fff 0x0000/0x0004 0x0020000
1464640.5010: 00000000023d2000-00000000023dffff 0x0001/0x0000 0x0000000
1474640.5010: *00000000023e0000-00000000023e0fff 0x0004/0x0004 0x0020000
1484640.5010: 00000000023e1000-00000000023effff 0x0001/0x0000 0x0000000
1494640.5010: *00000000023f0000-00000000023f0fff 0x0002/0x0002 0x0040000
1504640.5010: 00000000023f1000-00000000023fffff 0x0001/0x0000 0x0000000
1514640.5010: *0000000002400000-0000000002400fff 0x0004/0x0004 0x0020000
1524640.5010: 0000000002401000-000000000240ffff 0x0001/0x0000 0x0000000
1534640.5010: *0000000002410000-0000000002410fff 0x0002/0x0002 0x0040000
1544640.5010: 0000000002411000-000000000241ffff 0x0001/0x0000 0x0000000
1554640.5010: *0000000002420000-0000000002420fff 0x0004/0x0004 0x0020000
1564640.5010: 0000000002421000-000000000242ffff 0x0001/0x0000 0x0000000
1574640.5010: *0000000002430000-0000000002431fff 0x0004/0x0004 0x0020000
1584640.5010: 0000000002432000-0000000002461fff 0x0000/0x0004 0x0020000
1594640.5010: 0000000002462000-00000000024fffff 0x0001/0x0000 0x0000000
1604640.5010: *0000000002500000-0000000002507fff 0x0004/0x0004 0x0020000
1614640.5010: 0000000002508000-000000000250ffff 0x0000/0x0004 0x0020000
1624640.5010: *0000000002510000-000000000252cfff 0x0004/0x0004 0x0020000
1634640.5010: 000000000252d000-000000000260ffff 0x0000/0x0004 0x0020000
1644640.5010: 0000000002610000-000000000267ffff 0x0001/0x0000 0x0000000
1654640.5010: *0000000002680000-000000000268efff 0x0004/0x0004 0x0020000
1664640.5010: 000000000268f000-000000000268ffff 0x0000/0x0004 0x0020000
1674640.5010: *0000000002690000-000000000269efff 0x0000/0x0004 0x0020000
1684640.5010: 000000000269f000-000000000288ffff 0x0004/0x0004 0x0020000
1694640.5010: 0000000002890000-0000000002890fff 0x0000/0x0004 0x0020000
1704640.5010: 0000000002891000-000000007ffdffff 0x0001/0x0000 0x0000000
1714640.5010: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1724640.5010: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
1734640.5010: 000000007ffe2000-00007ff46e5affff 0x0001/0x0000 0x0000000
1744640.5010: *00007ff46e5b0000-00007ff46e5b4fff 0x0002/0x0002 0x0040000
1754640.5010: 00007ff46e5b5000-00007ff46e6affff 0x0000/0x0002 0x0040000
1764640.5010: *00007ff46e6b0000-00007ff56e6cffff 0x0000/0x0004 0x0020000
1774640.5010: *00007ff56e6d0000-00007ff5706cffff 0x0000/0x0004 0x0020000
1784640.5010: 00007ff5706d0000-00007ff5706d0fff 0x0004/0x0004 0x0020000
1794640.5010: 00007ff5706d1000-00007ff5706dffff 0x0001/0x0000 0x0000000
1804640.5010: *00007ff5706e0000-00007ff5706e0fff 0x0002/0x0002 0x0040000
1814640.5010: 00007ff5706e1000-00007ff5706effff 0x0001/0x0000 0x0000000
1824640.5010: *00007ff5706f0000-00007ff570712fff 0x0002/0x0002 0x0040000
1834640.5010: 00007ff570713000-00007ff7b172ffff 0x0001/0x0000 0x0000000
1844640.5010: *00007ff7b1730000-00007ff7b1730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1854640.5010: 00007ff7b1731000-00007ff7b17a6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1864640.5010: 00007ff7b17a7000-00007ff7b17a7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1874640.5010: 00007ff7b17a8000-00007ff7b17effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1884640.5010: 00007ff7b17f0000-00007ff7b17f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1894640.5010: 00007ff7b17f3000-00007ff7b17f5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1904640.5010: 00007ff7b17f6000-00007ff7b17f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1914640.5010: 00007ff7b17f9000-00007ff7b17f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1924640.5010: 00007ff7b17fa000-00007ff7b17fbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1934640.5010: 00007ff7b17fc000-00007ff7b17fcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1944640.5010: 00007ff7b17fd000-00007ff7b1845fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1954640.5010: 00007ff7b1846000-00007ffa2089ffff 0x0001/0x0000 0x0000000
1964640.5010: *00007ffa208a0000-00007ffa208a0fff 0x0020/0x0004 0x0020000 !!
1974640.5010: 00007ffa208a1000-00007ffa208affff 0x0001/0x0000 0x0000000
1984640.5010: *00007ffa208b0000-00007ffa208b0fff 0x0020/0x0004 0x0020000 !!
1994640.5010: 00007ffa208b1000-00007ffa208bffff 0x0001/0x0000 0x0000000
2004640.5010: *00007ffa208c0000-00007ffa208c0fff 0x0020/0x0004 0x0020000 !!
2014640.5010: 00007ffa208c1000-00007ffa208effff 0x0001/0x0000 0x0000000
2024640.5010: *00007ffa208f0000-00007ffa208f0fff 0x0020/0x0004 0x0020000 !!
2034640.5010: 00007ffa208f1000-00007ffa208fffff 0x0001/0x0000 0x0000000
2044640.5010: *00007ffa20900000-00007ffa20900fff 0x0020/0x0004 0x0020000 !!
2054640.5010: 00007ffa20901000-00007ffa2090ffff 0x0001/0x0000 0x0000000
2064640.5010: *00007ffa20910000-00007ffa20910fff 0x0020/0x0004 0x0020000 !!
2074640.5010: 00007ffa20911000-00007ffa2215ffff 0x0001/0x0000 0x0000000
2084640.5010: *00007ffa22160000-00007ffa22160fff 0x0020/0x0004 0x0020000 !!
2094640.5010: 00007ffa22161000-00007ffa5dc5ffff 0x0001/0x0000 0x0000000
2104640.5010: *00007ffa5dc60000-00007ffa5dc60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\cxinjime64.dll
2114640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dc60000 LB 0x1000 (base 00007ffa5dc60000) - 'cxinjime64.dll'
2124640.5010: 00007ffa5dc61000-00007ffa5dc6ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\cxinjime64.dll
2134640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dc61000 LB 0xf000 (base 00007ffa5dc60000) - 'cxinjime64.dll'
2144640.5010: 00007ffa5dc70000-00007ffa5dc79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\cxinjime64.dll
2154640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dc70000 LB 0xa000 (base 00007ffa5dc60000) - 'cxinjime64.dll'
2164640.5010: 00007ffa5dc7a000-00007ffa5dc7bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\cxinjime64.dll
2174640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dc7a000 LB 0x2000 (base 00007ffa5dc60000) - 'cxinjime64.dll'
2184640.5010: 00007ffa5dc7c000-00007ffa5dc7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\cxinjime64.dll
2194640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dc7c000 LB 0x4000 (base 00007ffa5dc60000) - 'cxinjime64.dll'
2204640.5010: 00007ffa5dc80000-00007ffa5dfeffff 0x0001/0x0000 0x0000000
2214640.5010: *00007ffa5dff0000-00007ffa5dff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\ShellHook64.dll
2224640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dff0000 LB 0x1000 (base 00007ffa5dff0000) - 'ShellHook64.dll'
2234640.5010: 00007ffa5dff1000-00007ffa5e006fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\ShellHook64.dll
2244640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5dff1000 LB 0x16000 (base 00007ffa5dff0000) - 'ShellHook64.dll'
2254640.5010: 00007ffa5e007000-00007ffa5e012fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\ShellHook64.dll
2264640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5e007000 LB 0xc000 (base 00007ffa5dff0000) - 'ShellHook64.dll'
2274640.5010: 00007ffa5e013000-00007ffa5e015fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\ShellHook64.dll
2284640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5e013000 LB 0x3000 (base 00007ffa5dff0000) - 'ShellHook64.dll'
2294640.5010: 00007ffa5e016000-00007ffa5e019fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\ShellHook64.dll
2304640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5e016000 LB 0x4000 (base 00007ffa5dff0000) - 'ShellHook64.dll'
2314640.5010: 00007ffa5e01a000-00007ffa5eb6ffff 0x0001/0x0000 0x0000000
2324640.5010: *00007ffa5eb70000-00007ffa5eb70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2334640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5eb70000 LB 0x1000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2344640.5010: 00007ffa5eb71000-00007ffa5ec27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2354640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5eb71000 LB 0xb7000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2364640.5010: 00007ffa5ec28000-00007ffa5ec66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2374640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec28000 LB 0x3f000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2384640.5010: 00007ffa5ec67000-00007ffa5ec68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2394640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec67000 LB 0x2000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2404640.5010: 00007ffa5ec69000-00007ffa5ec6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2414640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec69000 LB 0x2000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2424640.5010: 00007ffa5ec6b000-00007ffa5ec6dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2434640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec6b000 LB 0x3000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2444640.5010: 00007ffa5ec6e000-00007ffa5ec79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\SCardHook64.dll
2454640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec6e000 LB 0xc000 (base 00007ffa5eb70000) - 'SCardHook64.dll'
2464640.5010: 00007ffa5ec7a000-00007ffa5ec7ffff 0x0001/0x0000 0x0000000
2474640.5010: *00007ffa5ec80000-00007ffa5ec80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2484640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec80000 LB 0x1000 (base 00007ffa5ec80000) - 'msvcp140.dll'
2494640.5010: 00007ffa5ec81000-00007ffa5ecd0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2504640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ec81000 LB 0x50000 (base 00007ffa5ec80000) - 'msvcp140.dll'
2514640.5010: 00007ffa5ecd1000-00007ffa5ed0cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2524640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ecd1000 LB 0x3c000 (base 00007ffa5ec80000) - 'msvcp140.dll'
2534640.5010: 00007ffa5ed0d000-00007ffa5ed10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2544640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed0d000 LB 0x4000 (base 00007ffa5ec80000) - 'msvcp140.dll'
2554640.5010: 00007ffa5ed11000-00007ffa5ed18fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2564640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed11000 LB 0x8000 (base 00007ffa5ec80000) - 'msvcp140.dll'
2574640.5010: 00007ffa5ed19000-00007ffa5ed1ffff 0x0001/0x0000 0x0000000
2584640.5010: *00007ffa5ed20000-00007ffa5ed20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2594640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed20000 LB 0x1000 (base 00007ffa5ed20000) - 'vcruntime140.dll'
2604640.5010: 00007ffa5ed21000-00007ffa5ed2dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2614640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed21000 LB 0xd000 (base 00007ffa5ed20000) - 'vcruntime140.dll'
2624640.5010: 00007ffa5ed2e000-00007ffa5ed31fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2634640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed2e000 LB 0x4000 (base 00007ffa5ed20000) - 'vcruntime140.dll'
2644640.5010: 00007ffa5ed32000-00007ffa5ed32fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2654640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed32000 LB 0x1000 (base 00007ffa5ed20000) - 'vcruntime140.dll'
2664640.5010: 00007ffa5ed33000-00007ffa5ed36fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2674640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed33000 LB 0x4000 (base 00007ffa5ed20000) - 'vcruntime140.dll'
2684640.5010: 00007ffa5ed37000-00007ffa5ed3ffff 0x0001/0x0000 0x0000000
2694640.5010: *00007ffa5ed40000-00007ffa5ed40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\FullScreenHook64.dll
2704640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed40000 LB 0x1000 (base 00007ffa5ed40000) - 'FullScreenHook64.dll'
2714640.5010: 00007ffa5ed41000-00007ffa5ed47fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\FullScreenHook64.dll
2724640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed41000 LB 0x7000 (base 00007ffa5ed40000) - 'FullScreenHook64.dll'
2734640.5010: 00007ffa5ed48000-00007ffa5ed4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\FullScreenHook64.dll
2744640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed48000 LB 0x5000 (base 00007ffa5ed40000) - 'FullScreenHook64.dll'
2754640.5010: 00007ffa5ed4d000-00007ffa5ed4efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\FullScreenHook64.dll
2764640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed4d000 LB 0x2000 (base 00007ffa5ed40000) - 'FullScreenHook64.dll'
2774640.5010: 00007ffa5ed4f000-00007ffa5ed51fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\ICAService\FullScreenHook64.dll
2784640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed4f000 LB 0x3000 (base 00007ffa5ed40000) - 'FullScreenHook64.dll'
2794640.5010: 00007ffa5ed52000-00007ffa5ed5ffff 0x0001/0x0000 0x0000000
2804640.5010: *00007ffa5ed60000-00007ffa5ed60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\System32\MfApHook64.dll
2814640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed60000 LB 0x1000 (base 00007ffa5ed60000) - 'MfApHook64.dll'
2824640.5010: 00007ffa5ed61000-00007ffa5ed7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\System32\MfApHook64.dll
2834640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed61000 LB 0x1f000 (base 00007ffa5ed60000) - 'MfApHook64.dll'
2844640.5010: 00007ffa5ed80000-00007ffa5ed90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\System32\MfApHook64.dll
2854640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed80000 LB 0x11000 (base 00007ffa5ed60000) - 'MfApHook64.dll'
2864640.5010: 00007ffa5ed91000-00007ffa5ed93fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\System32\MfApHook64.dll
