VirtualBox

Ticket #19710: VBoxHardening.3.log

File VBoxHardening.3.log, 381.1 KB (added by RattleFire, 4 years ago)

error at the powering off

Line 
1a80.23a8: Log file opened: 6.1.12r139181 g_hStartupLog=00000000000002ac g_uNtVerCombined=0xa047ba00
2a80.23a8: \SystemRoot\System32\ntdll.dll:
3a80.23a8: CreationTime: 2020-07-27T09:29:22.468662600Z
4a80.23a8: LastWriteTime: 2020-07-27T09:29:22.507631900Z
5a80.23a8: ChangeTime: 2020-07-28T06:10:52.472083500Z
6a80.23a8: FileAttributes: 0x20
7a80.23a8: Size: 0x1e8460
8a80.23a8: NT Headers: 0xd8
9a80.23a8: Timestamp: 0xb29ecf52
10a80.23a8: Machine: 0x8664 - amd64
11a80.23a8: Timestamp: 0xb29ecf52
12a80.23a8: Image Version: 10.0
13a80.23a8: SizeOfImage: 0x1f0000 (2031616)
14a80.23a8: Resource Dir: 0x17f000 LB 0x6f310
15a80.23a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16a80.23a8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17a80.23a8: ProductName: Microsoft® Windows® Operating System
18a80.23a8: ProductVersion: 10.0.18362.815
19a80.23a8: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
20a80.23a8: FileDescription: NT Layer DLL
21a80.23a8: \SystemRoot\System32\kernel32.dll:
22a80.23a8: CreationTime: 2020-07-27T09:28:50.277970100Z
23a80.23a8: LastWriteTime: 2020-07-27T09:28:50.294953700Z
24a80.23a8: ChangeTime: 2020-07-28T06:10:41.051213400Z
25a80.23a8: FileAttributes: 0x20
26a80.23a8: Size: 0xb0498
27a80.23a8: NT Headers: 0xe8
28a80.23a8: Timestamp: 0xce6bbd73
29a80.23a8: Machine: 0x8664 - amd64
30a80.23a8: Timestamp: 0xce6bbd73
31a80.23a8: Image Version: 10.0
32a80.23a8: SizeOfImage: 0xb2000 (729088)
33a80.23a8: Resource Dir: 0xb0000 LB 0x520
34a80.23a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35a80.23a8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36a80.23a8: ProductName: Microsoft® Windows® Operating System
37a80.23a8: ProductVersion: 10.0.18362.959
38a80.23a8: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
39a80.23a8: FileDescription: Windows NT BASE API Client DLL
40a80.23a8: \SystemRoot\System32\KernelBase.dll:
41a80.23a8: CreationTime: 2020-07-27T09:29:23.091189900Z
42a80.23a8: LastWriteTime: 2020-07-27T09:29:23.150058300Z
43a80.23a8: ChangeTime: 2020-07-28T06:10:50.315875600Z
44a80.23a8: FileAttributes: 0x20
45a80.23a8: Size: 0x2a4058
46a80.23a8: NT Headers: 0xf8
47a80.23a8: Timestamp: 0x7b90c1b5
48a80.23a8: Machine: 0x8664 - amd64
49a80.23a8: Timestamp: 0x7b90c1b5
50a80.23a8: Image Version: 10.0
51a80.23a8: SizeOfImage: 0x2a4000 (2768896)
52a80.23a8: Resource Dir: 0x27e000 LB 0x548
53a80.23a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54a80.23a8: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55a80.23a8: ProductName: Microsoft® Windows® Operating System
56a80.23a8: ProductVersion: 10.0.18362.959
57a80.23a8: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
58a80.23a8: FileDescription: Windows NT BASE API Client DLL
59a80.23a8: \SystemRoot\System32\apisetschema.dll:
60a80.23a8: CreationTime: 2019-03-19T04:43:54.837151500Z
61a80.23a8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
62a80.23a8: ChangeTime: 2020-07-27T09:30:52.160553000Z
63a80.23a8: FileAttributes: 0x20
64a80.23a8: Size: 0x1d028
65a80.23a8: NT Headers: 0xc8
66a80.23a8: Timestamp: 0xd6ced080
67a80.23a8: Machine: 0x8664 - amd64
68a80.23a8: Timestamp: 0xd6ced080
69a80.23a8: Image Version: 10.0
70a80.23a8: SizeOfImage: 0x1e000 (122880)
71a80.23a8: Resource Dir: 0x1d000 LB 0x408
72a80.23a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73a80.23a8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74a80.23a8: ProductName: Microsoft® Windows® Operating System
75a80.23a8: ProductVersion: 10.0.18362.1
76a80.23a8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
77a80.23a8: FileDescription: ApiSet Schema DLL
78a80.23a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79a80.23a8: supR3HardenedWinFindAdversaries: 0x840
80a80.23a8: \SystemRoot\System32\drivers\klflt.sys:
81a80.23a8: CreationTime: 2020-03-06T08:53:28.856343500Z
82a80.23a8: LastWriteTime: 2020-03-12T20:48:02.000000000Z
83a80.23a8: ChangeTime: 2020-05-15T10:01:19.828084100Z
84a80.23a8: FileAttributes: 0x20
85a80.23a8: Size: 0x3f100
86a80.23a8: NT Headers: 0xf8
87a80.23a8: Timestamp: 0x5e6a66e9
88a80.23a8: Machine: 0x8664 - amd64
89a80.23a8: Timestamp: 0x5e6a66e9
90a80.23a8: Image Version: 6.1
91a80.23a8: SizeOfImage: 0x4d000 (315392)
92a80.23a8: Resource Dir: 0x4a000 LB 0x430
93a80.23a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94a80.23a8: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
95a80.23a8: ProductName: Coretech Delivery
96a80.23a8: ProductVersion: 30.289.132.0-e369c7d411
97a80.23a8: FileVersion: 30.289.132.0
98a80.23a8: FileDescription: Filter Core [fre_win7_x64]
99a80.23a8: \SystemRoot\System32\drivers\klif.sys:
100a80.23a8: CreationTime: 2020-03-06T08:53:28.861361800Z
101a80.23a8: LastWriteTime: 2020-03-12T20:48:04.000000000Z
102a80.23a8: ChangeTime: 2020-05-15T10:01:19.795147700Z
103a80.23a8: FileAttributes: 0x20
104a80.23a8: Size: 0x12d500
105a80.23a8: NT Headers: 0x100
106a80.23a8: Timestamp: 0x5e6a6704
107a80.23a8: Machine: 0x8664 - amd64
108a80.23a8: Timestamp: 0x5e6a6704
109a80.23a8: Image Version: 6.1
110a80.23a8: SizeOfImage: 0x12f000 (1241088)
111a80.23a8: Resource Dir: 0x125000 LB 0x3410
112a80.23a8: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
113a80.23a8: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
114a80.23a8: ProductName: Coretech Delivery
115a80.23a8: ProductVersion: 30.289.132.0-e369c7d411
116a80.23a8: FileVersion: 30.289.132.0
117a80.23a8: FileDescription: Core System Interceptors [fre_win7_x64]
118a80.23a8: \SystemRoot\System32\drivers\klim6.sys:
119a80.23a8: CreationTime: 2019-01-28T00:49:40.000000000Z
120a80.23a8: LastWriteTime: 2020-03-05T01:33:42.000000000Z
121a80.23a8: ChangeTime: 2020-05-15T10:01:20.628593700Z
122a80.23a8: FileAttributes: 0x20
123a80.23a8: Size: 0x159f0
124a80.23a8: NT Headers: 0xe0
125a80.23a8: Timestamp: 0x8c875967
126a80.23a8: Machine: 0x8664 - amd64
127a80.23a8: Timestamp: 0x8c875967
128a80.23a8: Image Version: 6.1
129a80.23a8: SizeOfImage: 0x12000 (73728)
130a80.23a8: Resource Dir: 0x10000 LB 0x448
131a80.23a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
132a80.23a8: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
133a80.23a8: ProductName: Coretech Delivery
134a80.23a8: ProductVersion: 30.289.126.0-2a58c6003b
135a80.23a8: FileVersion: 30.289.126.0
136a80.23a8: FileDescription: Packet Network Filter [fre_win7_x64]
137a80.23a8: \SystemRoot\System32\drivers\kneps.sys:
138a80.23a8: CreationTime: 2019-04-29T04:50:14.000000000Z
139a80.23a8: LastWriteTime: 2020-03-06T02:31:48.000000000Z
140a80.23a8: ChangeTime: 2020-05-15T10:01:20.486058100Z
141a80.23a8: FileAttributes: 0x20
142a80.23a8: Size: 0x44300
143a80.23a8: NT Headers: 0xf8
144a80.23a8: Timestamp: 0x359fc650
145a80.23a8: Machine: 0x8664 - amd64
146a80.23a8: Timestamp: 0x359fc650
147a80.23a8: Image Version: 6.1
148a80.23a8: SizeOfImage: 0x44000 (278528)
149a80.23a8: Resource Dir: 0x41000 LB 0x440
150a80.23a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
151a80.23a8: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
152a80.23a8: ProductName: Coretech Delivery
153a80.23a8: ProductVersion: 30.289.126.0-2a58c6003b
154a80.23a8: FileVersion: 30.289.126.0
155a80.23a8: FileDescription: Network Processor [fre_win7_x64]
156a80.23a8: \SystemRoot\System32\drivers\inspect.sys:
157a80.23a8: CreationTime: 2019-10-22T10:41:08.000000000Z
158a80.23a8: LastWriteTime: 2019-10-22T10:41:08.000000000Z
159a80.23a8: ChangeTime: 2019-12-12T12:56:19.421137100Z
160a80.23a8: FileAttributes: 0x20
161a80.23a8: Size: 0x137c8
162a80.23a8: NT Headers: 0xf8
163a80.23a8: Timestamp: 0x5cfbc135
164a80.23a8: Machine: 0x8664 - amd64
165a80.23a8: Timestamp: 0x5cfbc135
166a80.23a8: Image Version: 10.0
167a80.23a8: SizeOfImage: 0x14000 (81920)
168a80.23a8: Resource Dir: 0x12000 LB 0x690
169a80.23a8: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
170a80.23a8: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
171a80.23a8: ProductName: DOZOR Agent
172a80.23a8: ProductVersion: 3.3.0.0
173a80.23a8: FileVersion: 1.0.1.3
174a80.23a8: FileDescription: Process Control Driver
175a80.23a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
176a80.23a8: Calling main()
177a80.23a8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
178a80.23a8: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
179a80.23a8: System32: \Device\HarddiskVolume4\Windows\System32
180a80.23a8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
181a80.23a8: KnownDllPath: C:\WINDOWS\System32
182a80.23a8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
183a80.23a8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
184a80.23a8: supR3HardNtEnableThreadCreationEx:
185a80.23a8: bcrypt.dll loaded at 00007fff6ccd0000, BCryptOpenAlgorithmProvider at 00007fff6ccd4c70, preloading providers:
186a80.23a8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a33960)
187a80.23a8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a6e070)
188a80.23a8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a351a0)
189a80.23a8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a27970)
190a80.23a8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a5da40)
191a80.23a8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a5dbb0)
192a80.23a8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000aa40e0)
193a80.23a8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000ab4680)
194a80.23a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
195a80.23a8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ab5050
196a80.23a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ab5050
197a80.23a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F
198a80.23a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\SystemRoot\System32\ntdll.dll'
199a80.23a8: g_pfnWinVerifyTrust=00007fff6cc561f0
200a80.23a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
201a80.23a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
202a80.23a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
203a80.23a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
204a80.23a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
205a80.23a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
206a80.23a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
207a80.23a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
208a80.23a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
209a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x55c4ef205ae3d700 Email=ssl@server.9tv.co.il, CN=archive.9tv.co.il
210a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
211a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x52f35a23ad43e700 Email=ssl@server.9tv.co.il, CN=www.archive.9tv.co.il
212a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
213a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
214a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
215a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
216a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xdee05e72d2fce000 CN=spb2wks002.puls.local
217a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
218a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xbee9d764924fbb00 O=AO Kaspersky Lab, CN=Kaspersky Endpoint Security Personal Root Certificate
219a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x996f072e2fa7ec00 CN=spb2wks002.puls.local
220a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd140ebc339a98a2f CN=WZTeam
221a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x39c174e2854aa600 CN=TRASSIR
222a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf27194c5fa02d100 C=EN, CN=DigiCert SHA2 Extended Validation Server CA 2
223a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
224a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
225a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
226a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
227a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
228a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
229a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
230a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
231a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
232a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
233a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
234a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
235a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
236a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
237a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
238a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
239a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
240a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
241a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
242a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
243a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
244a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
245a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
246a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
247a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
248a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
249a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
250a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
251a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
252a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
253a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
254a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
255a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
256a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
257a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
258a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
259a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
260a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
261a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x37c8415723cdb100 DC=local, DC=puls, CN=PULS-CA
262a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe207b6374ba7a700 DC=local, DC=puls, CN=puls-RDP1-CA
263a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xea2fcc21464fba00 DC=local, DC=puls, CN=serv-p
264a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x74d616fa7976c000 DC=local, DC=puls, CN=serv-p
265a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
266a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x50b559415accb800 DC=local, DC=puls, CN=PULS-SERV2-P-CA
267a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x5e9001153632c500 DC=local, DC=puls, CN=serv-p
268a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x1622ad47ddeec900 DC=local, DC=puls, CN=serv-p
269a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xfe1db9b6ec9e9000 DC=local, DC=puls, CN=PULS-CA
270a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x627454ff6824be00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
271a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
272a80.23a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe18c1732f20ab00 DC=local, DC=puls, CN=puls-V-PRINT-SRV-CA
273a80.23a8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
274a80.23a8: SUPR3HardenedMain: Load Runtime...
275a80.23a8: SUPR3HardenedMain: Load TrustedMain...
276a80.23a8: SUPR3HardenedMain: Calling TrustedMain (00007fff39dc16c0)...