2874640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed91000 LB 0x3000 (base 00007ffa5ed60000) - 'MfApHook64.dll'
2884640.5010: 00007ffa5ed94000-00007ffa5ed97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Citrix\System32\MfApHook64.dll
2894640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5ed94000 LB 0x4000 (base 00007ffa5ed60000) - 'MfApHook64.dll'
2904640.5010: 00007ffa5ed98000-00007ffa5f0bffff 0x0001/0x0000 0x0000000
2914640.5010: *00007ffa5f0c0000-00007ffa5f0c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2924640.5010: 00007ffa5f0c1000-00007ffa5f1c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2934640.5010: 00007ffa5f1c6000-00007ffa5f328fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2944640.5010: 00007ffa5f329000-00007ffa5f32cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2954640.5010: 00007ffa5f32d000-00007ffa5f32dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2964640.5010: 00007ffa5f32e000-00007ffa5f363fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2974640.5010: 00007ffa5f364000-00007ffa5f36ffff 0x0001/0x0000 0x0000000
2984640.5010: *00007ffa5f370000-00007ffa5f370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
2994640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f370000 LB 0x1000 (base 00007ffa5f370000) - 'ucrtbase.dll'
3004640.5010: 00007ffa5f371000-00007ffa5f421fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3014640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f371000 LB 0xb1000 (base 00007ffa5f370000) - 'ucrtbase.dll'
3024640.5010: 00007ffa5f422000-00007ffa5f459fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3034640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f422000 LB 0x38000 (base 00007ffa5f370000) - 'ucrtbase.dll'
3044640.5010: 00007ffa5f45a000-00007ffa5f45cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3054640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f45a000 LB 0x3000 (base 00007ffa5f370000) - 'ucrtbase.dll'
3064640.5010: 00007ffa5f45d000-00007ffa5f469fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3074640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f45d000 LB 0xd000 (base 00007ffa5f370000) - 'ucrtbase.dll'
3084640.5010: 00007ffa5f46a000-00007ffa5f46ffff 0x0001/0x0000 0x0000000
3094640.5010: *00007ffa5f470000-00007ffa5f470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3104640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f470000 LB 0x1000 (base 00007ffa5f470000) - 'gdi32full.dll'
3114640.5010: 00007ffa5f471000-00007ffa5f541fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3124640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f471000 LB 0xd1000 (base 00007ffa5f470000) - 'gdi32full.dll'
3134640.5010: 00007ffa5f542000-00007ffa5f5e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3144640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f542000 LB 0xa1000 (base 00007ffa5f470000) - 'gdi32full.dll'
3154640.5010: 00007ffa5f5e3000-00007ffa5f5e6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3164640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f5e3000 LB 0x4000 (base 00007ffa5f470000) - 'gdi32full.dll'
3174640.5010: 00007ffa5f5e7000-00007ffa5f5e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3184640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f5e7000 LB 0x1000 (base 00007ffa5f470000) - 'gdi32full.dll'
3194640.5010: 00007ffa5f5e8000-00007ffa5f604fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3204640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f5e8000 LB 0x1d000 (base 00007ffa5f470000) - 'gdi32full.dll'
3214640.5010: 00007ffa5f605000-00007ffa5f70ffff 0x0001/0x0000 0x0000000
3224640.5010: *00007ffa5f710000-00007ffa5f710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\win32u.dll
3234640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f710000 LB 0x1000 (base 00007ffa5f710000) - 'win32u.dll'
3244640.5010: 00007ffa5f711000-00007ffa5f71afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\win32u.dll
3254640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f711000 LB 0xa000 (base 00007ffa5f710000) - 'win32u.dll'
3264640.5010: 00007ffa5f71b000-00007ffa5f729fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\win32u.dll
3274640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f71b000 LB 0xf000 (base 00007ffa5f710000) - 'win32u.dll'
3284640.5010: 00007ffa5f72a000-00007ffa5f72afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\win32u.dll
3294640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f72a000 LB 0x1000 (base 00007ffa5f710000) - 'win32u.dll'
3304640.5010: 00007ffa5f72b000-00007ffa5f730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\win32u.dll
3314640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa5f72b000 LB 0x6000 (base 00007ffa5f710000) - 'win32u.dll'
3324640.5010: 00007ffa5f731000-00007ffa6006ffff 0x0001/0x0000 0x0000000
3334640.5010: *00007ffa60070000-00007ffa60070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3344640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60070000 LB 0x1000 (base 00007ffa60070000) - 'msvcp_win.dll'
3354640.5010: 00007ffa60071000-00007ffa600c4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3364640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60071000 LB 0x54000 (base 00007ffa60070000) - 'msvcp_win.dll'
3374640.5010: 00007ffa600c5000-00007ffa60101fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3384640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa600c5000 LB 0x3d000 (base 00007ffa60070000) - 'msvcp_win.dll'
3394640.5010: 00007ffa60102000-00007ffa60102fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3404640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60102000 LB 0x1000 (base 00007ffa60070000) - 'msvcp_win.dll'
3414640.5010: 00007ffa60103000-00007ffa60105fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3424640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60103000 LB 0x3000 (base 00007ffa60070000) - 'msvcp_win.dll'
3434640.5010: 00007ffa60106000-00007ffa6010dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3444640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60106000 LB 0x8000 (base 00007ffa60070000) - 'msvcp_win.dll'
3454640.5010: 00007ffa6010e000-00007ffa6010ffff 0x0001/0x0000 0x0000000
3464640.5010: *00007ffa60110000-00007ffa60110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3474640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60110000 LB 0x1000 (base 00007ffa60110000) - 'bcryptprimitives.dll'
3484640.5010: 00007ffa60111000-00007ffa60176fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3494640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60111000 LB 0x66000 (base 00007ffa60110000) - 'bcryptprimitives.dll'
3504640.5010: 00007ffa60177000-00007ffa60189fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3514640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60177000 LB 0x13000 (base 00007ffa60110000) - 'bcryptprimitives.dll'
3524640.5010: 00007ffa6018a000-00007ffa6018afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3534640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa6018a000 LB 0x1000 (base 00007ffa60110000) - 'bcryptprimitives.dll'
3544640.5010: 00007ffa6018b000-00007ffa6018ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3554640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa6018b000 LB 0x5000 (base 00007ffa60110000) - 'bcryptprimitives.dll'
3564640.5010: 00007ffa60190000-00007ffa6019ffff 0x0001/0x0000 0x0000000
3574640.5010: *00007ffa601a0000-00007ffa601a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3584640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa601a0000 LB 0x1000 (base 00007ffa601a0000) - 'shlwapi.dll'
3594640.5010: 00007ffa601a1000-00007ffa601cafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3604640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa601a1000 LB 0x2a000 (base 00007ffa601a0000) - 'shlwapi.dll'
3614640.5010: 00007ffa601cb000-00007ffa601eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3624640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa601cb000 LB 0x20000 (base 00007ffa601a0000) - 'shlwapi.dll'
3634640.5010: 00007ffa601eb000-00007ffa601ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3644640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa601eb000 LB 0x1000 (base 00007ffa601a0000) - 'shlwapi.dll'
3654640.5010: 00007ffa601ec000-00007ffa601f1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3664640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa601ec000 LB 0x6000 (base 00007ffa601a0000) - 'shlwapi.dll'
3674640.5010: 00007ffa601f2000-00007ffa6066ffff 0x0001/0x0000 0x0000000
3684640.5010: *00007ffa60670000-00007ffa60670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3694640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60670000 LB 0x1000 (base 00007ffa60670000) - 'advapi32.dll'
3704640.5010: 00007ffa60671000-00007ffa606cffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3714640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60671000 LB 0x5f000 (base 00007ffa60670000) - 'advapi32.dll'
3724640.5010: 00007ffa606d0000-00007ffa60704fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3734640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa606d0000 LB 0x35000 (base 00007ffa60670000) - 'advapi32.dll'
3744640.5010: 00007ffa60705000-00007ffa60705fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3754640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60705000 LB 0x1000 (base 00007ffa60670000) - 'advapi32.dll'
3764640.5010: 00007ffa60706000-00007ffa60706fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3774640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60706000 LB 0x1000 (base 00007ffa60670000) - 'advapi32.dll'
3784640.5010: 00007ffa60707000-00007ffa60708fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3794640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60707000 LB 0x2000 (base 00007ffa60670000) - 'advapi32.dll'
3804640.5010: 00007ffa60709000-00007ffa60709fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3814640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60709000 LB 0x1000 (base 00007ffa60670000) - 'advapi32.dll'
3824640.5010: 00007ffa6070a000-00007ffa60712fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3834640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa6070a000 LB 0x9000 (base 00007ffa60670000) - 'advapi32.dll'
3844640.5010: 00007ffa60713000-00007ffa6086ffff 0x0001/0x0000 0x0000000
3854640.5010: *00007ffa60870000-00007ffa60870fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\user32.dll
3864640.5010: 00007ffa60871000-00007ffa608f6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\user32.dll
3874640.5010: 00007ffa608f7000-00007ffa60916fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\user32.dll
3884640.5010: 00007ffa60917000-00007ffa60918fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\user32.dll
3894640.5010: 00007ffa60919000-00007ffa60a03fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\user32.dll
3904640.5010: 00007ffa60a04000-00007ffa60a0ffff 0x0001/0x0000 0x0000000
3914640.5010: *00007ffa60a10000-00007ffa60a10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
3924640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a10000 LB 0x1000 (base 00007ffa60a10000) - 'sechost.dll'
3934640.5010: 00007ffa60a11000-00007ffa60a71fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
3944640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a11000 LB 0x61000 (base 00007ffa60a10000) - 'sechost.dll'
3954640.5010: 00007ffa60a72000-00007ffa60a98fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
3964640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a72000 LB 0x27000 (base 00007ffa60a10000) - 'sechost.dll'
3974640.5010: 00007ffa60a99000-00007ffa60a99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
3984640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a99000 LB 0x1000 (base 00007ffa60a10000) - 'sechost.dll'
3994640.5010: 00007ffa60a9a000-00007ffa60a9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
4004640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a9a000 LB 0x1000 (base 00007ffa60a10000) - 'sechost.dll'
4014640.5010: 00007ffa60a9b000-00007ffa60a9cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
4024640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a9b000 LB 0x2000 (base 00007ffa60a10000) - 'sechost.dll'
4034640.5010: 00007ffa60a9d000-00007ffa60aa6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\sechost.dll
4044640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60a9d000 LB 0xa000 (base 00007ffa60a10000) - 'sechost.dll'
4054640.5010: 00007ffa60aa7000-00007ffa60aaffff 0x0001/0x0000 0x0000000
4064640.5010: *00007ffa60ab0000-00007ffa60ab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4074640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60ab0000 LB 0x1000 (base 00007ffa60ab0000) - 'rpcrt4.dll'
4084640.5010: 00007ffa60ab1000-00007ffa60b8dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4094640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60ab1000 LB 0xdd000 (base 00007ffa60ab0000) - 'rpcrt4.dll'
4104640.5010: 00007ffa60b8e000-00007ffa60bb8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4114640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60b8e000 LB 0x2b000 (base 00007ffa60ab0000) - 'rpcrt4.dll'
4124640.5010: 00007ffa60bb9000-00007ffa60bbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4134640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60bb9000 LB 0x2000 (base 00007ffa60ab0000) - 'rpcrt4.dll'