2773604.3b90: Log file opened: 6.1.12r139181 g_hStartupLog=00000000000002b8 g_uNtVerCombined=0xa047ba00
2783604.3b90: \SystemRoot\System32\ntdll.dll:
2793604.3b90: CreationTime: 2020-07-27T09:29:22.468662600Z
2803604.3b90: LastWriteTime: 2020-07-27T09:29:22.507631900Z
2813604.3b90: ChangeTime: 2020-07-28T06:10:52.472083500Z
2823604.3b90: FileAttributes: 0x20
2833604.3b90: Size: 0x1e8460
2843604.3b90: NT Headers: 0xd8
2853604.3b90: Timestamp: 0xb29ecf52
2863604.3b90: Machine: 0x8664 - amd64
2873604.3b90: Timestamp: 0xb29ecf52
2883604.3b90: Image Version: 10.0
2893604.3b90: SizeOfImage: 0x1f0000 (2031616)
2903604.3b90: Resource Dir: 0x17f000 LB 0x6f310
2913604.3b90: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2923604.3b90: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2933604.3b90: ProductName: Microsoft® Windows® Operating System
2943604.3b90: ProductVersion: 10.0.18362.815
2953604.3b90: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
2963604.3b90: FileDescription: NT Layer DLL
2973604.3b90: \SystemRoot\System32\kernel32.dll:
2983604.3b90: CreationTime: 2020-07-27T09:28:50.277970100Z
2993604.3b90: LastWriteTime: 2020-07-27T09:28:50.294953700Z
3003604.3b90: ChangeTime: 2020-07-28T06:10:41.051213400Z
3013604.3b90: FileAttributes: 0x20
3023604.3b90: Size: 0xb0498
3033604.3b90: NT Headers: 0xe8
3043604.3b90: Timestamp: 0xce6bbd73
3053604.3b90: Machine: 0x8664 - amd64
3063604.3b90: Timestamp: 0xce6bbd73
3073604.3b90: Image Version: 10.0
3083604.3b90: SizeOfImage: 0xb2000 (729088)
3093604.3b90: Resource Dir: 0xb0000 LB 0x520
3103604.3b90: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3113604.3b90: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3123604.3b90: ProductName: Microsoft® Windows® Operating System
3133604.3b90: ProductVersion: 10.0.18362.959
3143604.3b90: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
3153604.3b90: FileDescription: Windows NT BASE API Client DLL
3163604.3b90: \SystemRoot\System32\KernelBase.dll:
3173604.3b90: CreationTime: 2020-07-27T09:29:23.091189900Z
3183604.3b90: LastWriteTime: 2020-07-27T09:29:23.150058300Z
3193604.3b90: ChangeTime: 2020-07-28T06:10:50.315875600Z
3203604.3b90: FileAttributes: 0x20
3213604.3b90: Size: 0x2a4058
3223604.3b90: NT Headers: 0xf8
3233604.3b90: Timestamp: 0x7b90c1b5
3243604.3b90: Machine: 0x8664 - amd64
3253604.3b90: Timestamp: 0x7b90c1b5
3263604.3b90: Image Version: 10.0
3273604.3b90: SizeOfImage: 0x2a4000 (2768896)
3283604.3b90: Resource Dir: 0x27e000 LB 0x548
3293604.3b90: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3303604.3b90: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3313604.3b90: ProductName: Microsoft® Windows® Operating System
3323604.3b90: ProductVersion: 10.0.18362.959
3333604.3b90: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
3343604.3b90: FileDescription: Windows NT BASE API Client DLL
3353604.3b90: \SystemRoot\System32\apisetschema.dll:
3363604.3b90: CreationTime: 2019-03-19T04:43:54.837151500Z
3373604.3b90: LastWriteTime: 2019-03-19T04:43:54.837151500Z
3383604.3b90: ChangeTime: 2020-07-27T09:30:52.160553000Z
3393604.3b90: FileAttributes: 0x20
3403604.3b90: Size: 0x1d028
3413604.3b90: NT Headers: 0xc8
3423604.3b90: Timestamp: 0xd6ced080
3433604.3b90: Machine: 0x8664 - amd64
3443604.3b90: Timestamp: 0xd6ced080
3453604.3b90: Image Version: 10.0
3463604.3b90: SizeOfImage: 0x1e000 (122880)
3473604.3b90: Resource Dir: 0x1d000 LB 0x408
3483604.3b90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3493604.3b90: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3503604.3b90: ProductName: Microsoft® Windows® Operating System
3513604.3b90: ProductVersion: 10.0.18362.1
3523604.3b90: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
3533604.3b90: FileDescription: ApiSet Schema DLL
3543604.3b90: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3553604.3b90: supR3HardenedWinFindAdversaries: 0x840
3563604.3b90: \SystemRoot\System32\drivers\klflt.sys:
3573604.3b90: CreationTime: 2020-03-06T08:53:28.856343500Z
3583604.3b90: LastWriteTime: 2020-03-12T20:48:02.000000000Z
3593604.3b90: ChangeTime: 2020-05-15T10:01:19.828084100Z
3603604.3b90: FileAttributes: 0x20
3613604.3b90: Size: 0x3f100
3623604.3b90: NT Headers: 0xf8
3633604.3b90: Timestamp: 0x5e6a66e9
3643604.3b90: Machine: 0x8664 - amd64
3653604.3b90: Timestamp: 0x5e6a66e9
3663604.3b90: Image Version: 6.1
3673604.3b90: SizeOfImage: 0x4d000 (315392)
3683604.3b90: Resource Dir: 0x4a000 LB 0x430
3693604.3b90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3703604.3b90: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3713604.3b90: ProductName: Coretech Delivery
3723604.3b90: ProductVersion: 30.289.132.0-e369c7d411
3733604.3b90: FileVersion: 30.289.132.0
3743604.3b90: FileDescription: Filter Core [fre_win7_x64]
3753604.3b90: \SystemRoot\System32\drivers\klif.sys:
3763604.3b90: CreationTime: 2020-03-06T08:53:28.861361800Z
3773604.3b90: LastWriteTime: 2020-03-12T20:48:04.000000000Z
3783604.3b90: ChangeTime: 2020-05-15T10:01:19.795147700Z
3793604.3b90: FileAttributes: 0x20
3803604.3b90: Size: 0x12d500
3813604.3b90: NT Headers: 0x100
3823604.3b90: Timestamp: 0x5e6a6704
3833604.3b90: Machine: 0x8664 - amd64
3843604.3b90: Timestamp: 0x5e6a6704
3853604.3b90: Image Version: 6.1
3863604.3b90: SizeOfImage: 0x12f000 (1241088)
3873604.3b90: Resource Dir: 0x125000 LB 0x3410
3883604.3b90: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
3893604.3b90: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
3903604.3b90: ProductName: Coretech Delivery
3913604.3b90: ProductVersion: 30.289.132.0-e369c7d411
3923604.3b90: FileVersion: 30.289.132.0
3933604.3b90: FileDescription: Core System Interceptors [fre_win7_x64]
3943604.3b90: \SystemRoot\System32\drivers\klim6.sys:
3953604.3b90: CreationTime: 2019-01-28T00:49:40.000000000Z
3963604.3b90: LastWriteTime: 2020-03-05T01:33:42.000000000Z
3973604.3b90: ChangeTime: 2020-05-15T10:01:20.628593700Z
3983604.3b90: FileAttributes: 0x20
3993604.3b90: Size: 0x159f0
4003604.3b90: NT Headers: 0xe0
4013604.3b90: Timestamp: 0x8c875967
4023604.3b90: Machine: 0x8664 - amd64
4033604.3b90: Timestamp: 0x8c875967
4043604.3b90: Image Version: 6.1
4053604.3b90: SizeOfImage: 0x12000 (73728)
4063604.3b90: Resource Dir: 0x10000 LB 0x448
4073604.3b90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4083604.3b90: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
4093604.3b90: ProductName: Coretech Delivery
4103604.3b90: ProductVersion: 30.289.126.0-2a58c6003b
4113604.3b90: FileVersion: 30.289.126.0
4123604.3b90: FileDescription: Packet Network Filter [fre_win7_x64]
4133604.3b90: \SystemRoot\System32\drivers\kneps.sys:
4143604.3b90: CreationTime: 2019-04-29T04:50:14.000000000Z
4153604.3b90: LastWriteTime: 2020-03-06T02:31:48.000000000Z
4163604.3b90: ChangeTime: 2020-05-15T10:01:20.486058100Z
4173604.3b90: FileAttributes: 0x20
4183604.3b90: Size: 0x44300
4193604.3b90: NT Headers: 0xf8
4203604.3b90: Timestamp: 0x359fc650
4213604.3b90: Machine: 0x8664 - amd64
4223604.3b90: Timestamp: 0x359fc650
4233604.3b90: Image Version: 6.1
4243604.3b90: SizeOfImage: 0x44000 (278528)
4253604.3b90: Resource Dir: 0x41000 LB 0x440
4263604.3b90: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4273604.3b90: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
4283604.3b90: ProductName: Coretech Delivery
4293604.3b90: ProductVersion: 30.289.126.0-2a58c6003b
4303604.3b90: FileVersion: 30.289.126.0
4313604.3b90: FileDescription: Network Processor [fre_win7_x64]
4323604.3b90: \SystemRoot\System32\drivers\inspect.sys:
4333604.3b90: CreationTime: 2019-10-22T10:41:08.000000000Z
4343604.3b90: LastWriteTime: 2019-10-22T10:41:08.000000000Z
4353604.3b90: ChangeTime: 2019-12-12T12:56:19.421137100Z
4363604.3b90: FileAttributes: 0x20
4373604.3b90: Size: 0x137c8
4383604.3b90: NT Headers: 0xf8
4393604.3b90: Timestamp: 0x5cfbc135
4403604.3b90: Machine: 0x8664 - amd64
4413604.3b90: Timestamp: 0x5cfbc135
4423604.3b90: Image Version: 10.0
4433604.3b90: SizeOfImage: 0x14000 (81920)
4443604.3b90: Resource Dir: 0x12000 LB 0x690
4453604.3b90: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
4463604.3b90: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
4473604.3b90: ProductName: DOZOR Agent
4483604.3b90: ProductVersion: 3.3.0.0
4493604.3b90: FileVersion: 1.0.1.3
4503604.3b90: FileDescription: Process Control Driver
4513604.3b90: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4523604.3b90: Calling main()
4533604.3b90: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
4543604.3b90: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4553604.3b90: SUPR3HardenedMain: Respawn #1
4563604.3b90: System32: \Device\HarddiskVolume4\Windows\System32
4573604.3b90: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
4583604.3b90: KnownDllPath: C:\WINDOWS\System32
4593604.3b90: supR3HardenedWinInit: Performing a limited self purification...
4603604.3b90: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
4613604.3b90: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000
4623604.3b90: *0000000000b20000-0000000000b2ffff 0x0004/0x0004 0x0040000
4633604.3b90: *0000000000b30000-0000000000b33fff 0x0002/0x0002 0x0040000
4643604.3b90: 0000000000b34000-0000000000b37fff 0x0000/0x0002 0x0040000
4653604.3b90: 0000000000b38000-0000000000b3ffff 0x0001/0x0000 0x0000000
4663604.3b90: *0000000000b40000-0000000000b5afff 0x0002/0x0002 0x0040000
4673604.3b90: 0000000000b5b000-0000000000b5ffff 0x0001/0x0000 0x0000000
4683604.3b90: *0000000000b60000-0000000000b60fff 0x0020/0x0020 0x0020000 !!
4693604.3b90: 0000000000b61000-0000000000b6ffff 0x0001/0x0000 0x0000000
4703604.3b90: *0000000000b70000-0000000000b73fff 0x0002/0x0002 0x0040000
4713604.3b90: 0000000000b74000-0000000000b7ffff 0x0001/0x0000 0x0000000
4723604.3b90: *0000000000b80000-0000000000b81fff 0x0004/0x0004 0x0020000
4733604.3b90: 0000000000b82000-0000000000b8ffff 0x0001/0x0000 0x0000000
4743604.3b90: *0000000000b90000-0000000000b91fff 0x0004/0x0004 0x0020000
4753604.3b90: 0000000000b92000-0000000000bc1fff 0x0000/0x0004 0x0020000
4763604.3b90: 0000000000bc2000-0000000000bfffff 0x0001/0x0000 0x0000000
4773604.3b90: *0000000000c00000-0000000000c69fff 0x0000/0x0004 0x0020000
4783604.3b90: 0000000000c6a000-0000000000c74fff 0x0004/0x0004 0x0020000
4793604.3b90: 0000000000c75000-0000000000dfffff 0x0000/0x0004 0x0020000
4803604.3b90: *0000000000e00000-0000000000eb0fff 0x0000/0x0004 0x0020000
4813604.3b90: 0000000000eb1000-0000000000eb3fff 0x0104/0x0004 0x0020000
4823604.3b90: 0000000000eb4000-0000000000efffff 0x0004/0x0004 0x0020000
4833604.3b90: *0000000000f00000-0000000000fc6fff 0x0002/0x0002 0x0040000
4843604.3b90: 0000000000fc7000-0000000000fcffff 0x0001/0x0000 0x0000000
4853604.3b90: *0000000000fd0000-0000000000fd0fff 0x0004/0x0004 0x0020000
4863604.3b90: 0000000000fd1000-0000000001001fff 0x0000/0x0004 0x0020000
4873604.3b90: 0000000001002000-000000000100ffff 0x0001/0x0000 0x0000000
4883604.3b90: *0000000001010000-0000000001011fff 0x0004/0x0004 0x0020000
4893604.3b90: 0000000001012000-0000000001041fff 0x0000/0x0004 0x0020000
4903604.3b90: 0000000001042000-000000000105ffff 0x0001/0x0000 0x0000000
4913604.3b90: *0000000001060000-00000000010d8fff 0x0004/0x0004 0x0020000
4923604.3b90: 00000000010d9000-00000000010d9fff 0x0000/0x0004 0x0020000
4933604.3b90: 00000000010da000-00000000010e9fff 0x0004/0x0004 0x0020000
4943604.3b90: 00000000010ea000-00000000010fcfff 0x0000/0x0004 0x0020000
4953604.3b90: 00000000010fd000-00000000010fdfff 0x0004/0x0004 0x0020000
4963604.3b90: 00000000010fe000-000000000115ffff 0x0000/0x0004 0x0020000
4973604.3b90: *0000000001160000-000000000125afff 0x0000/0x0004 0x0020000
4983604.3b90: 000000000125b000-000000000125dfff 0x0104/0x0004 0x0020000
4993604.3b90: 000000000125e000-000000000125ffff 0x0004/0x0004 0x0020000
5003604.3b90: *0000000001260000-000000000135afff 0x0000/0x0004 0x0020000
5013604.3b90: 000000000135b000-000000000135dfff 0x0104/0x0004 0x0020000
5023604.3b90: 000000000135e000-000000000135ffff 0x0004/0x0004 0x0020000
5033604.3b90: *0000000001360000-000000000145afff 0x0000/0x0004 0x0020000
5043604.3b90: 000000000145b000-000000000145dfff 0x0104/0x0004 0x0020000
5053604.3b90: 000000000145e000-000000000145ffff 0x0004/0x0004 0x0020000
5063604.3b90: *0000000001460000-0000000001473fff 0x0002/0x0002 0x0040000
5073604.3b90: 0000000001474000-000000000165ffff 0x0000/0x0002 0x0040000
5083604.3b90: *0000000001660000-00000000017e0fff 0x0002/0x0002 0x0040000
5093604.3b90: 00000000017e1000-00000000017effff 0x0001/0x0000 0x0000000
5103604.3b90: *00000000017f0000-0000000001890fff 0x0002/0x0002 0x0040000
5113604.3b90: 0000000001891000-0000000002bf0fff 0x0000/0x0002 0x0040000
5123604.3b90: 0000000002bf1000-0000000002bfffff 0x0001/0x0000 0x0000000
5133604.3b90: *0000000002c00000-0000000002cfafff 0x0000/0x0004 0x0020000
5143604.3b90: 0000000002cfb000-0000000002cfdfff 0x0104/0x0004 0x0020000
5153604.3b90: 0000000002cfe000-0000000002cfffff 0x0004/0x0004 0x0020000
5163604.3b90: 0000000002d00000-0000000002ddffff 0x0001/0x0000 0x0000000
5173604.3b90: *0000000002de0000-0000000002de6fff 0x0004/0x0004 0x0020000
5183604.3b90: 0000000002de7000-0000000002deffff 0x0000/0x0004 0x0020000
5193604.3b90: *0000000002df0000-00000000041f0fff 0x0004/0x0004 0x0040000
5203604.3b90: 00000000041f1000-00000000041fffff 0x0001/0x0000 0x0000000
5213604.3b90: *0000000004200000-000000000421cfff 0x0004/0x0004 0x0020000
5223604.3b90: 000000000421d000-00000000042fffff 0x0000/0x0004 0x0020000
5233604.3b90: 0000000004300000-000000000438ffff 0x0001/0x0000 0x0000000
5243604.3b90: *0000000004390000-0000000004393fff 0x0004/0x0004 0x0020000
5253604.3b90: 0000000004394000-000000000439ffff 0x0000/0x0004 0x0020000
5263604.3b90: *00000000043a0000-00000000046d6fff 0x0002/0x0002 0x0040000
5273604.3b90: 00000000046d7000-00000000048cffff 0x0001/0x0000 0x0000000
5283604.3b90: *00000000048d0000-00000000048defff 0x0004/0x0004 0x0020000
5293604.3b90: 00000000048df000-00000000048dffff 0x0000/0x0004 0x0020000
5303604.3b90: *00000000048e0000-00000000048eafff 0x0000/0x0004 0x0020000
5313604.3b90: 00000000048eb000-0000000004adbfff 0x0004/0x0004 0x0020000
5323604.3b90: 0000000004adc000-0000000004adcfff 0x0000/0x0004 0x0020000
5333604.3b90: 0000000004add000-000000007ffdffff 0x0001/0x0000 0x0000000
5343604.3b90: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5353604.3b90: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
5363604.3b90: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
5373604.3b90: 000000007fff0000-00007ff4883fffff 0x0001/0x0000 0x0000000
5383604.3b90: *00007ff488400000-00007ff488404fff 0x0002/0x0002 0x0040000
5393604.3b90: 00007ff488405000-00007ff4884fffff 0x0000/0x0002 0x0040000
5403604.3b90: *00007ff488500000-00007ff58851ffff 0x0000/0x0004 0x0020000
5413604.3b90: *00007ff588520000-00007ff58a51ffff 0x0000/0x0004 0x0020000
5423604.3b90: 00007ff58a520000-00007ff58a520fff 0x0004/0x0004 0x0020000
5433604.3b90: 00007ff58a521000-00007ff58a52ffff 0x0001/0x0000 0x0000000
5443604.3b90: *00007ff58a530000-00007ff58a530fff 0x0002/0x0002 0x0040000
5453604.3b90: 00007ff58a531000-00007ff58a53ffff 0x0001/0x0000 0x0000000
5463604.3b90: *00007ff58a540000-00007ff58a562fff 0x0002/0x0002 0x0040000
5473604.3b90: 00007ff58a563000-00007ff62c2effff 0x0001/0x0000 0x0000000
5483604.3b90: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5493604.3b90: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5503604.3b90: 00007ff62c367000-00007ff62c367fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5513604.3b90: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5523604.3b90: 00007ff62c3b0000-00007ff62c3b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5533604.3b90: 00007ff62c3b3000-00007ff62c3b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5543604.3b90: 00007ff62c3b6000-00007ff62c3b8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5553604.3b90: 00007ff62c3b9000-00007ff62c3b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5563604.3b90: 00007ff62c3ba000-00007ff62c3bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5573604.3b90: 00007ff62c3bc000-00007ff62c3bcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5583604.3b90: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5593604.3b90: 00007ff62c406000-00007fff6815ffff 0x0001/0x0000 0x0000000
5603604.3b90: *00007fff68160000-00007fff68160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5613604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68160000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
5623604.3b90: 00007fff68161000-00007fff6816efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5633604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68161000 LB 0xe000 (base 00007fff68160000) - 'samcli.dll'
5643604.3b90: 00007fff6816f000-00007fff68172fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5653604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6816f000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
5663604.3b90: 00007fff68173000-00007fff68173fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5673604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68173000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
5683604.3b90: 00007fff68174000-00007fff68177fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5693604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68174000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
5703604.3b90: 00007fff68178000-00007fff6817ffff 0x0001/0x0000 0x0000000
5713604.3b90: *00007fff68180000-00007fff68180fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5723604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68180000 LB 0x1000 (base 00007fff68180000) - 'winmmbase.dll'
5733604.3b90: 00007fff68181000-00007fff6819cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5743604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68181000 LB 0x1c000 (base 00007fff68180000) - 'winmmbase.dll'
5753604.3b90: 00007fff6819d000-00007fff681a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5763604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6819d000 LB 0x9000 (base 00007fff68180000) - 'winmmbase.dll'
5773604.3b90: 00007fff681a6000-00007fff681a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5783604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a6000 LB 0x2000 (base 00007fff68180000) - 'winmmbase.dll'
5793604.3b90: 00007fff681a8000-00007fff681acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5803604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a8000 LB 0x5000 (base 00007fff68180000) - 'winmmbase.dll'
5813604.3b90: 00007fff681ad000-00007fff681affff 0x0001/0x0000 0x0000000
5823604.3b90: *00007fff681b0000-00007fff681b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5833604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b0000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
5843604.3b90: 00007fff681b1000-00007fff681c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5853604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b1000 LB 0x10000 (base 00007fff681b0000) - 'mpr.dll'
5863604.3b90: 00007fff681c1000-00007fff681c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5873604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c1000 LB 0x5000 (base 00007fff681b0000) - 'mpr.dll'
5883604.3b90: 00007fff681c6000-00007fff681c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5893604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c6000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
5903604.3b90: 00007fff681c7000-00007fff681cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5913604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c7000 LB 0x4000 (base 00007fff681b0000) - 'mpr.dll'
5923604.3b90: 00007fff681cb000-00007fff681cffff 0x0001/0x0000 0x0000000
5933604.3b90: *00007fff681d0000-00007fff681d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
5943604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d0000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
5953604.3b90: 00007fff681d1000-00007fff681dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
5963604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d1000 LB 0xa000 (base 00007fff681d0000) - 'netapi32.dll'
5973604.3b90: 00007fff681db000-00007fff681e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
5983604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681db000 LB 0x7000 (base 00007fff681d0000) - 'netapi32.dll'
5993604.3b90: 00007fff681e2000-00007fff681e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6003604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e2000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
6013604.3b90: 00007fff681e3000-00007fff681e6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6023604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e3000 LB 0x4000 (base 00007fff681d0000) - 'netapi32.dll'
6033604.3b90: 00007fff681e7000-00007fff681effff 0x0001/0x0000 0x0000000
6043604.3b90: *00007fff681f0000-00007fff681f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6053604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f0000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