4144640.5010: 00007ffa60bbb000-00007ffa60bcffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4154640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60bbb000 LB 0x15000 (base 00007ffa60ab0000) - 'rpcrt4.dll'
4164640.5010: 00007ffa60bd0000-00007ffa60d9ffff 0x0001/0x0000 0x0000000
4174640.5010: *00007ffa60da0000-00007ffa60da0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32.dll
4184640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60da0000 LB 0x1000 (base 00007ffa60da0000) - 'gdi32.dll'
4194640.5010: 00007ffa60da1000-00007ffa60dacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32.dll
4204640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60da1000 LB 0xc000 (base 00007ffa60da0000) - 'gdi32.dll'
4214640.5010: 00007ffa60dad000-00007ffa60dbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32.dll
4224640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60dad000 LB 0x13000 (base 00007ffa60da0000) - 'gdi32.dll'
4234640.5010: 00007ffa60dc0000-00007ffa60dc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32.dll
4244640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60dc0000 LB 0x1000 (base 00007ffa60da0000) - 'gdi32.dll'
4254640.5010: 00007ffa60dc1000-00007ffa60dc5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\gdi32.dll
4264640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa60dc1000 LB 0x5000 (base 00007ffa60da0000) - 'gdi32.dll'
4274640.5010: 00007ffa60dc6000-00007ffa6102ffff 0x0001/0x0000 0x0000000
4284640.5010: *00007ffa61030000-00007ffa61030fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4294640.5010: 00007ffa61031000-00007ffa610a5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4304640.5010: 00007ffa610a6000-00007ffa610d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4314640.5010: 00007ffa610d8000-00007ffa610d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4324640.5010: 00007ffa610d9000-00007ffa610d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4334640.5010: 00007ffa610da000-00007ffa610e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4344640.5010: 00007ffa610e2000-00007ffa610effff 0x0001/0x0000 0x0000000
4354640.5010: *00007ffa610f0000-00007ffa610f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\imm32.dll
4364640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa610f0000 LB 0x1000 (base 00007ffa610f0000) - 'imm32.dll'
4374640.5010: 00007ffa610f1000-00007ffa6110cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\imm32.dll
4384640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa610f1000 LB 0x1c000 (base 00007ffa610f0000) - 'imm32.dll'
4394640.5010: 00007ffa6110d000-00007ffa61113fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\imm32.dll
4404640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa6110d000 LB 0x7000 (base 00007ffa610f0000) - 'imm32.dll'
4414640.5010: 00007ffa61114000-00007ffa61114fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\imm32.dll
4424640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61114000 LB 0x1000 (base 00007ffa610f0000) - 'imm32.dll'
4434640.5010: 00007ffa61115000-00007ffa6111dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\imm32.dll
4444640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61115000 LB 0x9000 (base 00007ffa610f0000) - 'imm32.dll'
4454640.5010: 00007ffa6111e000-00007ffa6112ffff 0x0001/0x0000 0x0000000
4464640.5010: *00007ffa61130000-00007ffa61130fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4474640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61130000 LB 0x1000 (base 00007ffa61130000) - 'msvcrt.dll'
4484640.5010: 00007ffa61131000-00007ffa611a5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4494640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61131000 LB 0x75000 (base 00007ffa61130000) - 'msvcrt.dll'
4504640.5010: 00007ffa611a6000-00007ffa611befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4514640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611a6000 LB 0x19000 (base 00007ffa61130000) - 'msvcrt.dll'
4524640.5010: 00007ffa611bf000-00007ffa611c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4534640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611bf000 LB 0x2000 (base 00007ffa61130000) - 'msvcrt.dll'
4544640.5010: 00007ffa611c1000-00007ffa611c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4554640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611c1000 LB 0x3000 (base 00007ffa61130000) - 'msvcrt.dll'
4564640.5010: 00007ffa611c4000-00007ffa611c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4574640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611c4000 LB 0x2000 (base 00007ffa61130000) - 'msvcrt.dll'
4584640.5010: 00007ffa611c6000-00007ffa611c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4594640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611c6000 LB 0x1000 (base 00007ffa61130000) - 'msvcrt.dll'
4604640.5010: 00007ffa611c7000-00007ffa611cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4614640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa611c7000 LB 0x7000 (base 00007ffa61130000) - 'msvcrt.dll'
4624640.5010: 00007ffa611ce000-00007ffa6124ffff 0x0001/0x0000 0x0000000
4634640.5010: *00007ffa61250000-00007ffa61250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\combase.dll
4644640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61250000 LB 0x1000 (base 00007ffa61250000) - 'combase.dll'
4654640.5010: 00007ffa61251000-00007ffa6146efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\combase.dll
4664640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61251000 LB 0x21e000 (base 00007ffa61250000) - 'combase.dll'
4674640.5010: 00007ffa6146f000-00007ffa61531fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\combase.dll
4684640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa6146f000 LB 0xc3000 (base 00007ffa61250000) - 'combase.dll'
4694640.5010: 00007ffa61532000-00007ffa61537fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\combase.dll
4704640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61532000 LB 0x6000 (base 00007ffa61250000) - 'combase.dll'
4714640.5010: 00007ffa61538000-00007ffa61584fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\combase.dll
4724640.5010: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa61538000 LB 0x4d000 (base 00007ffa61250000) - 'combase.dll'
4734640.5010: 00007ffa61585000-00007ffa620dffff 0x0001/0x0000 0x0000000
4744640.5010: *00007ffa620e0000-00007ffa620e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4754640.5010: 00007ffa620e1000-00007ffa621f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4764640.5010: 00007ffa621f8000-00007ffa6223efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4774640.5010: 00007ffa6223f000-00007ffa6223ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4784640.5010: 00007ffa62240000-00007ffa62241fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4794640.5010: 00007ffa62242000-00007ffa6224afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4804640.5010: 00007ffa6224b000-00007ffa622cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4814640.5010: 00007ffa622d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
4824640.5010: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
4834640.5010: user32.dll: timestamp 0x3510496d (rc=VINF_SUCCESS)
4844640.5010: kernelbase.dll: timestamp 0xb89efff3 (rc=VINF_SUCCESS)
4854640.5010: VBoxHeadless.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
4864640.5010: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4874640.5010: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4884640.5010: ntdll.dll: Differences in section #1 (.text) between file and memory:
4894640.5010: 00007ffa62159360 / 0x0079360: 48 != e9
4904640.5010: 00007ffa62159361 / 0x0079361: 89 != 9b
4914640.5010: 00007ffa62159362 / 0x0079362: 5c != 6c
4924640.5010: 00007ffa62159363 / 0x0079363: 24 != 00
4934640.5010: 00007ffa62159364 / 0x0079364: 10 != c0
4944640.5010: Restored 0x2000 bytes of original file content at 00007ffa6215777e
4954640.5010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
4964640.5010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
4974640.5010: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
4984640.5010: Error (rc=-5629):
4994640.5010: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
5004640.5010: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=1
5014640.5010: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5024640.5010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
5034640.5010: supR3HardNtEnableThreadCreationEx:
5044640.5010: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa62151770 pvNtTerminateThread=00007ffa6217cac0
5054640.5010: supR3HardenedWinDoReSpawn(1): New child 5588.4484 [kernel32].
5064640.5010: supR3HardNtChildGatherData: PebBaseAddress=0000000000d50000 cbPeb=0x388
5074640.5010: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa620e0000 uNtDllChildAddr=00007ffa620e0000
5084640.5010: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa62151770
5094640.5010: supR3HardenedWinSetupChildInit: Initial context:
510 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7b1737740 rdx=0000000000d50000
511 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
512 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
513 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
514 rip=00007ffa6214ce30 rsp=0000000000bcfbc8 rbp=0000000000000000 ctxflags=0010001b
515 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
516 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
517 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
518 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
519 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5204640.5010: supR3HardenedWinSetupChildInit: Start child.
5214640.5010: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5224640.5010: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 30 sleeps
5234640.5010: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5244640.5010: *0000000000000000-0000000000a8ffff 0x0001/0x0000 0x0000000
5254640.5010: *0000000000a90000-0000000000aaffff 0x0004/0x0004 0x0020000
5264640.5010: *0000000000ab0000-0000000000acafff 0x0002/0x0002 0x0040000
5274640.5010: 0000000000acb000-0000000000acffff 0x0001/0x0000 0x0000000
5284640.5010: *0000000000ad0000-0000000000bcafff 0x0000/0x0004 0x0020000
5294640.5010: 0000000000bcb000-0000000000bcdfff 0x0104/0x0004 0x0020000
5304640.5010: 0000000000bce000-0000000000bcffff 0x0004/0x0004 0x0020000
5314640.5010: *0000000000bd0000-0000000000bd0fff 0x0040/0x0040 0x0020000 !!
5324640.5010: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000bd0000 (LB 0x1000, 0000000000bd0000 LB 0x1000)
5334640.5010: 000000000253b7a0/0000: 88 55 00 00 00 00 00 00-5c 00 44 00 65 00 76 00 .U......\.D.e.v.
534000000000253b7b0/0010: 69 00 63 00 65 00 5c 00-48 00 61 00 72 00 64 00 i.c.e.\.H.a.r.d.
535000000000253b7c0/0020: 64 00 69 00 73 00 6b 00-56 00 6f 00 6c 00 75 00 d.i.s.k.V.o.l.u.
536000000000253b7d0/0030: 6d 00 65 00 33 00 5c 00-50 00 72 00 6f 00 67 00 m.e.3.\.P.r.o.g.
537000000000253b7e0/0040: 72 00 61 00 6d 00 20 00-46 00 69 00 6c 00 65 00 r.a.m. .F.i.l.e.
538000000000253b7f0/0050: 73 00 5c 00 4f 00 72 00-61 00 63 00 6c 00 65 00 s.\.O.r.a.c.l.e.
539000000000253b800/0060: 5c 00 56 00 69 00 72 00-74 00 75 00 61 00 6c 00 \.V.i.r.t.u.a.l.
540000000000253b810/0070: 42 00 6f 00 78 00 5c 00-56 00 42 00 6f 00 78 00 B.o.x.\.V.B.o.x.
541000000000253b820/0080: 48 00 65 00 61 00 64 00-6c 00 65 00 73 00 73 00 H.e.a.d.l.e.s.s.
542000000000253b830/0090: 2e 00 65 00 78 00 65 00-00 00 00 00 00 00 00 00 ..e.x.e.........
543000000000253b840/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
544**************** **** <ditto x 4>
545000000000253b890/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
5464640.5010: 000000000253b9a0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
547000000000253b9b0/0010: 50 04 bd 00 00 00 00 00-00 00 bd 00 00 00 00 00 P...............
548000000000253b9c0/0020: 70 07 bd 00 00 00 00 00-00 00 bd 00 00 00 00 00 p...............
549000000000253b9d0/0030: 30 4d 78 77 00 00 00 00-7a 00 7c 00 48 02 bd 00 0Mxw....z.|.H...
550000000000253b9e0/0040: 00 00 00 00 00 00 00 00-43 00 3a 00 5c 00 50 00 ........C.:.\.P.
551000000000253b9f0/0050: 72 00 6f 00 67 00 72 00-61 00 6d 00 20 00 46 00 r.o.g.r.a.m. .F.
552000000000253ba00/0060: 69 00 6c 00 65 00 73 00-5c 00 46 00 6f 00 72 00 i.l.e.s.\.F.o.r.
553000000000253ba10/0070: 74 00 69 00 6e 00 65 00-74 00 5c 00 46 00 6f 00 t.i.n.e.t.\.F.o.
554000000000253ba20/0080: 72 00 74 00 69 00 43 00-6c 00 69 00 65 00 6e 00 r.t.i.C.l.i.e.n.
555000000000253ba30/0090: 74 00 5c 00 78 00 38 00-36 00 5c 00 41 00 6e 00 t.\.x.8.6.\.A.n.
556000000000253ba40/00a0: 74 00 69 00 45 00 78 00-70 00 6c 00 6f 00 69 00 t.i.E.x.p.l.o.i.
557000000000253ba50/00b0: 74 00 43 00 6f 00 72 00-65 00 2e 00 64 00 6c 00 t.C.o.r.e...d.l.
558000000000253ba60/00c0: 6c 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 l...............
559000000000253ba70/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
560000000000253ba80/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
561000000000253ba90/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
5624640.5010: 000000000253bba0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
563**************** **** <ditto x 4>
564000000000253bbf0/0050: 55 8b ec 51 8b 45 08 8d-55 fc 52 c7 45 fc 00 00 U..Q.E..U.R.E...
565000000000253bc00/0060: 00 00 8b 88 30 02 00 00-05 38 02 00 00 50 6a 00 ....0....8...Pj.
566000000000253bc10/0070: 6a 00 ff d1 8b 4d fc 83-c4 10 85 c9 0f 44 c8 8b j....M.......D..
567000000000253bc20/0080: c1 8b e5 5d c2 04 00 00-00 00 00 00 00 00 00 00 ...]............
568000000000253bc30/0090: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
569**************** **** <ditto x 5>
570000000000253bc90/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
5714640.5010: 000000000253bca0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
572**************** **** <ditto x 4>
573000000000253bcf0/0050: 00 16 10 62 fa 7f 00 00-76 00 78 00 00 00 00 00 ...b....v.x.....
574000000000253bd00/0060: 68 05 bd 00 00 00 00 00-43 00 3a 00 5c 00 50 00 h.......C.:.\.P.
575000000000253bd10/0070: 72 00 6f 00 67 00 72 00-61 00 6d 00 20 00 46 00 r.o.g.r.a.m. .F.
576000000000253bd20/0080: 69 00 6c 00 65 00 73 00-5c 00 46 00 6f 00 72 00 i.l.e.s.\.F.o.r.
577000000000253bd30/0090: 74 00 69 00 6e 00 65 00-74 00 5c 00 46 00 6f 00 t.i.n.e.t.\.F.o.
578000000000253bd40/00a0: 72 00 74 00 69 00 43 00-6c 00 69 00 65 00 6e 00 r.t.i.C.l.i.e.n.
579000000000253bd50/00b0: 74 00 5c 00 41 00 6e 00-74 00 69 00 45 00 78 00 t.\.A.n.t.i.E.x.
580000000000253bd60/00c0: 70 00 6c 00 6f 00 69 00-74 00 43 00 6f 00 72 00 p.l.o.i.t.C.o.r.
581000000000253bd70/00d0: 65 00 36 00 34 00 2e 00-64 00 6c 00 6c 00 00 00 e.6.4...d.l.l...
582000000000253bd80/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
583000000000253bd90/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
5844640.5010: 000000000253bea0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
585**************** **** <ditto x 6>
586000000000253bf10/0070: 48 83 ec 28 48 8b 81 50-05 00 00 4c 8d 81 58 05 H..(H..P...L..X.
587000000000253bf20/0080: 00 00 33 c9 48 c7 44 24-30 00 00 00 00 4c 8d 4c ..3.H.D$0....L.L
588000000000253bf30/0090: 24 30 33 d2 ff d0 48 8b-4c 24 30 48 85 c9 0f 44 $03...H.L$0H...D
589000000000253bf40/00a0: c8 8b c1 48 83 c4 28 c3-00 00 00 00 00 00 00 00 ...H..(.........
590000000000253bf50/00b0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
591**************** **** <ditto x 3>
592000000000253bf90/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
5934640.5010: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000bd0000/0000000000bd0000 LB 0/0x1000]
5944640.5010: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000bd0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
5954640.5010: 0000000000bd1000-0000000000bdffff 0x0001/0x0000 0x0000000
5964640.5010: *0000000000be0000-0000000000be3fff 0x0002/0x0002 0x0040000
5974640.5010: 0000000000be4000-0000000000beffff 0x0001/0x0000 0x0000000
5984640.5010: *0000000000bf0000-0000000000bf1fff 0x0004/0x0004 0x0020000
5994640.5010: 0000000000bf2000-0000000000bfffff 0x0001/0x0000 0x0000000
6004640.5010: *0000000000c00000-0000000000d4ffff 0x0000/0x0004 0x0020000
6014640.5010: 0000000000d50000-0000000000d52fff 0x0004/0x0004 0x0020000
6024640.5010: 0000000000d53000-0000000000dfffff 0x0000/0x0004 0x0020000
6034640.5010: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
6044640.5010: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6054640.5010: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
6064640.5010: 000000007ffe2000-00007ff5dc4bffff 0x0001/0x0000 0x0000000
6074640.5010: *00007ff5dc4c0000-00007ff5dc4c0fff 0x0002/0x0002 0x0040000
6084640.5010: 00007ff5dc4c1000-00007ff5dc4cffff 0x0001/0x0000 0x0000000
6094640.5010: *00007ff5dc4d0000-00007ff5dc4f2fff 0x0002/0x0002 0x0040000
6104640.5010: 00007ff5dc4f3000-00007ff7b172ffff 0x0001/0x0000 0x0000000
6114640.5010: *00007ff7b1730000-00007ff7b1730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6124640.5010: 00007ff7b1731000-00007ff7b17a6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6134640.5010: 00007ff7b17a7000-00007ff7b17a7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6144640.5010: 00007ff7b17a8000-00007ff7b17effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6154640.5010: 00007ff7b17f0000-00007ff7b17f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6164640.5010: 00007ff7b17f1000-00007ff7b17f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6174640.5010: 00007ff7b17f2000-00007ff7b17f6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6184640.5010: 00007ff7b17f7000-00007ff7b17f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6194640.5010: 00007ff7b17f8000-00007ff7b17f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6204640.5010: 00007ff7b17f9000-00007ff7b17fcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6214640.5010: 00007ff7b17fd000-00007ff7b1845fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6224640.5010: 00007ff7b1846000-00007ffa620dffff 0x0001/0x0000 0x0000000
6234640.5010: *00007ffa620e0000-00007ffa620e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6244640.5010: 00007ffa620e1000-00007ffa621f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6254640.5010: 00007ffa621f8000-00007ffa6223efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6264640.5010: 00007ffa6223f000-00007ffa6224afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6274640.5010: 00007ffa6224b000-00007ffa62259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6284640.5010: 00007ffa6225a000-00007ffa6225afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6294640.5010: 00007ffa6225b000-00007ffa6225dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6304640.5010: 00007ffa6225e000-00007ffa622cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6314640.5010: 00007ffa622d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
6324640.5010: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
6334640.5010: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 59 sleeps
6344640.5010: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6354640.5010: *0000000000000000-0000000000a8ffff 0x0001/0x0000 0x0000000
6364640.5010: *0000000000a90000-0000000000aaffff 0x0004/0x0004 0x0020000
6374640.5010: *0000000000ab0000-0000000000acafff 0x0002/0x0002 0x0040000
6384640.5010: 0000000000acb000-0000000000acffff 0x0001/0x0000 0x0000000
6394640.5010: *0000000000ad0000-0000000000bcafff 0x0000/0x0004 0x0020000
6404640.5010: 0000000000bcb000-0000000000bcdfff 0x0104/0x0004 0x0020000
6414640.5010: 0000000000bce000-0000000000bcffff 0x0004/0x0004 0x0020000
6424640.5010: 0000000000bd0000-0000000000bdffff 0x0001/0x0000 0x0000000
6434640.5010: *0000000000be0000-0000000000be3fff 0x0002/0x0002 0x0040000
6444640.5010: 0000000000be4000-0000000000beffff 0x0001/0x0000 0x0000000
6454640.5010: *0000000000bf0000-0000000000bf1fff 0x0004/0x0004 0x0020000
6464640.5010: 0000000000bf2000-0000000000bfffff 0x0001/0x0000 0x0000000
6474640.5010: *0000000000c00000-0000000000d4ffff 0x0000/0x0004 0x0020000
6484640.5010: 0000000000d50000-0000000000d52fff 0x0004/0x0004 0x0020000
6494640.5010: 0000000000d53000-0000000000dfffff 0x0000/0x0004 0x0020000
6504640.5010: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
6514640.5010: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6524640.5010: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
6534640.5010: 000000007ffe2000-00007ff5dc4bffff 0x0001/0x0000 0x0000000
6544640.5010: *00007ff5dc4c0000-00007ff5dc4c0fff 0x0002/0x0002 0x0040000
6554640.5010: 00007ff5dc4c1000-00007ff5dc4cffff 0x0001/0x0000 0x0000000
6564640.5010: *00007ff5dc4d0000-00007ff5dc4f2fff 0x0002/0x0002 0x0040000
6574640.5010: 00007ff5dc4f3000-00007ff7b172ffff 0x0001/0x0000 0x0000000
6584640.5010: *00007ff7b1730000-00007ff7b1730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6594640.5010: 00007ff7b1731000-00007ff7b17a6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6604640.5010: 00007ff7b17a7000-00007ff7b17a7fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6614640.5010: 00007ff7b17a8000-00007ff7b17effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6624640.5010: 00007ff7b17f0000-00007ff7b17fcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6634640.5010: 00007ff7b17fd000-00007ff7b1845fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6644640.5010: 00007ff7b1846000-00007ffa620dffff 0x0001/0x0000 0x0000000
6654640.5010: *00007ffa620e0000-00007ffa620e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6664640.5010: 00007ffa620e1000-00007ffa621f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6674640.5010: 00007ffa621f8000-00007ffa6223efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6684640.5010: 00007ffa6223f000-00007ffa62242fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6694640.5010: 00007ffa62243000-00007ffa6224afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6704640.5010: 00007ffa6224b000-00007ffa62259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6714640.5010: 00007ffa6225a000-00007ffa6225afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6724640.5010: 00007ffa6225b000-00007ffa6225dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6734640.5010: 00007ffa6225e000-00007ffa622cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6744640.5010: 00007ffa622d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
6754640.5010: supR3HardNtChildPurify: Done after 808 ms and 1 fixes (loop #1).
6765588.4484: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047bb00
6775588.4484: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa620e0000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000bcf658)
6785588.4484: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
6795588.4484: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2031616 allocation)
6804640.5010: supR3HardNtEnableThreadCreationEx:
6815588.4484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6825588.4484: System32: \Device\HarddiskVolume3\Windows\System32
6835588.4484: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
6845588.4484: KnownDllPath: C:\windows\System32
6855588.4484: supR3HardenedVmProcessInit: Opening vboxdrv stub...
6865588.4484: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6875588.4484: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6885588.4484: Registered Dll notification callback with NTDLL.
6895588.4484: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
6905588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6915588.4484: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6925588.4484: supR3HardenedDllNotificationCallback: load 00007ffa5f0c0000 LB 0x002a4000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
6935588.4484: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
6945588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
6955588.4484: supR3HardenedDllNotificationCallback: load 00007ffa61030000 LB 0x000b2000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
6965588.4484: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6975588.4484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa61030000 'C:\windows\System32\KERNEL32.DLL'
6985588.4484: supR3HardenedDllNotificationCallback: load 00007ff7b1730000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
6995588.4484: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7005588.4484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7015588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7025588.4484: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007ffa6104a1b0 enmState=3 -> supR3HardenedWinDummyApcRoutine
7035588.4484: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000aa1008 pvArg2=0000000000000000 pvArg3=0000000000000000
7045588.4484: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa62151770 pvNtTerminateThread=00007ffa6217cac0
7054640.5010: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 158 ms.