6063604.3b90: 00007fff681f1000-00007fff68201fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6073604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f1000 LB 0x11000 (base 00007fff681f0000) - 'msacm32.dll'
6083604.3b90: 00007fff68202000-00007fff68206fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6093604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68202000 LB 0x5000 (base 00007fff681f0000) - 'msacm32.dll'
6103604.3b90: 00007fff68207000-00007fff68207fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6113604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68207000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
6123604.3b90: 00007fff68208000-00007fff6820bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6133604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68208000 LB 0x4000 (base 00007fff681f0000) - 'msacm32.dll'
6143604.3b90: 00007fff6820c000-00007fff6821ffff 0x0001/0x0000 0x0000000
6153604.3b90: *00007fff68220000-00007fff68220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6163604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68220000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
6173604.3b90: 00007fff68221000-00007fff68223fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6183604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68221000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
6193604.3b90: 00007fff68224000-00007fff68225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6203604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68224000 LB 0x2000 (base 00007fff68220000) - 'version.dll'
6213604.3b90: 00007fff68226000-00007fff68226fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6223604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68226000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
6233604.3b90: 00007fff68227000-00007fff68229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6243604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68227000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
6253604.3b90: 00007fff6822a000-00007fff68acffff 0x0001/0x0000 0x0000000
6263604.3b90: *00007fff68ad0000-00007fff68ad0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6273604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad0000 LB 0x1000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6283604.3b90: 00007fff68ad1000-00007fff68c39fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6293604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad1000 LB 0x169000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6303604.3b90: 00007fff68c3a000-00007fff68cbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6313604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68c3a000 LB 0x85000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6323604.3b90: 00007fff68cbf000-00007fff68cc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6333604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cbf000 LB 0x2000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6343604.3b90: 00007fff68cc1000-00007fff68cc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6353604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc1000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6363604.3b90: 00007fff68cc4000-00007fff68cc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6373604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc4000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6383604.3b90: 00007fff68cc7000-00007fff68cdcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6393604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc7000 LB 0x16000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6403604.3b90: 00007fff68cdd000-00007fff6bb3ffff 0x0001/0x0000 0x0000000
6413604.3b90: *00007fff6bb40000-00007fff6bb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6423604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb40000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6433604.3b90: 00007fff6bb41000-00007fff6bb69fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6443604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb41000 LB 0x29000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6453604.3b90: 00007fff6bb6a000-00007fff6bb73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6463604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb6a000 LB 0xa000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6473604.3b90: 00007fff6bb74000-00007fff6bb74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6483604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb74000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6493604.3b90: 00007fff6bb75000-00007fff6bb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6503604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb75000 LB 0x5000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6513604.3b90: 00007fff6bb7a000-00007fff6c61ffff 0x0001/0x0000 0x0000000
6523604.3b90: *00007fff6c620000-00007fff6c620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6533604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c620000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
6543604.3b90: 00007fff6c621000-00007fff6c628fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6553604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c621000 LB 0x8000 (base 00007fff6c620000) - 'umpdc.dll'
6563604.3b90: 00007fff6c629000-00007fff6c62bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6573604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c629000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
6583604.3b90: 00007fff6c62c000-00007fff6c62cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6593604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62c000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
6603604.3b90: 00007fff6c62d000-00007fff6c62ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6613604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62d000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
6623604.3b90: 00007fff6c630000-00007fff6c64ffff 0x0001/0x0000 0x0000000
6633604.3b90: *00007fff6c650000-00007fff6c650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6643604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c650000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6653604.3b90: 00007fff6c651000-00007fff6c654fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6663604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c651000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6673604.3b90: 00007fff6c655000-00007fff6c65bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6683604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c655000 LB 0x7000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6693604.3b90: 00007fff6c65c000-00007fff6c65cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6703604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65c000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6713604.3b90: 00007fff6c65d000-00007fff6c660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6723604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65d000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6733604.3b90: 00007fff6c661000-00007fff6c66ffff 0x0001/0x0000 0x0000000
6743604.3b90: *00007fff6c670000-00007fff6c670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6753604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c670000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
6763604.3b90: 00007fff6c671000-00007fff6c681fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6773604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c671000 LB 0x11000 (base 00007fff6c670000) - 'powrprof.dll'
6783604.3b90: 00007fff6c682000-00007fff6c68bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6793604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c682000 LB 0xa000 (base 00007fff6c670000) - 'powrprof.dll'
6803604.3b90: 00007fff6c68c000-00007fff6c68cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6813604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68c000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
6823604.3b90: 00007fff6c68d000-00007fff6c6b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6833604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68d000 LB 0x2d000 (base 00007fff6c670000) - 'powrprof.dll'
6843604.3b90: 00007fff6c6ba000-00007fff6c6bffff 0x0001/0x0000 0x0000000
6853604.3b90: *00007fff6c6c0000-00007fff6c6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6863604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c0000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
6873604.3b90: 00007fff6c6c1000-00007fff6c6d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6883604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c1000 LB 0x14000 (base 00007fff6c6c0000) - 'profapi.dll'
6893604.3b90: 00007fff6c6d5000-00007fff6c6dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6903604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6d5000 LB 0x8000 (base 00007fff6c6c0000) - 'profapi.dll'
6913604.3b90: 00007fff6c6dd000-00007fff6c6ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6923604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6dd000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
6933604.3b90: 00007fff6c6de000-00007fff6c6e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6943604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6de000 LB 0x5000 (base 00007fff6c6c0000) - 'profapi.dll'
6953604.3b90: 00007fff6c6e3000-00007fff6c6effff 0x0001/0x0000 0x0000000
6963604.3b90: *00007fff6c6f0000-00007fff6c6f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
6973604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f0000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
6983604.3b90: 00007fff6c6f1000-00007fff6c6fafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
6993604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f1000 LB 0xa000 (base 00007fff6c6f0000) - 'win32u.dll'
7003604.3b90: 00007fff6c6fb000-00007fff6c709fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7013604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6fb000 LB 0xf000 (base 00007fff6c6f0000) - 'win32u.dll'
7023604.3b90: 00007fff6c70a000-00007fff6c70afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7033604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70a000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
7043604.3b90: 00007fff6c70b000-00007fff6c710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7053604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70b000 LB 0x6000 (base 00007fff6c6f0000) - 'win32u.dll'
7063604.3b90: 00007fff6c711000-00007fff6c7cffff 0x0001/0x0000 0x0000000
7073604.3b90: *00007fff6c7d0000-00007fff6c7d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7083604.3b90: 00007fff6c7d1000-00007fff6c8d5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7093604.3b90: 00007fff6c8d6000-00007fff6ca38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7103604.3b90: 00007fff6ca39000-00007fff6ca3cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7113604.3b90: 00007fff6ca3d000-00007fff6ca3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7123604.3b90: 00007fff6ca3e000-00007fff6ca73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7133604.3b90: 00007fff6ca74000-00007fff6ca7ffff 0x0001/0x0000 0x0000000
7143604.3b90: *00007fff6ca80000-00007fff6ca80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7153604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca80000 LB 0x1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7163604.3b90: 00007fff6ca81000-00007fff6cb31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7173604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca81000 LB 0xb1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7183604.3b90: 00007fff6cb32000-00007fff6cb69fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7193604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb32000 LB 0x38000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7203604.3b90: 00007fff6cb6a000-00007fff6cb6cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7213604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6a000 LB 0x3000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7223604.3b90: 00007fff6cb6d000-00007fff6cb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7233604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6d000 LB 0xd000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7243604.3b90: 00007fff6cb7a000-00007fff6cb7ffff 0x0001/0x0000 0x0000000
7253604.3b90: *00007fff6cb80000-00007fff6cb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7263604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb80000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7273604.3b90: 00007fff6cb81000-00007fff6cbb3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7283604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb81000 LB 0x33000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7293604.3b90: 00007fff6cbb4000-00007fff6cbc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7303604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbb4000 LB 0xe000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7313604.3b90: 00007fff6cbc2000-00007fff6cbc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7323604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc2000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7333604.3b90: 00007fff6cbc3000-00007fff6cbc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7343604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc3000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7353604.3b90: 00007fff6cbc4000-00007fff6cbc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7363604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc4000 LB 0x6000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7373604.3b90: 00007fff6cbca000-00007fff6cbcffff 0x0001/0x0000 0x0000000
7383604.3b90: *00007fff6cbd0000-00007fff6cbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7393604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd0000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7403604.3b90: 00007fff6cbd1000-00007fff6cc36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7413604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd1000 LB 0x66000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7423604.3b90: 00007fff6cc37000-00007fff6cc49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7433604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc37000 LB 0x13000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7443604.3b90: 00007fff6cc4a000-00007fff6cc4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7453604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4a000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7463604.3b90: 00007fff6cc4b000-00007fff6cc4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7473604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4b000 LB 0x5000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7483604.3b90: 00007fff6cc50000-00007fff6ccaffff 0x0001/0x0000 0x0000000
7493604.3b90: *00007fff6ccb0000-00007fff6ccb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7503604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb0000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7513604.3b90: 00007fff6ccb1000-00007fff6ccbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7523604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb1000 LB 0xb000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7533604.3b90: 00007fff6ccbc000-00007fff6ccc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7543604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccbc000 LB 0x6000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7553604.3b90: 00007fff6ccc2000-00007fff6ccc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7563604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc2000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7573604.3b90: 00007fff6ccc3000-00007fff6ccc6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7583604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc3000 LB 0x4000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7593604.3b90: 00007fff6ccc7000-00007fff6cccffff 0x0001/0x0000 0x0000000
7603604.3b90: *00007fff6ccd0000-00007fff6ccd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7613604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7623604.3b90: 00007fff6ccd1000-00007fff6cce9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7633604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd1000 LB 0x19000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7643604.3b90: 00007fff6ccea000-00007fff6cceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7653604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccea000 LB 0x6000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7663604.3b90: 00007fff6ccf0000-00007fff6ccf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7673604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7683604.3b90: 00007fff6ccf1000-00007fff6ccf5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7693604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf1000 LB 0x5000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7703604.3b90: 00007fff6ccf6000-00007fff6ce4ffff 0x0001/0x0000 0x0000000
7713604.3b90: *00007fff6ce50000-00007fff6ce50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7723604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce50000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
7733604.3b90: 00007fff6ce51000-00007fff6d396fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7743604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce51000 LB 0x546000 (base 00007fff6ce50000) - 'windows.storage.dll'
7753604.3b90: 00007fff6d397000-00007fff6d553fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7763604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d397000 LB 0x1bd000 (base 00007fff6ce50000) - 'windows.storage.dll'
7773604.3b90: 00007fff6d554000-00007fff6d560fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7783604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d554000 LB 0xd000 (base 00007fff6ce50000) - 'windows.storage.dll'
7793604.3b90: 00007fff6d561000-00007fff6d561fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7803604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d561000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
7813604.3b90: 00007fff6d562000-00007fff6d5d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7823604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d562000 LB 0x70000 (base 00007fff6ce50000) - 'windows.storage.dll'
7833604.3b90: 00007fff6d5d2000-00007fff6d5dffff 0x0001/0x0000 0x0000000
7843604.3b90: *00007fff6d5e0000-00007fff6d5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7853604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e0000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7863604.3b90: 00007fff6d5e1000-00007fff6d6b2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7873604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e1000 LB 0xd2000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7883604.3b90: 00007fff6d6b3000-00007fff6d753fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7893604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d6b3000 LB 0xa1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7903604.3b90: 00007fff6d754000-00007fff6d757fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7913604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d754000 LB 0x4000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7923604.3b90: 00007fff6d758000-00007fff6d758fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7933604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d758000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7943604.3b90: 00007fff6d759000-00007fff6d775fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7953604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d759000 LB 0x1d000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7963604.3b90: 00007fff6d776000-00007fff6d77ffff 0x0001/0x0000 0x0000000
7973604.3b90: *00007fff6d780000-00007fff6d780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
7983604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d780000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
7993604.3b90: 00007fff6d781000-00007fff6d7d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8003604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d781000 LB 0x54000 (base 00007fff6d780000) - 'msvcp_win.dll'
8013604.3b90: 00007fff6d7d5000-00007fff6d811fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8023604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d7d5000 LB 0x3d000 (base 00007fff6d780000) - 'msvcp_win.dll'
8033604.3b90: 00007fff6d812000-00007fff6d812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8043604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d812000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
8053604.3b90: 00007fff6d813000-00007fff6d815fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8063604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d813000 LB 0x3000 (base 00007fff6d780000) - 'msvcp_win.dll'
8073604.3b90: 00007fff6d816000-00007fff6d81dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8083604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d816000 LB 0x8000 (base 00007fff6d780000) - 'msvcp_win.dll'
8093604.3b90: 00007fff6d81e000-00007fff6d83ffff 0x0001/0x0000 0x0000000
8103604.3b90: *00007fff6d840000-00007fff6d840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8113604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d840000 LB 0x1000 (base 00007fff6d840000) - 'setupapi.dll'
8123604.3b90: 00007fff6d841000-00007fff6d918fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8133604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d841000 LB 0xd8000 (base 00007fff6d840000) - 'setupapi.dll'
8143604.3b90: 00007fff6d919000-00007fff6d953fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8153604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d919000 LB 0x3b000 (base 00007fff6d840000) - 'setupapi.dll'
8163604.3b90: 00007fff6d954000-00007fff6d955fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8173604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d954000 LB 0x2000 (base 00007fff6d840000) - 'setupapi.dll'
8183604.3b90: 00007fff6d956000-00007fff6dcaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8193604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d956000 LB 0x35a000 (base 00007fff6d840000) - 'setupapi.dll'
8203604.3b90: 00007fff6dcb0000-00007fff6dd9ffff 0x0001/0x0000 0x0000000
8213604.3b90: *00007fff6dda0000-00007fff6dda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8223604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda0000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8233604.3b90: 00007fff6dda1000-00007fff6ddfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8243604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda1000 LB 0x5f000 (base 00007fff6dda0000) - 'advapi32.dll'
8253604.3b90: 00007fff6de00000-00007fff6de34fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8263604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de00000 LB 0x35000 (base 00007fff6dda0000) - 'advapi32.dll'
8273604.3b90: 00007fff6de35000-00007fff6de35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8283604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de35000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8293604.3b90: 00007fff6de36000-00007fff6de36fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8303604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de36000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8313604.3b90: 00007fff6de37000-00007fff6de38fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8323604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de37000 LB 0x2000 (base 00007fff6dda0000) - 'advapi32.dll'
8333604.3b90: 00007fff6de39000-00007fff6de39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8343604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de39000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8353604.3b90: 00007fff6de3a000-00007fff6de42fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8363604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de3a000 LB 0x9000 (base 00007fff6dda0000) - 'advapi32.dll'
8373604.3b90: 00007fff6de43000-00007fff6e10ffff 0x0001/0x0000 0x0000000
8383604.3b90: *00007fff6e110000-00007fff6e110fff 0x0040/0x0040 0x0020000 !!
8393604.3b90: 00007fff6e111000-00007fff6e11ffff 0x0001/0x0000 0x0000000
8403604.3b90: *00007fff6e120000-00007fff6e120fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8413604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e120000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
8423604.3b90: 00007fff6e121000-00007fff6e195fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8433604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e121000 LB 0x75000 (base 00007fff6e120000) - 'msvcrt.dll'
8443604.3b90: 00007fff6e196000-00007fff6e1aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8453604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e196000 LB 0x19000 (base 00007fff6e120000) - 'msvcrt.dll'
8463604.3b90: 00007fff6e1af000-00007fff6e1b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8473604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1af000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
8483604.3b90: 00007fff6e1b1000-00007fff6e1b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8493604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b1000 LB 0x3000 (base 00007fff6e120000) - 'msvcrt.dll'
8503604.3b90: 00007fff6e1b4000-00007fff6e1b5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8513604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b4000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
8523604.3b90: 00007fff6e1b6000-00007fff6e1b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8533604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b6000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
8543604.3b90: 00007fff6e1b7000-00007fff6e1bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8553604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b7000 LB 0x7000 (base 00007fff6e120000) - 'msvcrt.dll'
8563604.3b90: 00007fff6e1be000-00007fff6e1bffff 0x0001/0x0000 0x0000000
8573604.3b90: *00007fff6e1c0000-00007fff6e1c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8583604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c0000 LB 0x1000 (base 00007fff6e1c0000) - 'SHCore.dll'
8593604.3b90: 00007fff6e1c1000-00007fff6e231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8603604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c1000 LB 0x71000 (base 00007fff6e1c0000) - 'SHCore.dll'
8613604.3b90: 00007fff6e232000-00007fff6e257fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8623604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e232000 LB 0x26000 (base 00007fff6e1c0000) - 'SHCore.dll'
8633604.3b90: 00007fff6e258000-00007fff6e259fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8643604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e258000 LB 0x2000 (base 00007fff6e1c0000) - 'SHCore.dll'
8653604.3b90: 00007fff6e25a000-00007fff6e268fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8663604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e25a000 LB 0xf000 (base 00007fff6e1c0000) - 'SHCore.dll'
8673604.3b90: 00007fff6e269000-00007fff6e26ffff 0x0001/0x0000 0x0000000
8683604.3b90: *00007fff6e270000-00007fff6e270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8693604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e270000 LB 0x1000 (base 00007fff6e270000) - 'combase.dll'
8703604.3b90: 00007fff6e271000-00007fff6e48efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8713604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e271000 LB 0x21e000 (base 00007fff6e270000) - 'combase.dll'
8723604.3b90: 00007fff6e48f000-00007fff6e551fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8733604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e48f000 LB 0xc3000 (base 00007fff6e270000) - 'combase.dll'
8743604.3b90: 00007fff6e552000-00007fff6e557fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8753604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e552000 LB 0x6000 (base 00007fff6e270000) - 'combase.dll'
8763604.3b90: 00007fff6e558000-00007fff6e5a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8773604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e558000 LB 0x4d000 (base 00007fff6e270000) - 'combase.dll'
8783604.3b90: 00007fff6e5a5000-00007fff6e5affff 0x0001/0x0000 0x0000000
8793604.3b90: *00007fff6e5b0000-00007fff6e5b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8803604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
8813604.3b90: 00007fff6e5b1000-00007fff6e5bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8823604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b1000 LB 0xc000 (base 00007fff6e5b0000) - 'gdi32.dll'
8833604.3b90: 00007fff6e5bd000-00007fff6e5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8843604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5bd000 LB 0x13000 (base 00007fff6e5b0000) - 'gdi32.dll'
8853604.3b90: 00007fff6e5d0000-00007fff6e5d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8863604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
8873604.3b90: 00007fff6e5d1000-00007fff6e5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8883604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d1000 LB 0x5000 (base 00007fff6e5b0000) - 'gdi32.dll'
8893604.3b90: 00007fff6e5d6000-00007fff6e5dffff 0x0001/0x0000 0x0000000
8903604.3b90: *00007fff6e5e0000-00007fff6e5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8913604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e0000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
8923604.3b90: 00007fff6e5e1000-00007fff6e627fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8933604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e1000 LB 0x47000 (base 00007fff6e5e0000) - 'ws2_32.dll'
8943604.3b90: 00007fff6e628000-00007fff6e635fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8953604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e628000 LB 0xe000 (base 00007fff6e5e0000) - 'ws2_32.dll'
8963604.3b90: 00007fff6e636000-00007fff6e636fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8973604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e636000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
8983604.3b90: 00007fff6e637000-00007fff6e64efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8993604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e637000 LB 0x18000 (base 00007fff6e5e0000) - 'ws2_32.dll'
9003604.3b90: 00007fff6e64f000-00007fff6e64ffff 0x0001/0x0000 0x0000000
9013604.3b90: *00007fff6e650000-00007fff6e650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9023604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e650000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
9033604.3b90: 00007fff6e651000-00007fff6e67afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9043604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e651000 LB 0x2a000 (base 00007fff6e650000) - 'shlwapi.dll'
9053604.3b90: 00007fff6e67b000-00007fff6e69afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9063604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e67b000 LB 0x20000 (base 00007fff6e650000) - 'shlwapi.dll'
9073604.3b90: 00007fff6e69b000-00007fff6e69bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9083604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69b000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
9093604.3b90: 00007fff6e69c000-00007fff6e6a1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9103604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69c000 LB 0x6000 (base 00007fff6e650000) - 'shlwapi.dll'
9113604.3b90: 00007fff6e6a2000-00007fff6e6affff 0x0001/0x0000 0x0000000
9123604.3b90: *00007fff6e6b0000-00007fff6e6b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9133604.3b90: 00007fff6e6b1000-00007fff6e736fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9143604.3b90: 00007fff6e737000-00007fff6e756fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9153604.3b90: 00007fff6e757000-00007fff6e758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9163604.3b90: 00007fff6e759000-00007fff6e843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9173604.3b90: 00007fff6e844000-00007fff6e9fffff 0x0001/0x0000 0x0000000
9183604.3b90: *00007fff6ea00000-00007fff6ea00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9193604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea00000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9203604.3b90: 00007fff6ea01000-00007fff6ea01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9213604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea01000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9223604.3b90: 00007fff6ea02000-00007fff6ea03fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9233604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea02000 LB 0x2000 (base 00007fff6ea00000) - 'psapi.dll'
9243604.3b90: 00007fff6ea04000-00007fff6ea04fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9253604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea04000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9263604.3b90: 00007fff6ea05000-00007fff6ea07fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9273604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea05000 LB 0x3000 (base 00007fff6ea00000) - 'psapi.dll'
9283604.3b90: 00007fff6ea08000-00007fff6ea0ffff 0x0001/0x0000 0x0000000
9293604.3b90: *00007fff6ea10000-00007fff6ea10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9303604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea10000 LB 0x1000 (base 00007fff6ea10000) - 'ole32.dll'
9313604.3b90: 00007fff6ea11000-00007fff6eadafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9323604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea11000 LB 0xca000 (base 00007fff6ea10000) - 'ole32.dll'
9333604.3b90: 00007fff6eadb000-00007fff6eb37fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9343604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eadb000 LB 0x5d000 (base 00007fff6ea10000) - 'ole32.dll'
9353604.3b90: 00007fff6eb38000-00007fff6eb39fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9363604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb38000 LB 0x2000 (base 00007fff6ea10000) - 'ole32.dll'
9373604.3b90: 00007fff6eb3a000-00007fff6eb66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9383604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb3a000 LB 0x2d000 (base 00007fff6ea10000) - 'ole32.dll'
9393604.3b90: 00007fff6eb67000-00007fff6eb6ffff 0x0001/0x0000 0x0000000
9403604.3b90: *00007fff6eb70000-00007fff6eb70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9413604.3b90: 00007fff6eb71000-00007fff6ebe5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9423604.3b90: 00007fff6ebe6000-00007fff6ec17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9433604.3b90: 00007fff6ec18000-00007fff6ec18fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9443604.3b90: 00007fff6ec19000-00007fff6ec19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9453604.3b90: 00007fff6ec1a000-00007fff6ec21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9463604.3b90: 00007fff6ec22000-00007fff6ecaffff 0x0001/0x0000 0x0000000
9473604.3b90: *00007fff6ecb0000-00007fff6ecb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9483604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb0000 LB 0x1000 (base 00007fff6ecb0000) - 'shell32.dll'
9493604.3b90: 00007fff6ecb1000-00007fff6f20dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9503604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb1000 LB 0x55d000 (base 00007fff6ecb0000) - 'shell32.dll'
9513604.3b90: 00007fff6f20e000-00007fff6f327fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9523604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f20e000 LB 0x11a000 (base 00007fff6ecb0000) - 'shell32.dll'
9533604.3b90: 00007fff6f328000-00007fff6f32efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9543604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f328000 LB 0x7000 (base 00007fff6ecb0000) - 'shell32.dll'
9553604.3b90: 00007fff6f32f000-00007fff6f330fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9563604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f32f000 LB 0x2000 (base 00007fff6ecb0000) - 'shell32.dll'
9573604.3b90: 00007fff6f331000-00007fff6f395fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9583604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f331000 LB 0x65000 (base 00007fff6ecb0000) - 'shell32.dll'
9593604.3b90: 00007fff6f396000-00007fff6f39ffff 0x0001/0x0000 0x0000000
9603604.3b90: *00007fff6f3a0000-00007fff6f3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9613604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a0000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9623604.3b90: 00007fff6f3a1000-00007fff6f401fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9633604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a1000 LB 0x61000 (base 00007fff6f3a0000) - 'sechost.dll'
9643604.3b90: 00007fff6f402000-00007fff6f428fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9653604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f402000 LB 0x27000 (base 00007fff6f3a0000) - 'sechost.dll'
9663604.3b90: 00007fff6f429000-00007fff6f429fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9673604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f429000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9683604.3b90: 00007fff6f42a000-00007fff6f42afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9693604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42a000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9703604.3b90: 00007fff6f42b000-00007fff6f42cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9713604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42b000 LB 0x2000 (base 00007fff6f3a0000) - 'sechost.dll'
9723604.3b90: 00007fff6f42d000-00007fff6f436fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9733604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42d000 LB 0xa000 (base 00007fff6f3a0000) - 'sechost.dll'
9743604.3b90: 00007fff6f437000-00007fff6f44ffff 0x0001/0x0000 0x0000000
9753604.3b90: *00007fff6f450000-00007fff6f450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9763604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f450000 LB 0x1000 (base 00007fff6f450000) - 'rpcrt4.dll'
9773604.3b90: 00007fff6f451000-00007fff6f52dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9783604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f451000 LB 0xdd000 (base 00007fff6f450000) - 'rpcrt4.dll'
9793604.3b90: 00007fff6f52e000-00007fff6f558fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9803604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f52e000 LB 0x2b000 (base 00007fff6f450000) - 'rpcrt4.dll'
9813604.3b90: 00007fff6f559000-00007fff6f55afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9823604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f559000 LB 0x2000 (base 00007fff6f450000) - 'rpcrt4.dll'
9833604.3b90: 00007fff6f55b000-00007fff6f56ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9843604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f55b000 LB 0x15000 (base 00007fff6f450000) - 'rpcrt4.dll'
9853604.3b90: *00007fff6f570000-00007fff6f570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9863604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f570000 LB 0x1000 (base 00007fff6f570000) - 'oleaut32.dll'
9873604.3b90: 00007fff6f571000-00007fff6f5fdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9883604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f571000 LB 0x8d000 (base 00007fff6f570000) - 'oleaut32.dll'
9893604.3b90: 00007fff6f5fe000-00007fff6f623fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9903604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f5fe000 LB 0x26000 (base 00007fff6f570000) - 'oleaut32.dll'
9913604.3b90: 00007fff6f624000-00007fff6f626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9923604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f624000 LB 0x3000 (base 00007fff6f570000) - 'oleaut32.dll'
9933604.3b90: 00007fff6f627000-00007fff6f634fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9943604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f627000 LB 0xe000 (base 00007fff6f570000) - 'oleaut32.dll'
9953604.3b90: 00007fff6f635000-00007fff6f69ffff 0x0001/0x0000 0x0000000
9963604.3b90: *00007fff6f6a0000-00007fff6f6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
9973604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a0000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
9983604.3b90: 00007fff6f6a1000-00007fff6f6bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
9993604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a1000 LB 0x1c000 (base 00007fff6f6a0000) - 'imm32.dll'
10003604.3b90: 00007fff6f6bd000-00007fff6f6c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10013604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6bd000 LB 0x7000 (base 00007fff6f6a0000) - 'imm32.dll'
10023604.3b90: 00007fff6f6c4000-00007fff6f6c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10033604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c4000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
10043604.3b90: 00007fff6f6c5000-00007fff6f6cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10053604.3b90: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c5000 LB 0x9000 (base 00007fff6f6a0000) - 'imm32.dll'
10063604.3b90: 00007fff6f6ce000-00007fff6f78ffff 0x0001/0x0000 0x0000000
10073604.3b90: *00007fff6f790000-00007fff6f790fff 0x0040/0x0040 0x0020000 !!