7065588.4484: \SystemRoot\System32\ntdll.dll:
7075588.4484: CreationTime: 2020-06-04T21:52:07.120928700Z
7085588.4484: LastWriteTime: 2020-06-04T21:52:07.168926100Z
7095588.4484: ChangeTime: 2020-06-11T05:59:45.335821000Z
7105588.4484: FileAttributes: 0x20
7115588.4484: Size: 0x1e8460
7125588.4484: NT Headers: 0xd8
7135588.4484: Timestamp: 0xb29ecf52
7145588.4484: Machine: 0x8664 - amd64
7155588.4484: Timestamp: 0xb29ecf52
7165588.4484: Image Version: 10.0
7175588.4484: SizeOfImage: 0x1f0000 (2031616)
7185588.4484: Resource Dir: 0x17f000 LB 0x6f310
7195588.4484: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7205588.4484: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7215588.4484: ProductName: Microsoft® Windows® Operating System
7225588.4484: ProductVersion: 10.0.18362.815
7235588.4484: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
7245588.4484: FileDescription: NT Layer DLL
7255588.4484: \SystemRoot\System32\kernel32.dll:
7265588.4484: CreationTime: 2020-06-11T05:59:00.265617100Z
7275588.4484: LastWriteTime: 2020-06-11T05:59:00.286623800Z
7285588.4484: ChangeTime: 2020-06-11T06:16:26.669942700Z
7295588.4484: FileAttributes: 0x20
7305588.4484: Size: 0xb0498
7315588.4484: NT Headers: 0xe8
7325588.4484: Timestamp: 0xce6bbd73
7335588.4484: Machine: 0x8664 - amd64
7345588.4484: Timestamp: 0xce6bbd73
7355588.4484: Image Version: 10.0
7365588.4484: SizeOfImage: 0xb2000 (729088)
7375588.4484: Resource Dir: 0xb0000 LB 0x520
7385588.4484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7395588.4484: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7405588.4484: ProductName: Microsoft® Windows® Operating System
7415588.4484: ProductVersion: 10.0.18362.900
7425588.4484: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
7435588.4484: FileDescription: Windows NT BASE API Client DLL
7445588.4484: \SystemRoot\System32\KernelBase.dll:
7455588.4484: CreationTime: 2020-06-04T21:52:07.848993500Z
7465588.4484: LastWriteTime: 2020-06-04T21:52:07.921994800Z
7475588.4484: ChangeTime: 2020-06-11T05:59:45.337821200Z
7485588.4484: FileAttributes: 0x20
7495588.4484: Size: 0x2a4068
7505588.4484: NT Headers: 0xf8
7515588.4484: Timestamp: 0xb89efff3
7525588.4484: Machine: 0x8664 - amd64
7535588.4484: Timestamp: 0xb89efff3
7545588.4484: Image Version: 10.0
7555588.4484: SizeOfImage: 0x2a4000 (2768896)
7565588.4484: Resource Dir: 0x27e000 LB 0x548
7575588.4484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7585588.4484: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7595588.4484: ProductName: Microsoft® Windows® Operating System
7605588.4484: ProductVersion: 10.0.18362.815
7615588.4484: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
7625588.4484: FileDescription: Windows NT BASE API Client DLL
7635588.4484: \SystemRoot\System32\apisetschema.dll:
7645588.4484: CreationTime: 2019-03-19T04:43:54.837151500Z
7655588.4484: LastWriteTime: 2019-03-19T04:43:54.837151500Z
7665588.4484: ChangeTime: 2020-06-11T05:59:45.205822100Z
7675588.4484: FileAttributes: 0x20
7685588.4484: Size: 0x1d028
7695588.4484: NT Headers: 0xc8
7705588.4484: Timestamp: 0xd6ced080
7715588.4484: Machine: 0x8664 - amd64
7725588.4484: Timestamp: 0xd6ced080
7735588.4484: Image Version: 10.0
7745588.4484: SizeOfImage: 0x1e000 (122880)
7755588.4484: Resource Dir: 0x1d000 LB 0x408
7765588.4484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7775588.4484: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7785588.4484: ProductName: Microsoft® Windows® Operating System
7795588.4484: ProductVersion: 10.0.18362.1
7805588.4484: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
7815588.4484: FileDescription: ApiSet Schema DLL
7825588.4484: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7835588.4484: supR3HardenedWinFindAdversaries: 0x0
7845588.4484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7855588.4484: Calling main()
7865588.4484: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
7875588.4484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7885588.4484: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7895588.4484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7905588.4484: SUPR3HardenedMain: Respawn #2
7915588.4484: supR3HardNtEnableThreadCreationEx:
7925588.4484: supR3HardenedDllNotificationCallback: load 00007ffa60ab0000 LB 0x00120000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
7935588.4484: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
7945588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
7955588.4484: supR3HardenedDllNotificationCallback: load 00007ffa60a10000 LB 0x00097000 C:\windows\System32\sechost.dll [fFlags=0x0]
7965588.4484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
7975588.4484: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
7985588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
7995588.4484: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
8005588.4484: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
8015588.4484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8025588.4484: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8035588.4484: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8045588.4484: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8055588.4484: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8065588.4484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa620e0000 'C:\windows\System32\ntdll.dll'
8075588.4484: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa62151770 pvNtTerminateThread=00007ffa6217cac0
8085588.4484: supR3HardenedWinDoReSpawn(2): New child 189c.5448 [kernel32].
8095588.4484: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
8105588.4484: supR3HardNtChildGatherData: PebBaseAddress=0000000000a20000 cbPeb=0x388
8115588.4484: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa620e0000 uNtDllChildAddr=00007ffa620e0000
8125588.4484: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa62151770
8135588.4484: supR3HardenedWinSetupChildInit: Initial context:
814 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7b1737740 rdx=0000000000a20000
815 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
816 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
817 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
818 rip=00007ffa6214ce30 rsp=0000000000cff948 rbp=0000000000000000 ctxflags=0010001b
819 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
820 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
821 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
822 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
823 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
8245588.4484: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
8255588.4484: supR3HardenedWinSetupChildInit: Start child.
8265588.4484: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8275588.4484: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 30 sleeps
8285588.4484: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
8295588.4484: *0000000000000000-000000000095ffff 0x0001/0x0000 0x0000000
8305588.4484: *0000000000960000-000000000097ffff 0x0004/0x0004 0x0020000
8315588.4484: *0000000000980000-000000000099afff 0x0002/0x0002 0x0040000
8325588.4484: 000000000099b000-000000000099ffff 0x0001/0x0000 0x0000000
8335588.4484: *00000000009a0000-00000000009a0fff 0x0040/0x0040 0x0020000 !!
8345588.4484: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000009a0000 (LB 0x1000, 00000000009a0000 LB 0x1000)
8355588.4484: 00000000015aa7c0/0000: 9c 18 00 00 00 00 00 00-5c 00 44 00 65 00 76 00 ........\.D.e.v.
83600000000015aa7d0/0010: 69 00 63 00 65 00 5c 00-48 00 61 00 72 00 64 00 i.c.e.\.H.a.r.d.
83700000000015aa7e0/0020: 64 00 69 00 73 00 6b 00-56 00 6f 00 6c 00 75 00 d.i.s.k.V.o.l.u.
83800000000015aa7f0/0030: 6d 00 65 00 33 00 5c 00-50 00 72 00 6f 00 67 00 m.e.3.\.P.r.o.g.
83900000000015aa800/0040: 72 00 61 00 6d 00 20 00-46 00 69 00 6c 00 65 00 r.a.m. .F.i.l.e.
84000000000015aa810/0050: 73 00 5c 00 4f 00 72 00-61 00 63 00 6c 00 65 00 s.\.O.r.a.c.l.e.
84100000000015aa820/0060: 5c 00 56 00 69 00 72 00-74 00 75 00 61 00 6c 00 \.V.i.r.t.u.a.l.
84200000000015aa830/0070: 42 00 6f 00 78 00 5c 00-56 00 42 00 6f 00 78 00 B.o.x.\.V.B.o.x.
84300000000015aa840/0080: 48 00 65 00 61 00 64 00-6c 00 65 00 73 00 73 00 H.e.a.d.l.e.s.s.
84400000000015aa850/0090: 2e 00 65 00 78 00 65 00-00 00 00 00 00 00 00 00 ..e.x.e.........
84500000000015aa860/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
846**************** **** <ditto x 4>
84700000000015aa8b0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8485588.4484: 00000000015aa9c0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
84900000000015aa9d0/0010: 50 04 9a 00 00 00 00 00-00 00 9a 00 00 00 00 00 P...............
85000000000015aa9e0/0020: 70 07 9a 00 00 00 00 00-00 00 9a 00 00 00 00 00 p...............
85100000000015aa9f0/0030: 30 4d 78 77 00 00 00 00-7a 00 7c 00 48 02 9a 00 0Mxw....z.|.H...
85200000000015aaa00/0040: 00 00 00 00 00 00 00 00-43 00 3a 00 5c 00 50 00 ........C.:.\.P.
85300000000015aaa10/0050: 72 00 6f 00 67 00 72 00-61 00 6d 00 20 00 46 00 r.o.g.r.a.m. .F.
85400000000015aaa20/0060: 69 00 6c 00 65 00 73 00-5c 00 46 00 6f 00 72 00 i.l.e.s.\.F.o.r.
85500000000015aaa30/0070: 74 00 69 00 6e 00 65 00-74 00 5c 00 46 00 6f 00 t.i.n.e.t.\.F.o.
85600000000015aaa40/0080: 72 00 74 00 69 00 43 00-6c 00 69 00 65 00 6e 00 r.t.i.C.l.i.e.n.
85700000000015aaa50/0090: 74 00 5c 00 78 00 38 00-36 00 5c 00 41 00 6e 00 t.\.x.8.6.\.A.n.
85800000000015aaa60/00a0: 74 00 69 00 45 00 78 00-70 00 6c 00 6f 00 69 00 t.i.E.x.p.l.o.i.
85900000000015aaa70/00b0: 74 00 43 00 6f 00 72 00-65 00 2e 00 64 00 6c 00 t.C.o.r.e...d.l.
86000000000015aaa80/00c0: 6c 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 l...............
86100000000015aaa90/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
86200000000015aaaa0/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
86300000000015aaab0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8645588.4484: 00000000015aabc0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
865**************** **** <ditto x 4>
86600000000015aac10/0050: 55 8b ec 51 8b 45 08 8d-55 fc 52 c7 45 fc 00 00 U..Q.E..U.R.E...
86700000000015aac20/0060: 00 00 8b 88 30 02 00 00-05 38 02 00 00 50 6a 00 ....0....8...Pj.
86800000000015aac30/0070: 6a 00 ff d1 8b 4d fc 83-c4 10 85 c9 0f 44 c8 8b j....M.......D..
86900000000015aac40/0080: c1 8b e5 5d c2 04 00 00-00 00 00 00 00 00 00 00 ...]............
87000000000015aac50/0090: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
871**************** **** <ditto x 5>
87200000000015aacb0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8735588.4484: 00000000015aacc0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
874**************** **** <ditto x 4>
87500000000015aad10/0050: 00 16 10 62 fa 7f 00 00-76 00 78 00 00 00 00 00 ...b....v.x.....
87600000000015aad20/0060: 68 05 9a 00 00 00 00 00-43 00 3a 00 5c 00 50 00 h.......C.:.\.P.
87700000000015aad30/0070: 72 00 6f 00 67 00 72 00-61 00 6d 00 20 00 46 00 r.o.g.r.a.m. .F.
87800000000015aad40/0080: 69 00 6c 00 65 00 73 00-5c 00 46 00 6f 00 72 00 i.l.e.s.\.F.o.r.
87900000000015aad50/0090: 74 00 69 00 6e 00 65 00-74 00 5c 00 46 00 6f 00 t.i.n.e.t.\.F.o.
88000000000015aad60/00a0: 72 00 74 00 69 00 43 00-6c 00 69 00 65 00 6e 00 r.t.i.C.l.i.e.n.
88100000000015aad70/00b0: 74 00 5c 00 41 00 6e 00-74 00 69 00 45 00 78 00 t.\.A.n.t.i.E.x.
88200000000015aad80/00c0: 70 00 6c 00 6f 00 69 00-74 00 43 00 6f 00 72 00 p.l.o.i.t.C.o.r.
88300000000015aad90/00d0: 65 00 36 00 34 00 2e 00-64 00 6c 00 6c 00 00 00 e.6.4...d.l.l...
88400000000015aada0/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
88500000000015aadb0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8865588.4484: 00000000015aaec0/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
887**************** **** <ditto x 6>
88800000000015aaf30/0070: 48 83 ec 28 48 8b 81 50-05 00 00 4c 8d 81 58 05 H..(H..P...L..X.
88900000000015aaf40/0080: 00 00 33 c9 48 c7 44 24-30 00 00 00 00 4c 8d 4c ..3.H.D$0....L.L
89000000000015aaf50/0090: 24 30 33 d2 ff d0 48 8b-4c 24 30 48 85 c9 0f 44 $03...H.L$0H...D
89100000000015aaf60/00a0: c8 8b c1 48 83 c4 28 c3-00 00 00 00 00 00 00 00 ...H..(.........