10083604.3b90: 00007fff6f791000-00007fff6f79ffff 0x0001/0x0000 0x0000000
10093604.3b90: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10103604.3b90: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10113604.3b90: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10123604.3b90: 00007fff6f8ff000-00007fff6f8fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10133604.3b90: 00007fff6f900000-00007fff6f901fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10143604.3b90: 00007fff6f902000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10153604.3b90: 00007fff6f90b000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10163604.3b90: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
10173604.3b90: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
10183604.3b90: user32.dll: timestamp 0xee4ef0d0 (rc=VINF_SUCCESS)
10193604.3b90: kernelbase.dll: timestamp 0x7b90c1b5 (rc=VINF_SUCCESS)
10203604.3b90: VBoxHeadless.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS)
10213604.3b90: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
10223604.3b90: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
10233604.3b90: ntdll.dll: Differences in section #1 (.text) between file and memory:
10243604.3b90: 00007fff6f80a880 / 0x006a880: 40 != e9
10253604.3b90: 00007fff6f80a881 / 0x006a881: 53 != 4f
10263604.3b90: 00007fff6f80a882 / 0x006a882: 48 != 67
10273604.3b90: 00007fff6f80a883 / 0x006a883: 83 != f8
10283604.3b90: 00007fff6f80a884 / 0x006a884: ec != ff
10293604.3b90: Restored 0x2000 bytes of original file content at 00007fff6f809000
10303604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
10313604.3b90: 00007fff6eb865d0 / 0x00165d0: 48 != e9
10323604.3b90: 00007fff6eb865d1 / 0x00165d1: ff != 72
10333604.3b90: 00007fff6eb865d2 / 0x00165d2: 25 != a3
10343604.3b90: 00007fff6eb865d3 / 0x00165d3: f9 != c0
10353604.3b90: 00007fff6eb865d4 / 0x00165d4: 17 != 00
10363604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb85000
10373604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
10383604.3b90: 00007fff6eb8a1b0 / 0x001a1b0: 48 != e9
10393604.3b90: 00007fff6eb8a1b1 / 0x001a1b1: ff != 92
10403604.3b90: 00007fff6eb8a1b2 / 0x001a1b2: 25 != 6c
10413604.3b90: 00007fff6eb8a1b3 / 0x001a1b3: 99 != c0
10423604.3b90: 00007fff6eb8a1b4 / 0x001a1b4: dc != 00
10433604.3b90: 00007fff6eb8ab30 / 0x001ab30: 4c != e9
10443604.3b90: 00007fff6eb8ab31 / 0x001ab31: 8b != e0
10453604.3b90: 00007fff6eb8ab32 / 0x001ab32: dc != 5d
10463604.3b90: 00007fff6eb8ab33 / 0x001ab33: 49 != c0
10473604.3b90: 00007fff6eb8ab34 / 0x001ab34: 89 != 00
10483604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb89000
10493604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
10503604.3b90: 00007fff6eb8bd00 / 0x001bd00: 48 != e9
10513604.3b90: 00007fff6eb8bd01 / 0x001bd01: ff != 02
10523604.3b90: 00007fff6eb8bd02 / 0x001bd02: 25 != 51
10533604.3b90: 00007fff6eb8bd03 / 0x001bd03: 59 != c0
10543604.3b90: 00007fff6eb8bd04 / 0x001bd04: c1 != 00
10553604.3b90: 00007fff6eb8be40 / 0x001be40: 4c != e9
10563604.3b90: 00007fff6eb8be41 / 0x001be41: 8b != 10
10573604.3b90: 00007fff6eb8be42 / 0x001be42: dc != 51
10583604.3b90: 00007fff6eb8be43 / 0x001be43: 48 != c0
10593604.3b90: 00007fff6eb8be44 / 0x001be44: 83 != 00
10603604.3b90: 00007fff6eb8c250 / 0x001c250: 48 != e9
10613604.3b90: 00007fff6eb8c251 / 0x001c251: ff != 72
10623604.3b90: 00007fff6eb8c252 / 0x001c252: 25 != 46
10633604.3b90: 00007fff6eb8c253 / 0x001c253: 91 != c0
10643604.3b90: 00007fff6eb8c254 / 0x001c254: bf != 00
10653604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb8b000
10663604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
10673604.3b90: 00007fff6eb8e4f0 / 0x001e4f0: 48 != e9
10683604.3b90: 00007fff6eb8e4f1 / 0x001e4f1: ff != d2
10693604.3b90: 00007fff6eb8e4f2 / 0x001e4f2: 25 != 29
10703604.3b90: 00007fff6eb8e4f3 / 0x001e4f3: f9 != c0
10713604.3b90: 00007fff6eb8e4f4 / 0x001e4f4: 99 != 00
10723604.3b90: 00007fff6eb8e500 / 0x001e500: 48 != e9
10733604.3b90: 00007fff6eb8e501 / 0x001e501: ff != 82
10743604.3b90: 00007fff6eb8e502 / 0x001e502: 25 != 29
10753604.3b90: 00007fff6eb8e503 / 0x001e503: 41 != c0
10763604.3b90: 00007fff6eb8e504 / 0x001e504: 99 != 00
10773604.3b90: 00007fff6eb8ea20 / 0x001ea20: 48 != e9
10783604.3b90: 00007fff6eb8ea21 / 0x001ea21: ff != e2
10793604.3b90: 00007fff6eb8ea22 / 0x001ea22: 25 != 21
10803604.3b90: 00007fff6eb8ea23 / 0x001ea23: 81 != c0
10813604.3b90: 00007fff6eb8ea24 / 0x001ea24: 92 != 00
10823604.3b90: 00007fff6eb8eb60 / 0x001eb60: 48 != e9
10833604.3b90: 00007fff6eb8eb61 / 0x001eb61: ff != a2
10843604.3b90: 00007fff6eb8eb62 / 0x001eb62: 25 != 23
10853604.3b90: 00007fff6eb8eb63 / 0x001eb63: 91 != c0
10863604.3b90: 00007fff6eb8eb64 / 0x001eb64: 93 != 00
10873604.3b90: 00007fff6eb8ee00 / 0x001ee00: 48 != e9
10883604.3b90: 00007fff6eb8ee01 / 0x001ee01: 83 != d3
10893604.3b90: 00007fff6eb8ee02 / 0x001ee02: ec != 1f
10903604.3b90: 00007fff6eb8ee03 / 0x001ee03: 28 != c0
10913604.3b90: 00007fff6eb8ee04 / 0x001ee04: ff != 00
10923604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb8d000
10933604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
10943604.3b90: 00007fff6eb8f0a0 / 0x001f0a0: 48 != e9
10953604.3b90: 00007fff6eb8f0a1 / 0x001f0a1: 83 != f0
10963604.3b90: 00007fff6eb8f0a2 / 0x001f0a2: ec != 1a
10973604.3b90: 00007fff6eb8f0a3 / 0x001f0a3: 38 != c0
10983604.3b90: 00007fff6eb8f0a4 / 0x001f0a4: 45 != 00
10993604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb8f000
11003604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
11013604.3b90: 00007fff6eb911b0 / 0x00211b0: 48 != e9
11023604.3b90: 00007fff6eb911b1 / 0x00211b1: ff != 52
11033604.3b90: 00007fff6eb911b2 / 0x00211b2: 25 != f9
11043604.3b90: 00007fff6eb911b3 / 0x00211b3: e1 != bf
11053604.3b90: 00007fff6eb911b4 / 0x00211b4: 6a != 00
11063604.3b90: 00007fff6eb91550 / 0x0021550: 48 != e9
11073604.3b90: 00007fff6eb91551 / 0x0021551: ff != 72
11083604.3b90: 00007fff6eb91552 / 0x0021552: 25 != f2
11093604.3b90: 00007fff6eb91553 / 0x0021553: 19 != bf
11103604.3b90: 00007fff6eb91554 / 0x0021554: 67 != 00
11113604.3b90: 00007fff6eb91e10 / 0x0021e10: ff != e9
11123604.3b90: 00007fff6eb91e11 / 0x0021e11: 25 != f1
11133604.3b90: 00007fff6eb91e12 / 0x0021e12: fa != ee
11143604.3b90: 00007fff6eb91e13 / 0x0021e13: 5e != bf
11153604.3b90: 00007fff6eb91e14 / 0x0021e14: 05 != 00
11163604.3b90: 00007fff6eb92080 / 0x0022080: ff != e9
11173604.3b90: 00007fff6eb92081 / 0x0022081: 25 != 01
11183604.3b90: 00007fff6eb92082 / 0x0022082: 9a != ed
11193604.3b90: 00007fff6eb92083 / 0x0022083: 59 != bf
11203604.3b90: 00007fff6eb92084 / 0x0022084: 05 != 00
11213604.3b90: 00007fff6eb92090 / 0x0022090: ff != e9
11223604.3b90: 00007fff6eb92091 / 0x0022091: 25 != b1
11233604.3b90: 00007fff6eb92092 / 0x0022092: 82 != ec
11243604.3b90: 00007fff6eb92093 / 0x0022093: 59 != bf
11253604.3b90: 00007fff6eb92094 / 0x0022094: 05 != 00
11263604.3b90: 00007fff6eb920b0 / 0x00220b0: ff != e9
11273604.3b90: 00007fff6eb920b1 / 0x00220b1: 25 != d1
11283604.3b90: 00007fff6eb920b2 / 0x00220b2: d2 != e6
11293604.3b90: 00007fff6eb920b3 / 0x00220b3: 59 != bf
11303604.3b90: 00007fff6eb920b4 / 0x00220b4: 05 != 00
11313604.3b90: 00007fff6eb920c0 / 0x00220c0: ff != e9
11323604.3b90: 00007fff6eb920c1 / 0x00220c1: 25 != 81
11333604.3b90: 00007fff6eb920c2 / 0x00220c2: 3a != e6
11343604.3b90: 00007fff6eb920c3 / 0x00220c3: 59 != bf
11353604.3b90: 00007fff6eb920c4 / 0x00220c4: 05 != 00
11363604.3b90: 00007fff6eb92410 / 0x0022410: ff != e9
11373604.3b90: 00007fff6eb92411 / 0x0022411: 25 != f1
11383604.3b90: 00007fff6eb92412 / 0x0022412: 5a != e5
11393604.3b90: 00007fff6eb92413 / 0x0022413: 57 != bf
11403604.3b90: 00007fff6eb92414 / 0x0022414: 05 != 00
11413604.3b90: 00007fff6eb92420 / 0x0022420: ff != e9
11423604.3b90: 00007fff6eb92421 / 0x0022421: 25 != a1
11433604.3b90: 00007fff6eb92422 / 0x0022422: 52 != e5
11443604.3b90: 00007fff6eb92423 / 0x0022423: 57 != bf
11453604.3b90: 00007fff6eb92424 / 0x0022424: 05 != 00
11463604.3b90: 00007fff6eb92500 / 0x0022500: ff != e9
11473604.3b90: 00007fff6eb92501 / 0x0022501: 25 != 41
11483604.3b90: 00007fff6eb92502 / 0x0022502: b2 != e5
11493604.3b90: 00007fff6eb92503 / 0x0022503: 56 != bf
11503604.3b90: 00007fff6eb92504 / 0x0022504: 05 != 00
11513604.3b90: 00007fff6eb92510 / 0x0022510: ff != e9
11523604.3b90: 00007fff6eb92511 / 0x0022511: 25 != 71
11533604.3b90: 00007fff6eb92512 / 0x0022512: aa != e4
11543604.3b90: 00007fff6eb92513 / 0x0022513: 56 != bf
11553604.3b90: 00007fff6eb92514 / 0x0022514: 05 != 00
11563604.3b90: 00007fff6eb92700 / 0x0022700: ff != e9
11573604.3b90: 00007fff6eb92701 / 0x0022701: 25 != 81
11583604.3b90: 00007fff6eb92702 / 0x0022702: d2 != e5
11593604.3b90: 00007fff6eb92703 / 0x0022703: 55 != bf
11603604.3b90: 00007fff6eb92704 / 0x0022704: 05 != 00
11613604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eb91000
11623604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
11633604.3b90: 00007fff6eba57f0 / 0x00357f0: 48 != e9
11643604.3b90: 00007fff6eba57f1 / 0x00357f1: ff != 12
11653604.3b90: 00007fff6eba57f2 / 0x00357f2: 25 != b0
11663604.3b90: 00007fff6eba57f3 / 0x00357f3: d9 != be
11673604.3b90: 00007fff6eba57f4 / 0x00357f4: 24 != 00
11683604.3b90: 00007fff6eba58f0 / 0x00358f0: 4c != e9
11693604.3b90: 00007fff6eba58f1 / 0x00358f1: 8b != a0
11703604.3b90: 00007fff6eba58f2 / 0x00358f2: dc != b6
11713604.3b90: 00007fff6eba58f3 / 0x00358f3: 48 != be
11723604.3b90: 00007fff6eba58f4 / 0x00358f4: 83 != 00
11733604.3b90: 00007fff6eba6200 / 0x0036200: 48 != e9
11743604.3b90: 00007fff6eba6201 / 0x0036201: ff != 82
11753604.3b90: 00007fff6eba6202 / 0x0036202: 25 != a8
11763604.3b90: 00007fff6eba6203 / 0x0036203: 89 != be
11773604.3b90: 00007fff6eba6204 / 0x0036204: 1a != 00
11783604.3b90: 00007fff6eba6850 / 0x0036850: 48 != e9
11793604.3b90: 00007fff6eba6851 / 0x0036851: ff != f2
11803604.3b90: 00007fff6eba6852 / 0x0036852: 25 != 9f
11813604.3b90: 00007fff6eba6853 / 0x0036853: 49 != be
11823604.3b90: 00007fff6eba6854 / 0x0036854: 14 != 00
11833604.3b90: Restored 0x2000 bytes of original file content at 00007fff6eba5000
11843604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
11853604.3b90: 00007fff6ebc9e10 / 0x0059e10: 48 != e9
11863604.3b90: 00007fff6ebc9e11 / 0x0059e11: 89 != be
11873604.3b90: 00007fff6ebc9e12 / 0x0059e12: 5c != 6e
11883604.3b90: 00007fff6ebc9e13 / 0x0059e13: 24 != bc
11893604.3b90: 00007fff6ebc9e14 / 0x0059e14: 08 != 00
11903604.3b90: 00007fff6ebc9ea0 / 0x0059ea0: 48 != e9
11913604.3b90: 00007fff6ebc9ea1 / 0x0059ea1: 8b != b0
11923604.3b90: 00007fff6ebc9ea2 / 0x0059ea2: c4 != 6d
11933604.3b90: 00007fff6ebc9ea3 / 0x0059ea3: 48 != bc
11943604.3b90: 00007fff6ebc9ea4 / 0x0059ea4: 89 != 00
11953604.3b90: 00007fff6ebca840 / 0x005a840: 48 != e9
11963604.3b90: 00007fff6ebca841 / 0x005a841: 8b != 50
11973604.3b90: 00007fff6ebca842 / 0x005a842: c4 != 60
11983604.3b90: 00007fff6ebca843 / 0x005a843: 48 != bc
11993604.3b90: 00007fff6ebca844 / 0x005a844: 89 != 00
12003604.3b90: Restored 0x2000 bytes of original file content at 00007fff6ebc9000
12013604.3b90: kernel32.dll: Differences in section #1 (.text) between file and memory:
12023604.3b90: 00007fff6ebcb5f0 / 0x005b5f0: 48 != e9
12033604.3b90: 00007fff6ebcb5f1 / 0x005b5f1: 83 != e3
12043604.3b90: 00007fff6ebcb5f2 / 0x005b5f2: ec != 55
12053604.3b90: 00007fff6ebcb5f3 / 0x005b5f3: 38 != bc
12063604.3b90: 00007fff6ebcb5f4 / 0x005b5f4: 48 != 00
12073604.3b90: 00007fff6ebcb620 / 0x005b620: 48 != e9
12083604.3b90: 00007fff6ebcb621 / 0x005b621: 83 != 33
12093604.3b90: 00007fff6ebcb622 / 0x005b622: ec != 55
12103604.3b90: 00007fff6ebcb623 / 0x005b623: 38 != bc
12113604.3b90: 00007fff6ebcb624 / 0x005b624: 48 != 00
12123604.3b90: 00007fff6ebcb720 / 0x005b720: 48 != e9
12133604.3b90: 00007fff6ebcb721 / 0x005b721: 83 != b3
12143604.3b90: 00007fff6ebcb722 / 0x005b722: ec != 53
12153604.3b90: 00007fff6ebcb723 / 0x005b723: 38 != bc
12163604.3b90: 00007fff6ebcb724 / 0x005b724: 48 != 00
12173604.3b90: Restored 0x2000 bytes of original file content at 00007fff6ebcb000
12183604.3b90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12193604.3b90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
12203604.3b90: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
12213604.3b90: Error (rc=-5629):
12223604.3b90: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
12233604.3b90: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=10
12243604.3b90: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
12253604.3b90: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
12263604.3b90: supR3HardNtEnableThreadCreationEx:
12273604.3b90: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
12283604.3b90: supR3HardenedWinDoReSpawn(1): New child 2078.3270 [kernel32].
12293604.3b90: supR3HardNtChildGatherData: PebBaseAddress=0000000000f4e000 cbPeb=0x388
12303604.3b90: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
12313604.3b90: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
12323604.3b90: supR3HardenedWinSetupChildInit: Initial context:
1233 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62c2f7740 rdx=0000000000f4e000
1234 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1235 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1236 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1237 rip=00007fff6f80ce30 rsp=0000000000dbfbb8 rbp=0000000000000000 ctxflags=0010001b
1238 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1239 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1240 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1241 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1242 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
12433604.3b90: supR3HardenedWinSetupChildInit: Start child.
12443604.3b90: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
12453604.3b90: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 58 sleeps
12463604.3b90: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12473604.3b90: *0000000000000000-0000000000c7ffff 0x0001/0x0000 0x0000000
12483604.3b90: *0000000000c80000-0000000000c9ffff 0x0004/0x0004 0x0020000
12493604.3b90: *0000000000ca0000-0000000000cbafff 0x0002/0x0002 0x0040000
12503604.3b90: 0000000000cbb000-0000000000cbffff 0x0001/0x0000 0x0000000
12513604.3b90: *0000000000cc0000-0000000000dbafff 0x0000/0x0004 0x0020000
12523604.3b90: 0000000000dbb000-0000000000dbdfff 0x0104/0x0004 0x0020000
12533604.3b90: 0000000000dbe000-0000000000dbffff 0x0004/0x0004 0x0020000
12543604.3b90: *0000000000dc0000-0000000000dc0fff 0x0020/0x0020 0x0020000 !!
12553604.3b90: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000dc0000 (LB 0x1000, 0000000000dc0000 LB 0x1000)
12563604.3b90: 0000000004245b80/0000: 52 74 6c 43 72 65 61 74-65 55 73 65 72 54 68 72 RtlCreateUserThr
12570000000004245b90/0010: 65 61 64 00 00 00 00 00-52 74 6c 45 78 69 74 55 ead.....RtlExitU
12580000000004245ba0/0020: 73 65 72 54 68 72 65 61-64 00 00 00 00 00 00 00 serThread.......
12590000000004245bb0/0030: 4e 74 44 65 6c 61 79 45-78 65 63 75 74 69 6f 6e NtDelayExecution
12600000000004245bc0/0040: 00 00 00 00 00 00 00 00-4e 74 43 72 65 61 74 65 ........NtCreate
12610000000004245bd0/0050: 46 69 6c 65 00 00 00 00-4e 74 44 65 76 69 63 65 File....NtDevice
12620000000004245be0/0060: 49 6f 43 6f 6e 74 72 6f-6c 46 69 6c 65 00 00 00 IoControlFile...
12630000000004245bf0/0070: 4e 74 43 6c 6f 73 65 00-5c 00 44 00 65 00 76 00 NtClose.\.D.e.v.
12640000000004245c00/0080: 69 00 63 00 65 00 5c 00-53 00 6f 00 6c 00 61 00 i.c.e.\.S.o.l.a.
12650000000004245c10/0090: 72 00 44 00 72 00 69 00-76 00 65 00 72 00 4c 00 r.D.r.i.v.e.r.L.
12660000000004245c20/00a0: 6f 00 67 00 00 00 00 00-48 89 5c 24 18 48 89 74 o.g.....H.\$.H.t
12670000000004245c30/00b0: 24 20 55 57 41 54 41 56-41 57 48 8b ec 48 83 ec $ UWATAVAWH..H..
12680000000004245c40/00c0: 30 48 8b 79 08 48 8d 15-64 ff ff ff 4c 8b 31 48 0H.y.H..d...L.1H
12690000000004245c50/00d0: 8b f1 48 8b cf e8 3a 03-00 00 48 8d 5e 18 45 33 ..H...:...H.^.E3
12700000000004245c60/00e0: e4 4c 8b f8 66 44 39 23-0f 84 92 00 00 00 bf 18 .L..fD9#........
12710000000004245c70/00f0: 00 00 c0 41 0f b7 cc 66-44 89 65 f2 66 89 4d f0 ...A...fD.e.f.M.
12723604.3b90: 0000000004245c80/0000: 48 89 5d f8 66 44 39 23-74 11 66 ff c1 0f b7 c1 H.].fD9#t.f.....
12730000000004245c90/0010: 66 89 4d f0 66 44 39 24-43 75 ef 66 03 c9 66 89 f.M.fD9$Cu.f..f.
12740000000004245ca0/0020: 4d f0 66 89 4d f2 eb 11-48 8d 55 30 48 c7 45 30 M.f.M...H.U0H.E0
12750000000004245cb0/0030: c0 bd f0 ff 33 c9 41 ff-d7 4c 8d 4d 38 33 d2 4c ....3.A..L.M83.L
12760000000004245cc0/0040: 8d 45 f0 33 c9 41 ff d6-3b c7 74 dc 85 c0 74 13 .E.3.A..;.t...t.
12770000000004245cd0/0050: 44 0f b7 4d f0 8b d0 4c-8b 45 f8 48 8b ce e8 51 D..M...L.E.H...Q
12780000000004245ce0/0060: 00 00 00 0f b7 45 f0 48-d1 e8 48 8d 1c 43 48 83 .....E.H..H..CH.
12790000000004245cf0/0070: c3 02 66 44 39 23 0f 85-77 ff ff ff 48 8b 7e 08 ..fD9#..w...H.~.
12800000000004245d00/0080: 48 8d 15 91 fe ff ff 48-8b cf e8 85 02 00 00 33 H......H.......3
12810000000004245d10/0090: c9 ff d0 48 8b 5c 24 70-33 c0 48 8b 74 24 78 48 ...H.\$p3.H.t$xH
12820000000004245d20/00a0: 83 c4 30 41 5f 41 5e 41-5c 5f 5d c3 cc cc cc cc ..0A_A^A\_].....
12830000000004245d30/00b0: cc cc cc cc 48 89 5c 24-10 48 89 74 24 18 55 57 ....H.\$.H.t$.UW
12840000000004245d40/00c0: 41 54 41 56 41 57 48 8d-6c 24 c9 48 81 ec d0 00 ATAVAWH.l$.H....
12850000000004245d50/00d0: 00 00 44 8b fa 48 8b f9-48 8b 49 08 48 8d 15 65 ..D..H..H.I.H..e
12860000000004245d60/00e0: fe ff ff 41 8b f1 4d 8b-f0 e8 26 02 00 00 48 8b ...A..M...&...H.
12870000000004245d70/00f0: 4f 08 48 8d 15 5f fe ff-ff 48 8b d8 e8 13 02 00 O.H.._...H......
12883604.3b90: 0000000004245d80/0000: 00 48 83 65 67 00 4c 8d-4d d7 48 83 65 07 00 4c .H.eg.L.M.H.e..L
12890000000004245d90/0010: 8d 45 ff 83 65 17 00 48-8d 4d 67 4c 8b e0 c7 45 .E..e..H.MgL...E
12900000000004245da0/0020: c7 2c 00 2e 00 48 8d 05-4c fe ff ff c7 45 ff 30 .,...H..L....E.0
12910000000004245db0/0030: 00 00 00 48 89 45 cf 0f-57 c0 48 8d 45 c7 ba 00 ...H.E..W.H.E...
12920000000004245dc0/0040: 00 10 00 48 89 45 0f 33-c0 21 44 24 50 48 21 44 ...H.E.3.!D$PH!D
12930000000004245dd0/0050: 24 48 21 44 24 40 48 21-45 df c7 44 24 38 01 00 $H!D$@H!E..D$8..
12940000000004245de0/0060: 00 00 c7 44 24 30 07 00-00 00 c7 44 24 28 80 00 ...D$0.....D$(..
12950000000004245df0/0070: 00 00 48 21 44 24 20 f3-0f 7f 45 1f 48 89 45 d7 ..H!D$ ...E.H.E.
12960000000004245e00/0080: ff d3 85 c0 75 68 83 64-24 48 00 b8 18 00 00 00 ....uh.d$H......
12970000000004245e10/0090: 48 83 64 24 40 00 45 33-c9 48 8b 4d 67 45 33 c0 H.d$@.E3.H.MgE3.
12980000000004245e20/00a0: 89 44 24 38 33 d2 89 45-e7 48 8d 45 e7 48 89 44 .D$83..E.H.E.H.D
12990000000004245e30/00b0: 24 30 48 8d 45 d7 c7 44-24 28 00 38 22 00 48 89 $0H.E..D$(.8".H.
13000000000004245e40/00c0: 44 24 20 c7 45 eb 01 00-00 00 44 89 7d ef 4c 89 D$ .E.....D.}.L.
13010000000004245e50/00d0: 75 f3 89 75 fb 41 ff d4-48 8b 4f 08 48 8d 15 8d u..u.A..H.O.H...
13020000000004245e60/00e0: fd ff ff e8 2c 01 00 00-48 8b 4d 67 ff d0 4c 8d ....,...H.Mg..L.
13030000000004245e70/00f0: 9c 24 d0 00 00 00 49 8b-5b 38 49 8b 73 40 49 8b .$....I.[8I.s@I.
13043604.3b90: 0000000004245e80/0000: e3 41 5f 41 5e 41 5c 5f-5d c3 cc cc cc cc cc cc .A_A^A\_].......
13050000000004245e90/0010: 48 89 5c 24 10 48 89 6c-24 18 48 89 74 24 20 57 H.\$.H.l$.H.t$ W
13060000000004245ea0/0020: 48 83 ec 60 48 8b 31 48-8d 59 18 48 8b f9 33 ed H..`H.1H.Y.H..3.
13070000000004245eb0/0030: eb 7b 0f b7 d5 66 89 6c-24 52 66 89 54 24 50 48 .{...f.l$Rf.T$PH
13080000000004245ec0/0040: 89 5c 24 58 66 39 2b 74-11 66 ff c2 0f b7 c2 66 .\$Xf9+t.f.....f
13090000000004245ed0/0050: 89 54 24 50 66 39 2c 43-75 ef 66 03 d2 f6 47 10 .T$Pf9,Cu.f...G.
13100000000004245ee0/0060: 01 66 89 54 24 50 66 89-54 24 52 75 47 4c 8d 4c .f.T$Pf.T$RuGL.L
13110000000004245ef0/0070: 24 70 33 d2 4c 8d 44 24-50 33 c9 ff d6 3d 18 00 $p3.L.D$P3...=..
13120000000004245f00/0080: 00 c0 74 30 85 c0 74 15-44 0f b7 4c 24 50 8b d0 ..t0..t.D..L$P..
13130000000004245f10/0090: 4c 8b 44 24 58 48 8b cf-e8 17 fe ff ff 0f b7 44 L.D$XH.........D
13140000000004245f20/00a0: 24 50 48 d1 e8 48 8d 1c-43 48 83 c3 02 66 39 2b $PH..H..CH...f9+
13150000000004245f30/00b0: 75 80 eb 48 48 8b 4f 08-48 8d 15 41 fc ff ff e8 u..HH.O.H..A....
13160000000004245f40/00c0: 50 00 00 00 48 85 c0 74-33 48 89 6c 24 48 48 8d P...H..t3H.l$HH.
13170000000004245f50/00d0: 0d d3 fc ff ff 48 89 6c-24 40 45 33 c9 48 89 7c .....H.l$@E3.H.|
13180000000004245f60/00e0: 24 38 45 33 c0 48 89 4c-24 30 33 d2 48 89 6c 24 $8E3.H.L$03.H.l$
13190000000004245f70/00f0: 28 48 83 c9 ff 48 89 6c-24 20 ff d0 4c 8d 5c 24 (H...H.l$ ..L.\$
13203604.3b90: 0000000004245f80/0000: 60 33 c0 49 8b 5b 18 49-8b 6b 20 49 8b 73 28 49 `3.I.[.I.k I.s(I
13210000000004245f90/0010: 8b e3 5f c3 48 8b c4 48-89 58 08 48 89 68 10 48 .._.H..H.X.H.h.H
13220000000004245fa0/0020: 89 70 18 48 89 78 20 41-54 41 55 41 56 41 57 48 .p.H.x ATAUAVAWH
13230000000004245fb0/0030: 63 41 3c 4c 8b c9 48 03-c1 45 33 c0 b9 4c 01 00 cA<L..H..E3..L..