89200000000015aaf70/00b0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
893**************** **** <ditto x 3>
89400000000015aafb0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
8955588.4484: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000009a0000/00000000009a0000 LB 0/0x1000]
8965588.4484: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000009a0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
8975588.4484: 00000000009a1000-00000000009affff 0x0001/0x0000 0x0000000
8985588.4484: *00000000009b0000-00000000009b3fff 0x0002/0x0002 0x0040000
8995588.4484: 00000000009b4000-00000000009bffff 0x0001/0x0000 0x0000000
9005588.4484: *00000000009c0000-00000000009c1fff 0x0004/0x0004 0x0020000
9015588.4484: 00000000009c2000-00000000009fffff 0x0001/0x0000 0x0000000
9025588.4484: *0000000000a00000-0000000000a1ffff 0x0000/0x0004 0x0020000
9035588.4484: 0000000000a20000-0000000000a22fff 0x0004/0x0004 0x0020000
9045588.4484: 0000000000a23000-0000000000bfffff 0x0000/0x0004 0x0020000
9055588.4484: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
9065588.4484: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
9075588.4484: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
9085588.4484: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
9095588.4484: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
9105588.4484: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
9115588.4484: 000000007ffe2000-00007ff5b0feffff 0x0001/0x0000 0x0000000
9125588.4484: *00007ff5b0ff0000-00007ff5b0ff0fff 0x0002/0x0002 0x0040000
9135588.4484: 00007ff5b0ff1000-00007ff5b0ffffff 0x0001/0x0000 0x0000000
9145588.4484: *00007ff5b1000000-00007ff5b1022fff 0x0002/0x0002 0x0040000
9155588.4484: 00007ff5b1023000-00007ff7b172ffff 0x0001/0x0000 0x0000000
9165588.4484: *00007ff7b1730000-00007ff7b1730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9175588.4484: 00007ff7b1731000-00007ff7b17a6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9185588.4484: 00007ff7b17a7000-00007ff7b17a7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9195588.4484: 00007ff7b17a8000-00007ff7b17effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9205588.4484: 00007ff7b17f0000-00007ff7b17f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9215588.4484: 00007ff7b17f1000-00007ff7b17f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9225588.4484: 00007ff7b17f2000-00007ff7b17f6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9235588.4484: 00007ff7b17f7000-00007ff7b17f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9245588.4484: 00007ff7b17f8000-00007ff7b17f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9255588.4484: 00007ff7b17f9000-00007ff7b17fcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9265588.4484: 00007ff7b17fd000-00007ff7b1845fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9275588.4484: 00007ff7b1846000-00007ffa620dffff 0x0001/0x0000 0x0000000
9285588.4484: *00007ffa620e0000-00007ffa620e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9295588.4484: 00007ffa620e1000-00007ffa621f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9305588.4484: 00007ffa621f8000-00007ffa6223efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9315588.4484: 00007ffa6223f000-00007ffa6224afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9325588.4484: 00007ffa6224b000-00007ffa62259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9335588.4484: 00007ffa6225a000-00007ffa6225afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9345588.4484: 00007ffa6225b000-00007ffa6225dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9355588.4484: 00007ffa6225e000-00007ffa622cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9365588.4484: 00007ffa622d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
9375588.4484: VBoxHeadless.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
9385588.4484: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
9395588.4484: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
9405588.4484: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
9415588.4484: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 59 sleeps
9425588.4484: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9435588.4484: *0000000000000000-000000000095ffff 0x0001/0x0000 0x0000000
9445588.4484: *0000000000960000-000000000097ffff 0x0004/0x0004 0x0020000
9455588.4484: *0000000000980000-000000000099afff 0x0002/0x0002 0x0040000
9465588.4484: 000000000099b000-00000000009affff 0x0001/0x0000 0x0000000
9475588.4484: *00000000009b0000-00000000009b3fff 0x0002/0x0002 0x0040000
9485588.4484: 00000000009b4000-00000000009bffff 0x0001/0x0000 0x0000000
9495588.4484: *00000000009c0000-00000000009c1fff 0x0004/0x0004 0x0020000
9505588.4484: 00000000009c2000-00000000009fffff 0x0001/0x0000 0x0000000
9515588.4484: *0000000000a00000-0000000000a1ffff 0x0000/0x0004 0x0020000
9525588.4484: 0000000000a20000-0000000000a22fff 0x0004/0x0004 0x0020000
9535588.4484: 0000000000a23000-0000000000bfffff 0x0000/0x0004 0x0020000
9545588.4484: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
9555588.4484: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
9565588.4484: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
9575588.4484: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
9585588.4484: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
9595588.4484: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
9605588.4484: 000000007ffe2000-00007ff5b0feffff 0x0001/0x0000 0x0000000
9615588.4484: *00007ff5b0ff0000-00007ff5b0ff0fff 0x0002/0x0002 0x0040000
9625588.4484: 00007ff5b0ff1000-00007ff5b0ffffff 0x0001/0x0000 0x0000000
9635588.4484: *00007ff5b1000000-00007ff5b1022fff 0x0002/0x0002 0x0040000
9645588.4484: 00007ff5b1023000-00007ff7b172ffff 0x0001/0x0000 0x0000000
9655588.4484: *00007ff7b1730000-00007ff7b1730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9665588.4484: 00007ff7b1731000-00007ff7b17a6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9675588.4484: 00007ff7b17a7000-00007ff7b17a7fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9685588.4484: 00007ff7b17a8000-00007ff7b17effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9695588.4484: 00007ff7b17f0000-00007ff7b17fcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9705588.4484: 00007ff7b17fd000-00007ff7b1845fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9715588.4484: 00007ff7b1846000-00007ffa620dffff 0x0001/0x0000 0x0000000
9725588.4484: *00007ffa620e0000-00007ffa620e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9735588.4484: 00007ffa620e1000-00007ffa621f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9745588.4484: 00007ffa621f8000-00007ffa6223efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9755588.4484: 00007ffa6223f000-00007ffa62242fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9765588.4484: 00007ffa62243000-00007ffa6224afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9775588.4484: 00007ffa6224b000-00007ffa62259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9785588.4484: 00007ffa6225a000-00007ffa6225afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9795588.4484: 00007ffa6225b000-00007ffa6225dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9805588.4484: 00007ffa6225e000-00007ffa622cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9815588.4484: 00007ffa622d0000-00007ffffffeffff 0x0001/0x0000 0x0000000
9825588.4484: supR3HardNtChildPurify: Done after 871 ms and 1 fixes (loop #1).
983189c.5448: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047bb00
9845588.4484: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
985189c.5448: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa620e0000 g_uNtVerCombined=0xa047bb00 (stack ~0000000000cff3d8)
9865588.4484: supR3HardNtEnableThreadCreationEx:
987189c.5448: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
988189c.5448: New simple heap: #1 0000000000e00000 LB 0x400000 (for 2031616 allocation)
989189c.5448: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
990189c.5448: System32: \Device\HarddiskVolume3\Windows\System32
991189c.5448: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
992189c.5448: KnownDllPath: C:\windows\System32
993189c.5448: supR3HardenedVmProcessInit: Opening vboxdrv...
994189c.5448: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
995189c.5448: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
996189c.5448: Registered Dll notification callback with NTDLL.
997189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
998189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
999189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1000189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f0c0000 LB 0x002a4000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
1001189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1002189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1003189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa61030000 LB 0x000b2000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
1004189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1005189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa61030000 'C:\windows\System32\KERNEL32.DLL'
1006189c.5448: supR3HardenedDllNotificationCallback: load 00007ff7b1730000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
1007189c.5448: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1008189c.5448: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1009189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1010189c.5448: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007ffa6104a1b0 enmState=4 -> supR3HardenedWinDummyApcRoutine
1011189c.5448: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000971008 pvArg2=0000000000000000 pvArg3=0000000000000000
1012189c.5448: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa62151770 pvNtTerminateThread=00007ffa6217cac0
10135588.4484: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 141 ms.
1014189c.5448: \SystemRoot\System32\ntdll.dll:
1015189c.5448: CreationTime: 2020-06-04T21:52:07.120928700Z
1016189c.5448: LastWriteTime: 2020-06-04T21:52:07.168926100Z
1017189c.5448: ChangeTime: 2020-06-11T05:59:45.335821000Z
1018189c.5448: FileAttributes: 0x20
1019189c.5448: Size: 0x1e8460
1020189c.5448: NT Headers: 0xd8
1021189c.5448: Timestamp: 0xb29ecf52
1022189c.5448: Machine: 0x8664 - amd64
1023189c.5448: Timestamp: 0xb29ecf52
1024189c.5448: Image Version: 10.0
1025189c.5448: SizeOfImage: 0x1f0000 (2031616)
1026189c.5448: Resource Dir: 0x17f000 LB 0x6f310
1027189c.5448: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1028189c.5448: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1029189c.5448: ProductName: Microsoft® Windows® Operating System
1030189c.5448: ProductVersion: 10.0.18362.815
1031189c.5448: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
1032189c.5448: FileDescription: NT Layer DLL
1033189c.5448: \SystemRoot\System32\kernel32.dll:
1034189c.5448: CreationTime: 2020-06-11T05:59:00.265617100Z
1035189c.5448: LastWriteTime: 2020-06-11T05:59:00.286623800Z
1036189c.5448: ChangeTime: 2020-06-11T06:16:26.669942700Z
1037189c.5448: FileAttributes: 0x20
1038189c.5448: Size: 0xb0498
1039189c.5448: NT Headers: 0xe8
1040189c.5448: Timestamp: 0xce6bbd73
1041189c.5448: Machine: 0x8664 - amd64
1042189c.5448: Timestamp: 0xce6bbd73
1043189c.5448: Image Version: 10.0
1044189c.5448: SizeOfImage: 0xb2000 (729088)
1045189c.5448: Resource Dir: 0xb0000 LB 0x520
1046189c.5448: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1047189c.5448: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1048189c.5448: ProductName: Microsoft® Windows® Operating System
1049189c.5448: ProductVersion: 10.0.18362.900
1050189c.5448: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
1051189c.5448: FileDescription: Windows NT BASE API Client DLL
1052189c.5448: \SystemRoot\System32\KernelBase.dll:
1053189c.5448: CreationTime: 2020-06-04T21:52:07.848993500Z
1054189c.5448: LastWriteTime: 2020-06-04T21:52:07.921994800Z
1055189c.5448: ChangeTime: 2020-06-11T05:59:45.337821200Z
1056189c.5448: FileAttributes: 0x20
1057189c.5448: Size: 0x2a4068
1058189c.5448: NT Headers: 0xf8
1059189c.5448: Timestamp: 0xb89efff3
1060189c.5448: Machine: 0x8664 - amd64
1061189c.5448: Timestamp: 0xb89efff3
1062189c.5448: Image Version: 10.0
1063189c.5448: SizeOfImage: 0x2a4000 (2768896)
1064189c.5448: Resource Dir: 0x27e000 LB 0x548
1065189c.5448: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1066189c.5448: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1067189c.5448: ProductName: Microsoft® Windows® Operating System
1068189c.5448: ProductVersion: 10.0.18362.815
1069189c.5448: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
1070189c.5448: FileDescription: Windows NT BASE API Client DLL
1071189c.5448: \SystemRoot\System32\apisetschema.dll:
1072189c.5448: CreationTime: 2019-03-19T04:43:54.837151500Z
1073189c.5448: LastWriteTime: 2019-03-19T04:43:54.837151500Z
1074189c.5448: ChangeTime: 2020-06-11T05:59:45.205822100Z
1075189c.5448: FileAttributes: 0x20
1076189c.5448: Size: 0x1d028
1077189c.5448: NT Headers: 0xc8
1078189c.5448: Timestamp: 0xd6ced080
1079189c.5448: Machine: 0x8664 - amd64
1080189c.5448: Timestamp: 0xd6ced080
1081189c.5448: Image Version: 10.0
1082189c.5448: SizeOfImage: 0x1e000 (122880)
1083189c.5448: Resource Dir: 0x1d000 LB 0x408
1084189c.5448: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1085189c.5448: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1086189c.5448: ProductName: Microsoft® Windows® Operating System
1087189c.5448: ProductVersion: 10.0.18362.1
1088189c.5448: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
1089189c.5448: FileDescription: ApiSet Schema DLL
1090189c.5448: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1091189c.5448: supR3HardenedWinFindAdversaries: 0x0
1092189c.5448: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1093189c.5448: Calling main()
1094189c.5448: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
1095189c.5448: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1096189c.5448: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1097189c.5448: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1098189c.5448: SUPR3HardenedMain: Final process, opening VBoxDrv...