13240000000004245fc0/0040: 00 4c 8b fa 66 39 48 04-74 16 b9 64 86 00 00 66 .L..f9H.t..d...f
13250000000004245fd0/0050: 39 48 04 0f 85 b9 00 00-00 b9 88 00 00 00 eb 05 9H..............
13260000000004245fe0/0060: b9 78 00 00 00 44 39 44-01 04 0f 84 a2 00 00 00 .x...D9D........
13270000000004245ff0/0070: 44 39 04 01 0f 84 98 00-00 00 44 8b 1c 01 41 8b D9........D...A.
13280000000004246000/0080: f0 4d 03 d9 41 8b 6b 18-45 8b 63 20 ff cd 8b d5 .M..A.k.E.c ....
13290000000004246010/0090: 4d 03 e1 d1 ea 83 fd 02-72 73 41 8b 04 94 44 8b M.......rsA...D.
13300000000004246020/00a0: ea 41 8a 1f 4e 8d 14 08-84 db 74 22 49 8b ff 8a .A..N.....t"I...
13310000000004246030/00b0: c3 49 2b fa 41 0f be 0a-8a d8 0f be c0 2b c1 75 .I+.A........+.u
13320000000004246040/00c0: 0d 49 ff c2 42 8a 04 17-8a d8 84 c0 75 e6 41 0f .I..B.......u.A.
13330000000004246050/00d0: be 02 0f be cb 2b c8 79-05 8d 6a ff eb 07 85 c9 .....+.y..j.....
13340000000004246060/00e0: 7e 12 8d 72 01 8b d5 2b-d6 d1 ea 03 d6 41 3b d5 ~..r...+.....A;.
13350000000004246070/00f0: 75 a8 eb 19 41 8b 4b 24-49 03 c9 0f b7 14 51 41 u...A.K$I.....QA
13363604.3b90: 0000000004246080/0000: 8b 4b 1c 49 03 c9 44 8b-04 91 4d 03 c1 49 8b c0 .K.I..D...M..I..
13370000000004246090/0010: eb 02 33 c0 48 8b 5c 24-28 48 8b 6c 24 30 48 8b ..3.H.\$(H.l$0H.
133800000000042460a0/0020: 74 24 38 48 8b 7c 24 40-41 5f 41 5e 41 5d 41 5c t$8H.|$@A_A^A]A\
133900000000042460b0/0030: c3 cc cc cc 01 1b 0c 00-1b 74 08 00 1b 64 07 00 .........t...d..
134000000000042460c0/0040: 1b 54 06 00 1b 34 05 00-1b f0 19 e0 17 d0 15 c0 .T...4..........
134100000000042460d0/0050: 01 19 0a 00 19 64 0f 00-19 34 0e 00 19 52 12 f0 .....d...4...R..
134200000000042460e0/0060: 10 e0 0e c0 0c 70 0b 50-01 1e 0b 00 1e 64 22 00 .....p.P.....d".
134300000000042460f0/0070: 1e 34 21 00 1e 01 1a 00-12 f0 10 e0 0e c0 0c 70 .4!............p
13440000000004246100/0080: 0b 50 00 00 01 14 08 00-14 64 11 00 14 54 10 00 .P.......d...T..
13450000000004246110/0090: 14 34 0f 00 14 b2 10 70-cc cc cc cc cc cc cc cc .4.....p........
13460000000004246120/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13470000000004246130/00b0: 00 00 00 00 00 00 00 00-55 00 4d 00 49 00 6e 00 ........U.M.I.n.
13480000000004246140/00c0: 74 00 65 00 72 00 63 00-65 00 70 00 74 00 6f 00 t.e.r.c.e.p.t.o.
13490000000004246150/00d0: 72 00 73 00 5f 00 78 00-36 00 34 00 2e 00 64 00 r.s._.x.6.4...d.
13500000000004246160/00e0: 6c 00 6c 00 00 00 00 00-00 00 00 00 00 00 00 00 l.l.............
13510000000004246170/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13523604.3b90: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000dc0000/0000000000dc0000 LB 0/0x1000]
13533604.3b90: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000dc0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
13543604.3b90: 0000000000dc1000-0000000000dcffff 0x0001/0x0000 0x0000000
13553604.3b90: *0000000000dd0000-0000000000dd3fff 0x0002/0x0002 0x0040000
13563604.3b90: 0000000000dd4000-0000000000ddffff 0x0001/0x0000 0x0000000
13573604.3b90: *0000000000de0000-0000000000de1fff 0x0004/0x0004 0x0020000
13583604.3b90: 0000000000de2000-0000000000dfffff 0x0001/0x0000 0x0000000
13593604.3b90: *0000000000e00000-0000000000f4dfff 0x0000/0x0004 0x0020000
13603604.3b90: 0000000000f4e000-0000000000f50fff 0x0004/0x0004 0x0020000
13613604.3b90: 0000000000f51000-0000000000ffffff 0x0000/0x0004 0x0020000
13623604.3b90: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
13633604.3b90: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
13643604.3b90: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
13653604.3b90: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
13663604.3b90: 000000007fff0000-00007ff5c27dffff 0x0001/0x0000 0x0000000
13673604.3b90: *00007ff5c27e0000-00007ff5c27e0fff 0x0002/0x0002 0x0040000
13683604.3b90: 00007ff5c27e1000-00007ff5c27effff 0x0001/0x0000 0x0000000
13693604.3b90: *00007ff5c27f0000-00007ff5c2812fff 0x0002/0x0002 0x0040000
13703604.3b90: 00007ff5c2813000-00007ff62c2effff 0x0001/0x0000 0x0000000
13713604.3b90: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13723604.3b90: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13733604.3b90: 00007ff62c367000-00007ff62c367fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13743604.3b90: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13753604.3b90: 00007ff62c3b0000-00007ff62c3b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13763604.3b90: 00007ff62c3b1000-00007ff62c3b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13773604.3b90: 00007ff62c3b2000-00007ff62c3b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13783604.3b90: 00007ff62c3b7000-00007ff62c3b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13793604.3b90: 00007ff62c3b8000-00007ff62c3b8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13803604.3b90: 00007ff62c3b9000-00007ff62c3bcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13813604.3b90: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13823604.3b90: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
13833604.3b90: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13843604.3b90: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13853604.3b90: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13863604.3b90: 00007fff6f8ff000-00007fff6f90afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13873604.3b90: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13883604.3b90: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13893604.3b90: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13903604.3b90: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13913604.3b90: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
13923604.3b90: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x840
13933604.3b90: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 58 sleeps
13943604.3b90: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
13953604.3b90: *0000000000000000-0000000000c7ffff 0x0001/0x0000 0x0000000
13963604.3b90: *0000000000c80000-0000000000c9ffff 0x0004/0x0004 0x0020000
13973604.3b90: *0000000000ca0000-0000000000cbafff 0x0002/0x0002 0x0040000
13983604.3b90: 0000000000cbb000-0000000000cbffff 0x0001/0x0000 0x0000000
13993604.3b90: *0000000000cc0000-0000000000dbafff 0x0000/0x0004 0x0020000
14003604.3b90: 0000000000dbb000-0000000000dbdfff 0x0104/0x0004 0x0020000
14013604.3b90: 0000000000dbe000-0000000000dbffff 0x0004/0x0004 0x0020000
14023604.3b90: 0000000000dc0000-0000000000dcffff 0x0001/0x0000 0x0000000
14033604.3b90: *0000000000dd0000-0000000000dd3fff 0x0002/0x0002 0x0040000
14043604.3b90: 0000000000dd4000-0000000000ddffff 0x0001/0x0000 0x0000000
14053604.3b90: *0000000000de0000-0000000000de1fff 0x0004/0x0004 0x0020000
14063604.3b90: 0000000000de2000-0000000000dfffff 0x0001/0x0000 0x0000000
14073604.3b90: *0000000000e00000-0000000000f4dfff 0x0000/0x0004 0x0020000
14083604.3b90: 0000000000f4e000-0000000000f50fff 0x0004/0x0004 0x0020000
14093604.3b90: 0000000000f51000-0000000000ffffff 0x0000/0x0004 0x0020000
14103604.3b90: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
14113604.3b90: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
14123604.3b90: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
14133604.3b90: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
14143604.3b90: 000000007fff0000-00007ff5c27dffff 0x0001/0x0000 0x0000000
14153604.3b90: *00007ff5c27e0000-00007ff5c27e0fff 0x0002/0x0002 0x0040000
14163604.3b90: 00007ff5c27e1000-00007ff5c27effff 0x0001/0x0000 0x0000000
14173604.3b90: *00007ff5c27f0000-00007ff5c2812fff 0x0002/0x0002 0x0040000
14183604.3b90: 00007ff5c2813000-00007ff62c2effff 0x0001/0x0000 0x0000000
14193604.3b90: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14203604.3b90: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14213604.3b90: 00007ff62c367000-00007ff62c367fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14223604.3b90: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14233604.3b90: 00007ff62c3b0000-00007ff62c3bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14243604.3b90: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14253604.3b90: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
14263604.3b90: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14273604.3b90: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14283604.3b90: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14293604.3b90: 00007fff6f8ff000-00007fff6f902fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14303604.3b90: 00007fff6f903000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14313604.3b90: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14323604.3b90: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14333604.3b90: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14343604.3b90: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14353604.3b90: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
14363604.3b90: supR3HardNtChildPurify: Done after 1044 ms and 1 fixes (loop #1).
14372078.3270: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047ba00
14382078.3270: supR3HardenedVmProcessInit: uNtDllAddr=00007fff6f7a0000 g_uNtVerCombined=0xa047ba00 (stack ~0000000000dbf648)
14392078.3270: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
14402078.3270: New simple heap: #1 0000000001100000 LB 0x400000 (for 2031616 allocation)
14413604.3b90: supR3HardNtEnableThreadCreationEx:
14422078.3270: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
14432078.3270: System32: \Device\HarddiskVolume4\Windows\System32
14442078.3270: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
14452078.3270: KnownDllPath: C:\WINDOWS\System32
14462078.3270: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14472078.3270: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14482078.3270: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14492078.3270: Registered Dll notification callback with NTDLL.
14502078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
14512078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
14522078.3270: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
14532078.3270: supR3HardenedDllNotificationCallback: load 00007fff6c7d0000 LB 0x002a4000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
14542078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
14552078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
14562078.3270: supR3HardenedDllNotificationCallback: load 00007fff6eb70000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
14572078.3270: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
14582078.3270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\KERNEL32.DLL'
14592078.3270: supR3HardenedDllNotificationCallback: load 00007ff62c2f0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
14602078.3270: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
14612078.3270: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
14622078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14632078.3270: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
14643604.3b90: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 66 ms.
14652078.3270: \SystemRoot\System32\ntdll.dll:
14662078.3270: CreationTime: 2020-07-27T09:29:22.468662600Z
14672078.3270: LastWriteTime: 2020-07-27T09:29:22.507631900Z
14682078.3270: ChangeTime: 2020-07-28T06:10:52.472083500Z
14692078.3270: FileAttributes: 0x20
14702078.3270: Size: 0x1e8460
14712078.3270: NT Headers: 0xd8
14722078.3270: Timestamp: 0xb29ecf52
14732078.3270: Machine: 0x8664 - amd64
14742078.3270: Timestamp: 0xb29ecf52
14752078.3270: Image Version: 10.0
14762078.3270: SizeOfImage: 0x1f0000 (2031616)
14772078.3270: Resource Dir: 0x17f000 LB 0x6f310
14782078.3270: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
14792078.3270: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
14802078.3270: ProductName: Microsoft® Windows® Operating System
14812078.3270: ProductVersion: 10.0.18362.815
14822078.3270: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
14832078.3270: FileDescription: NT Layer DLL
14842078.3270: \SystemRoot\System32\kernel32.dll:
14852078.3270: CreationTime: 2020-07-27T09:28:50.277970100Z
14862078.3270: LastWriteTime: 2020-07-27T09:28:50.294953700Z
14872078.3270: ChangeTime: 2020-07-28T06:10:41.051213400Z
14882078.3270: FileAttributes: 0x20
14892078.3270: Size: 0xb0498
14902078.3270: NT Headers: 0xe8
14912078.3270: Timestamp: 0xce6bbd73
14922078.3270: Machine: 0x8664 - amd64
14932078.3270: Timestamp: 0xce6bbd73
14942078.3270: Image Version: 10.0
14952078.3270: SizeOfImage: 0xb2000 (729088)
14962078.3270: Resource Dir: 0xb0000 LB 0x520
14972078.3270: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
14982078.3270: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
14992078.3270: ProductName: Microsoft® Windows® Operating System
15002078.3270: ProductVersion: 10.0.18362.959
15012078.3270: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
15022078.3270: FileDescription: Windows NT BASE API Client DLL
15032078.3270: \SystemRoot\System32\KernelBase.dll:
15042078.3270: CreationTime: 2020-07-27T09:29:23.091189900Z
15052078.3270: LastWriteTime: 2020-07-27T09:29:23.150058300Z
15062078.3270: ChangeTime: 2020-07-28T06:10:50.315875600Z
15072078.3270: FileAttributes: 0x20
15082078.3270: Size: 0x2a4058
15092078.3270: NT Headers: 0xf8
15102078.3270: Timestamp: 0x7b90c1b5
15112078.3270: Machine: 0x8664 - amd64
15122078.3270: Timestamp: 0x7b90c1b5
15132078.3270: Image Version: 10.0
15142078.3270: SizeOfImage: 0x2a4000 (2768896)
15152078.3270: Resource Dir: 0x27e000 LB 0x548
15162078.3270: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15172078.3270: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
15182078.3270: ProductName: Microsoft® Windows® Operating System
15192078.3270: ProductVersion: 10.0.18362.959
15202078.3270: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
15212078.3270: FileDescription: Windows NT BASE API Client DLL
15222078.3270: \SystemRoot\System32\apisetschema.dll:
15232078.3270: CreationTime: 2019-03-19T04:43:54.837151500Z
15242078.3270: LastWriteTime: 2019-03-19T04:43:54.837151500Z
15252078.3270: ChangeTime: 2020-07-27T09:30:52.160553000Z
15262078.3270: FileAttributes: 0x20
15272078.3270: Size: 0x1d028
15282078.3270: NT Headers: 0xc8
15292078.3270: Timestamp: 0xd6ced080
15302078.3270: Machine: 0x8664 - amd64
15312078.3270: Timestamp: 0xd6ced080
15322078.3270: Image Version: 10.0
15332078.3270: SizeOfImage: 0x1e000 (122880)
15342078.3270: Resource Dir: 0x1d000 LB 0x408
15352078.3270: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15362078.3270: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
15372078.3270: ProductName: Microsoft® Windows® Operating System
15382078.3270: ProductVersion: 10.0.18362.1
15392078.3270: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
15402078.3270: FileDescription: ApiSet Schema DLL
15412078.3270: NtOpenDirectoryObject failed on \Driver: 0xc0000022
15422078.3270: supR3HardenedWinFindAdversaries: 0x840
15432078.3270: \SystemRoot\System32\drivers\klflt.sys:
15442078.3270: CreationTime: 2020-03-06T08:53:28.856343500Z
15452078.3270: LastWriteTime: 2020-03-12T20:48:02.000000000Z
15462078.3270: ChangeTime: 2020-05-15T10:01:19.828084100Z
15472078.3270: FileAttributes: 0x20
15482078.3270: Size: 0x3f100
15492078.3270: NT Headers: 0xf8
15502078.3270: Timestamp: 0x5e6a66e9
15512078.3270: Machine: 0x8664 - amd64
15522078.3270: Timestamp: 0x5e6a66e9
15532078.3270: Image Version: 6.1
15542078.3270: SizeOfImage: 0x4d000 (315392)
15552078.3270: Resource Dir: 0x4a000 LB 0x430
15562078.3270: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15572078.3270: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
15582078.3270: ProductName: Coretech Delivery
15592078.3270: ProductVersion: 30.289.132.0-e369c7d411
15602078.3270: FileVersion: 30.289.132.0
15612078.3270: FileDescription: Filter Core [fre_win7_x64]
15622078.3270: \SystemRoot\System32\drivers\klif.sys:
15632078.3270: CreationTime: 2020-03-06T08:53:28.861361800Z
15642078.3270: LastWriteTime: 2020-03-12T20:48:04.000000000Z
15652078.3270: ChangeTime: 2020-05-15T10:01:19.795147700Z
15662078.3270: FileAttributes: 0x20
15672078.3270: Size: 0x12d500
15682078.3270: NT Headers: 0x100
15692078.3270: Timestamp: 0x5e6a6704
15702078.3270: Machine: 0x8664 - amd64
15712078.3270: Timestamp: 0x5e6a6704
15722078.3270: Image Version: 6.1
15732078.3270: SizeOfImage: 0x12f000 (1241088)
15742078.3270: Resource Dir: 0x125000 LB 0x3410
15752078.3270: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
15762078.3270: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
15772078.3270: ProductName: Coretech Delivery
15782078.3270: ProductVersion: 30.289.132.0-e369c7d411
15792078.3270: FileVersion: 30.289.132.0
15802078.3270: FileDescription: Core System Interceptors [fre_win7_x64]
15812078.3270: \SystemRoot\System32\drivers\klim6.sys:
15822078.3270: CreationTime: 2019-01-28T00:49:40.000000000Z
15832078.3270: LastWriteTime: 2020-03-05T01:33:42.000000000Z
15842078.3270: ChangeTime: 2020-05-15T10:01:20.628593700Z
15852078.3270: FileAttributes: 0x20
15862078.3270: Size: 0x159f0
15872078.3270: NT Headers: 0xe0
15882078.3270: Timestamp: 0x8c875967
15892078.3270: Machine: 0x8664 - amd64
15902078.3270: Timestamp: 0x8c875967
15912078.3270: Image Version: 6.1
15922078.3270: SizeOfImage: 0x12000 (73728)
15932078.3270: Resource Dir: 0x10000 LB 0x448
15942078.3270: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15952078.3270: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
15962078.3270: ProductName: Coretech Delivery
15972078.3270: ProductVersion: 30.289.126.0-2a58c6003b
15982078.3270: FileVersion: 30.289.126.0
15992078.3270: FileDescription: Packet Network Filter [fre_win7_x64]
16002078.3270: \SystemRoot\System32\drivers\kneps.sys:
16012078.3270: CreationTime: 2019-04-29T04:50:14.000000000Z
16022078.3270: LastWriteTime: 2020-03-06T02:31:48.000000000Z
16032078.3270: ChangeTime: 2020-05-15T10:01:20.486058100Z
16042078.3270: FileAttributes: 0x20
16052078.3270: Size: 0x44300
16062078.3270: NT Headers: 0xf8
16072078.3270: Timestamp: 0x359fc650
16082078.3270: Machine: 0x8664 - amd64
16092078.3270: Timestamp: 0x359fc650
16102078.3270: Image Version: 6.1
16112078.3270: SizeOfImage: 0x44000 (278528)
16122078.3270: Resource Dir: 0x41000 LB 0x440
16132078.3270: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16142078.3270: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
16152078.3270: ProductName: Coretech Delivery
16162078.3270: ProductVersion: 30.289.126.0-2a58c6003b
16172078.3270: FileVersion: 30.289.126.0
16182078.3270: FileDescription: Network Processor [fre_win7_x64]
16192078.3270: \SystemRoot\System32\drivers\inspect.sys:
16202078.3270: CreationTime: 2019-10-22T10:41:08.000000000Z
16212078.3270: LastWriteTime: 2019-10-22T10:41:08.000000000Z
16222078.3270: ChangeTime: 2019-12-12T12:56:19.421137100Z
16232078.3270: FileAttributes: 0x20
16242078.3270: Size: 0x137c8
16252078.3270: NT Headers: 0xf8
16262078.3270: Timestamp: 0x5cfbc135
16272078.3270: Machine: 0x8664 - amd64
16282078.3270: Timestamp: 0x5cfbc135
16292078.3270: Image Version: 10.0
16302078.3270: SizeOfImage: 0x14000 (81920)
16312078.3270: Resource Dir: 0x12000 LB 0x690
16322078.3270: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
16332078.3270: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
16342078.3270: ProductName: DOZOR Agent
16352078.3270: ProductVersion: 3.3.0.0
16362078.3270: FileVersion: 1.0.1.3
16372078.3270: FileDescription: Process Control Driver
16382078.3270: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16392078.3270: Calling main()
16402078.3270: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
16412078.3270: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16422078.3270: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
16432078.3270: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
16442078.3270: SUPR3HardenedMain: Respawn #2
16452078.3270: supR3HardNtEnableThreadCreationEx:
16462078.3270: supR3HardenedDllNotificationCallback: load 00007fff6f450000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
16472078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
16482078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
16492078.3270: supR3HardenedDllNotificationCallback: load 00007fff6f3a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
16502078.3270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
16512078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
16522078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
16532078.3270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16542078.3270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
16552078.3270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
16562078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
16572078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16582078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16592078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16602078.3270: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16612078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
16622078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
16632078.3270: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
16642078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16652078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16662078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
16672078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16682078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16692078.3270: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16702078.3270: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16712078.3270: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
16722078.3270: supR3HardenedDllNotificationCallback: load 00007fff6e120000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
16732078.3270: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
16742078.3270: supR3HardenedDllNotificationCallback: load 00007fff6dda0000 LB 0x000a3000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
16752078.3270: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
16762078.3270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6dda0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16772078.3270: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
16782078.3270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
16792078.3270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
16802078.3270: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16812078.3270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f7a0000 'C:\WINDOWS\System32\ntdll.dll'
16822078.3270: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
16832078.3270: supR3HardenedWinDoReSpawn(2): New child 25a0.1d14 [kernel32].
16842078.3270: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
16852078.3270: supR3HardNtChildGatherData: PebBaseAddress=0000000000fbd000 cbPeb=0x388
16862078.3270: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
16872078.3270: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
16882078.3270: supR3HardenedWinSetupChildInit: Initial context:
1689 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62c2f7740 rdx=0000000000fbd000
1690 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1691 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1692 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1693 rip=00007fff6f80ce30 rsp=0000000000d9ff48 rbp=0000000000000000 ctxflags=0010001b
1694 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1695 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1696 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1697 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1698 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
16992078.3270: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
17002078.3270: supR3HardenedWinSetupChildInit: Start child.
17012078.3270: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
17022078.3270: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
17032078.3270: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
17042078.3270: *0000000000000000-0000000000c5ffff 0x0001/0x0000 0x0000000
17052078.3270: *0000000000c60000-0000000000c7ffff 0x0004/0x0004 0x0020000
17062078.3270: *0000000000c80000-0000000000c9afff 0x0002/0x0002 0x0040000
17072078.3270: 0000000000c9b000-0000000000c9ffff 0x0001/0x0000 0x0000000
17082078.3270: *0000000000ca0000-0000000000d9afff 0x0000/0x0004 0x0020000
17092078.3270: 0000000000d9b000-0000000000d9dfff 0x0104/0x0004 0x0020000
17102078.3270: 0000000000d9e000-0000000000d9ffff 0x0004/0x0004 0x0020000
17112078.3270: *0000000000da0000-0000000000da0fff 0x0020/0x0020 0x0020000 !!
17122078.3270: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000da0000 (LB 0x1000, 0000000000da0000 LB 0x1000)
17132078.3270: 00000000017e1090/0000: 52 74 6c 43 72 65 61 74-65 55 73 65 72 54 68 72 RtlCreateUserThr
171400000000017e10a0/0010: 65 61 64 00 00 00 00 00-52 74 6c 45 78 69 74 55 ead.....RtlExitU
171500000000017e10b0/0020: 73 65 72 54 68 72 65 61-64 00 00 00 00 00 00 00 serThread.......
171600000000017e10c0/0030: 4e 74 44 65 6c 61 79 45-78 65 63 75 74 69 6f 6e NtDelayExecution
171700000000017e10d0/0040: 00 00 00 00 00 00 00 00-4e 74 43 72 65 61 74 65 ........NtCreate
171800000000017e10e0/0050: 46 69 6c 65 00 00 00 00-4e 74 44 65 76 69 63 65 File....NtDevice
171900000000017e10f0/0060: 49 6f 43 6f 6e 74 72 6f-6c 46 69 6c 65 00 00 00 IoControlFile...
172000000000017e1100/0070: 4e 74 43 6c 6f 73 65 00-5c 00 44 00 65 00 76 00 NtClose.\.D.e.v.
172100000000017e1110/0080: 69 00 63 00 65 00 5c 00-53 00 6f 00 6c 00 61 00 i.c.e.\.S.o.l.a.
172200000000017e1120/0090: 72 00 44 00 72 00 69 00-76 00 65 00 72 00 4c 00 r.D.r.i.v.e.r.L.
172300000000017e1130/00a0: 6f 00 67 00 00 00 00 00-48 89 5c 24 18 48 89 74 o.g.....H.\$.H.t
172400000000017e1140/00b0: 24 20 55 57 41 54 41 56-41 57 48 8b ec 48 83 ec $ UWATAVAWH..H..
172500000000017e1150/00c0: 30 48 8b 79 08 48 8d 15-64 ff ff ff 4c 8b 31 48 0H.y.H..d...L.1H
172600000000017e1160/00d0: 8b f1 48 8b cf e8 3a 03-00 00 48 8d 5e 18 45 33 ..H...:...H.^.E3
172700000000017e1170/00e0: e4 4c 8b f8 66 44 39 23-0f 84 92 00 00 00 bf 18 .L..fD9#........
172800000000017e1180/00f0: 00 00 c0 41 0f b7 cc 66-44 89 65 f2 66 89 4d f0 ...A...fD.e.f.M.
17292078.3270: 00000000017e1190/0000: 48 89 5d f8 66 44 39 23-74 11 66 ff c1 0f b7 c1 H.].fD9#t.f.....
173000000000017e11a0/0010: 66 89 4d f0 66 44 39 24-43 75 ef 66 03 c9 66 89 f.M.fD9$Cu.f..f.
173100000000017e11b0/0020: 4d f0 66 89 4d f2 eb 11-48 8d 55 30 48 c7 45 30 M.f.M...H.U0H.E0
173200000000017e11c0/0030: c0 bd f0 ff 33 c9 41 ff-d7 4c 8d 4d 38 33 d2 4c ....3.A..L.M83.L
173300000000017e11d0/0040: 8d 45 f0 33 c9 41 ff d6-3b c7 74 dc 85 c0 74 13 .E.3.A..;.t...t.
173400000000017e11e0/0050: 44 0f b7 4d f0 8b d0 4c-8b 45 f8 48 8b ce e8 51 D..M...L.E.H...Q
173500000000017e11f0/0060: 00 00 00 0f b7 45 f0 48-d1 e8 48 8d 1c 43 48 83 .....E.H..H..CH.
173600000000017e1200/0070: c3 02 66 44 39 23 0f 85-77 ff ff ff 48 8b 7e 08 ..fD9#..w...H.~.
173700000000017e1210/0080: 48 8d 15 91 fe ff ff 48-8b cf e8 85 02 00 00 33 H......H.......3
173800000000017e1220/0090: c9 ff d0 48 8b 5c 24 70-33 c0 48 8b 74 24 78 48 ...H.\$p3.H.t$xH
173900000000017e1230/00a0: 83 c4 30 41 5f 41 5e 41-5c 5f 5d c3 cc cc cc cc ..0A_A^A\_].....
174000000000017e1240/00b0: cc cc cc cc 48 89 5c 24-10 48 89 74 24 18 55 57 ....H.\$.H.t$.UW
174100000000017e1250/00c0: 41 54 41 56 41 57 48 8d-6c 24 c9 48 81 ec d0 00 ATAVAWH.l$.H....
174200000000017e1260/00d0: 00 00 44 8b fa 48 8b f9-48 8b 49 08 48 8d 15 65 ..D..H..H.I.H..e
174300000000017e1270/00e0: fe ff ff 41 8b f1 4d 8b-f0 e8 26 02 00 00 48 8b ...A..M...&...H.
174400000000017e1280/00f0: 4f 08 48 8d 15 5f fe ff-ff 48 8b d8 e8 13 02 00 O.H.._...H......
17452078.3270: 00000000017e1290/0000: 00 48 83 65 67 00 4c 8d-4d d7 48 83 65 07 00 4c .H.eg.L.M.H.e..L
174600000000017e12a0/0010: 8d 45 ff 83 65 17 00 48-8d 4d 67 4c 8b e0 c7 45 .E..e..H.MgL...E
174700000000017e12b0/0020: c7 2c 00 2e 00 48 8d 05-4c fe ff ff c7 45 ff 30 .,...H..L....E.0
174800000000017e12c0/0030: 00 00 00 48 89 45 cf 0f-57 c0 48 8d 45 c7 ba 00 ...H.E..W.H.E...
174900000000017e12d0/0040: 00 10 00 48 89 45 0f 33-c0 21 44 24 50 48 21 44 ...H.E.3.!D$PH!D
175000000000017e12e0/0050: 24 48 21 44 24 40 48 21-45 df c7 44 24 38 01 00 $H!D$@H!E..D$8..
175100000000017e12f0/0060: 00 00 c7 44 24 30 07 00-00 00 c7 44 24 28 80 00 ...D$0.....D$(..
175200000000017e1300/0070: 00 00 48 21 44 24 20 f3-0f 7f 45 1f 48 89 45 d7 ..H!D$ ...E.H.E.
175300000000017e1310/0080: ff d3 85 c0 75 68 83 64-24 48 00 b8 18 00 00 00 ....uh.d$H......
175400000000017e1320/0090: 48 83 64 24 40 00 45 33-c9 48 8b 4d 67 45 33 c0 H.d$@.E3.H.MgE3.
175500000000017e1330/00a0: 89 44 24 38 33 d2 89 45-e7 48 8d 45 e7 48 89 44 .D$83..E.H.E.H.D
175600000000017e1340/00b0: 24 30 48 8d 45 d7 c7 44-24 28 00 38 22 00 48 89 $0H.E..D$(.8".H.
175700000000017e1350/00c0: 44 24 20 c7 45 eb 01 00-00 00 44 89 7d ef 4c 89 D$ .E.....D.}.L.
175800000000017e1360/00d0: 75 f3 89 75 fb 41 ff d4-48 8b 4f 08 48 8d 15 8d u..u.A..H.O.H...
175900000000017e1370/00e0: fd ff ff e8 2c 01 00 00-48 8b 4d 67 ff d0 4c 8d ....,...H.Mg..L.
176000000000017e1380/00f0: 9c 24 d0 00 00 00 49 8b-5b 38 49 8b 73 40 49 8b .$....I.[8I.s@I.
17612078.3270: 00000000017e1390/0000: e3 41 5f 41 5e 41 5c 5f-5d c3 cc cc cc cc cc cc .A_A^A\_].......
176200000000017e13a0/0010: 48 89 5c 24 10 48 89 6c-24 18 48 89 74 24 20 57 H.\$.H.l$.H.t$ W
176300000000017e13b0/0020: 48 83 ec 60 48 8b 31 48-8d 59 18 48 8b f9 33 ed H..`H.1H.Y.H..3.
176400000000017e13c0/0