1099189c.5448: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
1100189c.5448: supR3HardNtEnableThreadCreationEx:
1101189c.5448: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1102189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1103189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1104189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1105189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5e7c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1106189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1107189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1108189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1109189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5e7c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1110189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1111189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1112189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5e7c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1113189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5e7c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1114189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1115189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
1116189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1117189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1118189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
1119189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1120189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1121189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1122189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
1123189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1124189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1125189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1126189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
1127189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
1128189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1129189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1130189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1131189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
1132189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
1133189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1134189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1135189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
1136189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1137189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1138189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1139189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1140189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1141189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa61130000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
1142189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1143189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5efd0000 LB 0x00012000 C:\windows\System32\MSASN1.dll [fFlags=0x0]
1144189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1145189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f370000 LB 0x000fa000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
1146189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
1147189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
1148189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f740000 LB 0x00149000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
1149189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1150189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60ab0000 LB 0x00120000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
1151189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1152189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f890000 LB 0x0005c000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
1153189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1154189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1155189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1156189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-synch-l1-2-0'
1157189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1158189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1159189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-fibers-l1-1-1'
1160189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1161189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1162189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-fibers-l1-1-1'
1163189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1164189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1165189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-synch-l1-2-0'
1166189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
1167189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1168189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-localization-l1-2-1'
1169189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f890000 'C:\windows\system32\Wintrust.dll'
1170189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
1171189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1172189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1173189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f6c0000 LB 0x00026000 C:\windows\System32\bcrypt.dll [fFlags=0x0]
1174189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1175189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f6c0000 'C:\windows\system32\bcrypt.dll'
1176189c.5448: bcrypt.dll loaded at 00007ffa5f6c0000, BCryptOpenAlgorithmProvider at 00007ffa5f6c4c70, preloading providers:
1177189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
1178189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1179189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1180189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60110000 LB 0x00080000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
1181189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1182189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60110000 'C:\windows\system32\bcryptprimitives.dll'
1183189c.5448: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000013fa430)
1184189c.5448: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000013ffa30)
1185189c.5448: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000013ffd30)
1186189c.5448: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001400030)
1187189c.5448: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001400330)
1188189c.5448: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001400630)
1189189c.5448: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001400930)
1190189c.5448: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001400c30)
1191189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f6f0000 LB 0x00017000 C:\windows\System32\CRYPTSP.dll [fFlags=0x0]
1192189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
1193189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
1194189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1195189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
1196189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1197189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1198189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1199189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1200189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1201189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1202189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5da80000 LB 0x00033000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
1203189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1204189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1205189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
1206189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
1207189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1208189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5e1c0000 LB 0x0000c000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1209189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1210189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1211189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1212189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1213189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1214189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1215189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa61030000 'C:\windows\System32\kernel32.dll'
1216189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1217189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1218189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f890000 'C:\windows\System32\WINTRUST.DLL'
1219189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1220189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1221189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\CRYPT32.dll'
1222189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa61010000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
1223189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
1224189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
1225189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
1226189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1227189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1228189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1229189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1230189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1231189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1232189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60a10000 LB 0x00097000 C:\windows\System32\sechost.dll [fFlags=0x0]
1233189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1234189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
1235189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
1236189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1237189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1238189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
1239189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
1240189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5d2c0000 LB 0x00022000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
1241189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1242189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f040000 LB 0x00023000 C:\windows\System32\profapi.dll [fFlags=0x0]
1243189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
1244189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
1245189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1246189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
1247189c.5448: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
1248189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1249189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1250189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1251189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1252189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1253189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1254189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1255189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1256189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1257189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1259189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1260189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1261189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1262189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1263189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1264189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1265189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1266189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa4b170000 LB 0x0002f000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
1267189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1268189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1269189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1270189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1271189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1272189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1273189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1274189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1275189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1276189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1277189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1278189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1279189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1280189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1281189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1282189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1283189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1284189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1285189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1286189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1287189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1288189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1289189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1290189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1291189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1292189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1293189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1294189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1295189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1296189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\windows\System32\cryptnet.dll'
1297189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1298189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4b170000 'C:\Windows\System32\cryptnet.dll'
1299189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60670000 LB 0x000a3000 C:\windows\System32\advapi32.dll [fFlags=0x0]
1300189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1301189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
1302189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1303189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
1304189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1305189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1306189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1307189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1308189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1309189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1310189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1311189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1312189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1313189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1314189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1315189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1316189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1317189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1318189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1319189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1320189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1321189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001460300
1322189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
1323189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F
1324189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1325189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1326189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60ab0000 'C:\windows\System32\rpcrt4.dll'
1327189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1328189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1329189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1330189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1331189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1332189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1333189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.836.cat'; file='\SystemRoot\System32\ntdll.dll'
1334189c.5448: g_pfnWinVerifyTrust=00007ffa5f8961f0
1335189c.5448: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1336189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1337189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1338189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1339189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1340189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1341189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1342189c.5448: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1343189c.5448: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1344189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1345189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1346189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1347189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1348189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1349189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1350189c.5448: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1351189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1352189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1353189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1354189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1355189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1356189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1357189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
1358189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
1359189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
1360189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1361189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1362189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1363189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.836.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1364189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1365189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1366189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1367189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1368189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1369189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1370189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1371189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1372189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1373189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1374189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1375189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1376189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1377189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1378189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1379189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1380189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1381189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1382189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1383189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1384189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1385189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1386189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1387189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1388189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1389189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1390189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1391189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1392189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1393189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1394189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1395189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1396189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1397189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1398189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1399189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1400189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1401189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1402189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1403189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1404189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1405189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
1406189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1407189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1408189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1409189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1410189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1411189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1412189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1413189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1414189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1415189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1416189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1417189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1418189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
1419189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1420189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1421189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1422189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1423189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1424189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1425189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\system32\crypt32.dll'
1426189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1427189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1428189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1429189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1430189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1431189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1432189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc20965a0d42ce38b CN=CL1277.vdl.intra
1433189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1434189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
1435189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1436189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1437189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1438189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x4dae35f76851ad00 CN=Citrix XenApp/XenDesktop HDX In-Product CA, OU=XenApp/XenDesktop Engineering, O=Citrix Systems, Inc., L=Fort Lauderdale, ST=Florida, C=US
1439189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
1440189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1441189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1442189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1443189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1444189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1445189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1446189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1447189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
1448189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
1449189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1450189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1451189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1452189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1453189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1454189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1455189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1456189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1457189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1458189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1459189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1460189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1461189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1462189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1463189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1464189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1465189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1466189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1467189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1468189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1469189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1470189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1471189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1472189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1473189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xc9838b9d01f2a800 C=BE, CN=Belgium Root CA3
1474189c.5448: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BE, CN=Government CA, SRN=201401
1475189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1476189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x32560cd649308100 Email=benoit.joseph@liege.be, C=BE, L=Liège, O=Ville de Liège, OU=Service Informatique, CN=web-vtdx
1477189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xcddb804139cab700 DC=intra, DC=vdl, CN=VDL-ROOT-CA2
1478189c.5448: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BE, CN=Belgium Root CA3
1479189c.5448: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=Cybertrust, Inc, CN=Cybertrust Global Root
1480189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x3a43b8ffb009c700 CN=WSUS Publishers Self-signed
1481189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0x811abab34203e500 DC=intra, DC=vdl, CN=Root CA - Ville de Liege
1482189c.5448: supR3HardenedWinIsDesiredRootCA: Adding 0xcddb804139cab700 DC=intra, DC=vdl, CN=VDL-ROOT-CA2
1483189c.5448: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
1484189c.5448: SUPR3HardenedMain: Load Runtime...
1485189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1486189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1487189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1488189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1489189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1490189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1491189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1492189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1493189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1494189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1495189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1496189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1497189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1498189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1499189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1500189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1501189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1502189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1503189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1504189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1505189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1506189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1507189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1508189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1509189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1510189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1511189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1512189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1513189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1514189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1515189c.5448: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1516189c.5448: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1517189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1518189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1519189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1520189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1521189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1522189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1523189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1524189c.5448: supR3HardenedDllNotificationCallback: load 000000006ce50000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1525189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1526189c.5448: supR3HardenedDllNotificationCallback: load 000000006cdb0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1527189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1528189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60bd0000 LB 0x0006f000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
1529189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1530189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa1b680000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1531189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1532189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1533189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1534189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1535189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1536189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1537189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1538189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1539189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1540189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1541189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1542189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1543189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1544189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1545189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1546189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1547189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1548189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1549189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1550189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1551189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1552189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1553189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1554189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1555189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1556189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1557189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1558189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1559189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1560189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1561189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1562189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1563189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1564189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1565189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1566189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1567189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1568189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1569189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1570189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1571189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1572189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1573189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1574189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1575189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1576189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1577189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1578189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1579189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1580189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1581189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1582189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1583189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1584189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1585189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1586189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1587189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1588189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1589189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1590189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1591189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1592189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1593189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1594189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1595189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1596189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1597189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1598189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1599189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1600189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1601189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1602189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1603189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1604189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1605189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1606189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1607189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1608189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1609189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1610189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1611189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1612189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1613189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1614189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1615189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1616189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1617189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1618189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1619189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1620189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1621189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1622189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1623189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1624189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1625189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1626189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1627189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1628189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1629189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1630189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1631189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1632189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1633189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1634189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1635189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1636189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1637189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1638189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1639189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1640189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1641189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1642189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1643189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1644189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1645189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1646189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1647189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1648189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1649189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1650189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1651189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1652189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1653189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1654189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1655189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1656189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1657189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1658189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1659189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1660189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1661189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1662189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1663189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1664189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1665189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1666189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1667189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1668189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1669189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1670189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1671189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1672189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1673189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1674189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1675189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1676189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1677189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1678189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1679189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1680189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1681189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1682189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1683189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1684189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1685189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1686189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1687189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1688189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1689189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1690189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1691189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1692189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1693189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1695189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1696189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1697189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1698189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1699189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1700189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1701189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1702189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1703189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1704189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1705189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1706189c.5448: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1707189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1708189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b680000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1709189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1710189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1711189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1712189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1713189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f890000 'C:\windows\system32\Wintrust.dll'
1714189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1715189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1716189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1717189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1718189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1719189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1720189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\system32\crypt32.dll'
1721189c.5448: SUPR3HardenedMain: Load TrustedMain...
1722189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1723189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1724189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1725189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1726189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
1727189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1728189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1729189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1730189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
1731189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1732189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1733189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1734189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1735189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1736189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1737189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1738189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
1739189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1740189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1741189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1742189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1743189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1744189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1745189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1746189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1747189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1748189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1749189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1750189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1751189c.5448: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1752189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
1753189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1754189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1755189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1756189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1757189c.5448: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1758189c.5448: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1759189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1760189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1761189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1762189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1763189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1764189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1765189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1766189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1767189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1768189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1769189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1770189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1771189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1772189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1773189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1774189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1775189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1776189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1777189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1778189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1779189c.5448: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1780189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1781189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1782189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1783189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1784189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1785189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1786189c.5448: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1787189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
1788189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1789189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1790189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1791189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1792189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1793189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1794189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1795189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1796189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1797189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
1798189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
1799189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1800189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1801189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1802189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1803189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1804189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1805189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1806189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1807189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1808189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1809189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1810189c.5448: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
1811189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1812189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1813189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1814189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1815189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1816189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1817189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1818189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1819189c.5448: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1820189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1821189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1822189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1823189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1824189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa61250000 LB 0x00335000 C:\windows\System32\combase.dll [fFlags=0x0]
1825189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
1826189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f710000 LB 0x00021000 C:\windows\System32\win32u.dll [fFlags=0x0]
1827189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1828189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60070000 LB 0x0009e000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
1829189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1830189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60870000 LB 0x00194000 C:\windows\System32\USER32.dll [fFlags=0x0]
1831189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1832189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5f470000 LB 0x00195000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
1833189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1834189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1835189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1836189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1837189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
1838189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
1839189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60da0000 LB 0x00026000 C:\windows\System32\GDI32.dll [fFlags=0x0]
1840189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1841189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60c40000 LB 0x00157000 C:\windows\System32\ole32.dll [fFlags=0x0]
1842189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1843189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60f40000 LB 0x000c5000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
1844189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1845189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa50620000 LB 0x00052000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
1846189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
1847189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1848189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1849189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1850189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1851189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1852189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1853189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1854189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1855189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1856189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1857189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1858189c.5448: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1859189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1860189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1861189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1862189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1863189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1864189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1865189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1866189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1867189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1868189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1869189c.5448: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1870189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1871189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa61030000 'C:\windows\System32\kernel32.dll'
1872189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1873189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1874189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1875189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1876189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1877189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1878189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1879189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1880189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1881189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1882189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1883189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1884189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1885189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1886189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-string-l1-1-0'
1887189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1888189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1889189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1890189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1891189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1892189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1893189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1894189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1895189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1896189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1897189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1898189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1899189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1900189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1901189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-datetime-l1-1-1'
1902189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1903189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1904189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1905189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1906189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1907189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1908189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1909189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1910189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1911189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1912189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1913189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1914189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1915189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1916189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1917189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1918189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1919189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1920189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1921189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1922189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1923189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1924189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1925189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1926189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1927189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1928189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1929189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1930189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1931189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1932189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1933189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1934189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1935189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1936189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1937189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1938189c.5448: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1939189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1940189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1941189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1942189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1943189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa610f0000 LB 0x0002e000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
1944189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1945189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa610f0000 'C:\windows\system32\IMM32.DLL'
1946189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1947189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1948189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1949189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1950189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1951189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1952189c.5448: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1953189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1954189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50620000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
1955189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1956189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1957189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1958189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1959189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1960189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
1961189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1962189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1963189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
1964189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1965189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1966189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
1967189c.5448: SUPR3HardenedMain: Calling TrustedMain (00007ffa50622ae0)...
1968189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5efb0000 LB 0x00011000 C:\windows\System32\kernel.appcore.dll [fFlags=0x0]
1969189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1970189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1971189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
1972189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
1973189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa60e80000 LB 0x000a2000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
1974189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1975189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1976189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
1977189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
1978189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1979189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1980189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1981189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1982189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1983189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1984189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1985189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1986189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1987189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1988189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1989189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1990189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
1991189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1992189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
1993189c.5448: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
1994189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
1995189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1996189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1997189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1998189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1999189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2000189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2001189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2002189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2003189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2004189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2005189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2006189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2007189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2008189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2009189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2010189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2011189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2012189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2013189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2014189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2015189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2016189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2017189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2018189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2019189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2020189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2021189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2022189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa193f0000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2023189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2024189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa193f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2025189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2026189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2027189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2028189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2029189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2030189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2031189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2032189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2033189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2034189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2035189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2036189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2037189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2038189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2039189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2040189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2041189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2042189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2043189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2044189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2045189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2046189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2047189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2048189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
2049189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
2050189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) WinVerifyTrust
2051189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2052189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2053189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2054189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2055189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2056189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2057189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2058189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2059189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2060189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2061189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2062189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2063189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2064189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2065189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2066189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2067189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2068189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2069189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2070189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2071189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa601a0000 LB 0x00052000 C:\windows\System32\SHLWAPI.dll [fFlags=0x0]
2072189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2073189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa1b230000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2074189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2075189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b230000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2076189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2077189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2078189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60f40000 'C:\Windows\System32\oleaut32.dll'
2079189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2080189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2081189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60c40000 'C:\windows\System32\ole32.dll'
2082189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2083189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2084189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60f40000 'C:\windows\System32\OLEAUT32.dll'
2085189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000076c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2086189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2087189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2088189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
2089189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2090189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2091189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2092189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2093189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2094189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2095189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2096189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2097189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2098189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2099189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2100189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000780 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2101189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2102189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2103189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
2104189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2105189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2106189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2107189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2108189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2109189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2110189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2111189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2112189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2113189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2114189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2115189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2116189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2117189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2118189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2119189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2120189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2121189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2122189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2123189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2124189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2125189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2126189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2127189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2128189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2129189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2130189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa587c0000 LB 0x00084000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2131189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2132189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa566c0000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2133189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2134189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2135189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2136189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2137189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa566c0000 'C:\windows\system32\wbem\wbemprox.dll'
2138189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007d0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2139189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2140189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2141189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
2142189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2143189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2144189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2145189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2146189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2147189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2148189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2149189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2150189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2151189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2152189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2153189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2154189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2155189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2156189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2157189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa548e0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2158189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2159189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa548e0000 'C:\windows\system32\wbem\wbemsvc.dll'
2160189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2161189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2162189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-localization-l1-2-0.dll'
2163189c.5448: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2164189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2165189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f0c0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2166189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007e8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2167189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2168189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2169189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
2170189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2171189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2172189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2173189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2174189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2175189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2176189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2177189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2178189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2179189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2180189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2181189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2182189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2183189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2184189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2185189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa54970000 LB 0x00101000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
2186189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2187189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54970000 'C:\windows\system32\wbem\fastprox.dll'
2188189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007fc pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
2189189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2190189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2191189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
2192189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2193189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2194189c.5448: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.836.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
2195189c.5448: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2196189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2197189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2198189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
2199189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
2200189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
2201189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2202189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2203189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2204189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2205189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2206189c.5448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
2207189c.5448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
2208189c.5448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
2209189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2210189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2211189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2212189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2213189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2214189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2215189c.5448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2216189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2217189c.5448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2218189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2219189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
2220189c.5448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2221189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa5ee90000 LB 0x00025000 C:\windows\SYSTEM32\USERENV.dll [fFlags=0x0]
2222189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2223189c.5448: supR3HardenedDllNotificationCallback: load 00007ffa54590000 LB 0x00015000 C:\windows\System32\amsi.dll [fFlags=0x0]
2224189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
2225189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54590000 'C:\windows\System32\amsi.dll'
2226189c.5448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2227189c.5448: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2228189c.5448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60670000 'C:\windows\System32\ADVAPI32.dll'
2229189c.1990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2230189c.1990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2231189c.1990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2232189c.1990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2233189c.1990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2234189c.1990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2235189c.1990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2236189c.1990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2237189c.1990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2238189c.1990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2239189c.1990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2240189c.1990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2241189c.1990: supR3HardenedDllNotificationCallback: load 00007ffa1c2e0000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2242189c.1990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2243189c.1990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c2e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2244189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2245189c.5a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2246189c.5a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2247189c.5a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2248189c.5a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2249189c.5a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2250189c.5a78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2251189c.5a78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2252189c.5a78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2253189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2254189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2255189c.5a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2256189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2257189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2258189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2259189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2260189c.5a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2261189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2262189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2263189c.5a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2264189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2265189c.5a78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2266189c.5a78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2267189c.5a78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2268189c.5a78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2269189c.5a78: supR3HardenedDllNotificationCallback: load 00007ffa5d220000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2270189c.5a78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2271189c.5a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2272189c.25c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2273189c.25c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2274189c.25c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2275189c.25c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2276189c.25c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2277189c.25c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2278189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2279189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2280189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2281189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2282189c.25c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2283189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2284189c.25c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2285189c.25c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2286189c.25c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2287189c.25c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2288189c.25c0: supR3HardenedDllNotificationCallback: load 00007ffa5aff0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2289189c.25c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2290189c.25c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5aff0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2291189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2292189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2293189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
2294189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
2295189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
2296189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
2297189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2298189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2299189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2300189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2301189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2302189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2303189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2304189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5f070000 LB 0x0004a000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
2305189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
2306189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
2307189c.254: supR3HardenedDllNotificationCallback: load 00007ffa60dd0000 LB 0x000a9000 C:\windows\System32\shcore.dll [fFlags=0x0]
2308189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2309189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
2310189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
2311189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
2312189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2313189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5efa0000 LB 0x00010000 C:\windows\System32\UMPDC.dll [fFlags=0x0]
2314189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
2315189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
2316189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5eff0000 LB 0x0004a000 C:\windows\System32\powrprof.dll [fFlags=0x0]
2317189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2318189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
2319189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
2320189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
2321189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5f8f0000 LB 0x00780000 C:\windows\System32\windows.storage.dll [fFlags=0x0]
2322189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
2323189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
2324189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
2325189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
2326189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
2327189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
2328189c.254: supR3HardenedDllNotificationCallback: load 00007ffa61800000 LB 0x006e6000 C:\windows\System32\Shell32.dll [fFlags=0x0]
2329189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2330189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa61800000 'C:\windows\system32\Shell32.dll'
2331189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2332189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2333189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2334189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2335189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2336189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2337189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2338189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2339189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2340189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2341189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2342189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
2343189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
2344189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [lacks WinVerifyTrust]
2345189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2346189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2347189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2348189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2349189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2350189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2351189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2352189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2353189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2354189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2355189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2356189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
2357189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2358189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2359189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
2360189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2361189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2362189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
2363189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2364189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2365189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
2366189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2367189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2368189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2369189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2370189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
2371189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2372189c.254: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2373189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2374189c.254: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F44CBC4BAFE3CCCC07F920C1E6C13E8202CB0B4C
2375189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2376189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2377189c.254: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
2378189c.254: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2379189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
2380189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
2381189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2382189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
2383189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
2384189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2385189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2386189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
2387189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
2388189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2389189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2390189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2391189c.254: supR3HardenedDllNotificationCallback: load 00007ffa51fe0000 LB 0x00019000 C:\windows\SYSTEM32\vid.dll [fFlags=0x0]
2392189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2393189c.254: supR3HardenedDllNotificationCallback: load 00007ffa55460000 LB 0x00024000 C:\windows\system32\WinHvPlatform.dll [fFlags=0x0]
2394189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2395189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa55460000 'C:\windows\system32\WinHvPlatform.dll'
2396189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2397189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2398189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51fe0000 'C:\windows\system32\vid.dll'
2399189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2400189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2401189c.254: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2402189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
2403189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2404189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2405189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa620e0000 'C:\windows\system32\NTDLL.DLL'
2406189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2407189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2408189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2409189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2410189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2411189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2412189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2413189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2414189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2415189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2416189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2417189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2418189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2419189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2420189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2421189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2422189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2423189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2424189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2425189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2426189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2427189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2428189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2429189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2430189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2431189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2432189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2433189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2434189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2435189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2436189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2437189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2438189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
2439189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
2440189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
2441189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2442189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2443189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2444189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2445189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2446189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2447189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2448189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2449189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2450189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2451189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2452189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
2453189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2454189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2455189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2456189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2457189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2458189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2459189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2460189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2461189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2462189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2463189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2464189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2465189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2466189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2467189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2468189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2469189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2470189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2471189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2472189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2473189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2474189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2475189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2476189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2477189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2478189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2479189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2480189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2481189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2482189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2483189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2484189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2485189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2486189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2487189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2488189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2489189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2490189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2491189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2492189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2493189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2494189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2495189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2496189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2497189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2498189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2499189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2500189c.254: supR3HardenedDllNotificationCallback: load 00007ffa60200000 LB 0x00470000 C:\windows\System32\SETUPAPI.dll [fFlags=0x0]
2501189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2502189c.254: supR3HardenedDllNotificationCallback: load 00007ffa42640000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2503189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2504189c.254: supR3HardenedDllNotificationCallback: load 00007ffa04a90000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2505189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2506189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5dc20000 LB 0x0003a000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2507189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2508189c.254: supR3HardenedDllNotificationCallback: load 00007ffa05b40000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2509189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2510189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa05b40000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2511189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2512189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2513189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2514189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa193f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2515189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2516189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2517189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2518189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa04a90000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2519189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2520189c.3e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2521189c.3e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2522189c.3e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2523189c.3e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2524189c.3e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2525189c.3e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2526189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2527189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2528189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2529189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2530189c.3e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2531189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2532189c.3e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2533189c.3e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2534189c.3e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2535189c.3e4: supR3HardenedDllNotificationCallback: load 00007ffa54f70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2536189c.3e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2537189c.3e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54f70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2538189c.5eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2539189c.5eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2540189c.5eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2541189c.5eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2542189c.5eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2543189c.5eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2544189c.5eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2545189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2546189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2547189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2548189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2549189c.5eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2550189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2551189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2552189c.5eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2553189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2554189c.5eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2555189c.5eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2556189c.5eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2557189c.5eb4: supR3HardenedDllNotificationCallback: load 00007ffa5afe0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2558189c.5eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2559189c.5eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5afe0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2560189c.3338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2561189c.3338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2562189c.3338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2563189c.3338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2564189c.3338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2565189c.3338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2566189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2567189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2568189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2569189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2570189c.3338: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2571189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2572189c.3338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2573189c.3338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2574189c.3338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2575189c.3338: supR3HardenedDllNotificationCallback: load 00007ffa5a7e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2576189c.3338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2577189c.3338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5a7e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2578189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2579189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2580189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5dc20000 'C:\windows\system32\Iphlpapi.dll'
2581189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2582189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2583189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
2584189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2585189c.254: supR3HardenedDllNotificationCallback: load 00007ffa60190000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
2586189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
2587189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
2588189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5a9b0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2589189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2590189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2591189c.254: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
2592189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2593189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5a770000 LB 0x00016000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2594189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2595189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2596189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2597189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2598189c.254: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
2599189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2600189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5a710000 LB 0x0001c000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2601189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2602189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
2603189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
2604189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
2605189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
2606189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5dc80000 LB 0x000cb000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
2607189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
2608189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2609189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2610189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2611189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2612189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2613189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2614189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2615189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2616189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2617189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2618189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2619189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2620189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2621189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2622189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2623189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2624189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2625189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2626189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2627189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2628189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2629189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2630189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2631189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
2632189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c04 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2633189c.254: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2634189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2635189c.254: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4046160B2B0DC0559D0AE96A25C912515D96829D
2636189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2637189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2638189c.254: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.836.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2639189c.254: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2640189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2641189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf8 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2642189c.254: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001460300
2643189c.254: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001460300
2644189c.254: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A4B35134FE83EA6C710EA68891208811F657FE
2645189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2646189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2647189c.254: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.836.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2648189c.254: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2649189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2650189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2651189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2652189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2653189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2654189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2655189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2656189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2657189c.254: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2658189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5da80000 'C:\windows\system32\rsaenh.dll'
2659189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5f740000 'C:\windows\System32\crypt32.dll'
2660189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
2661189c.254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2662189c.254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
2663189c.254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
2664189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2665189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2666189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2667189c.254: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2668189c.254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2669189c.254: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2670189c.254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
2671189c.254: supR3HardenedDllNotificationCallback: load 00007ffa5e040000 LB 0x00067000 C:\windows\system32\mswsock.dll [fFlags=0x0]
2672189c.254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
2673189c.254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5e040000 'C:\windows\system32\mswsock.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy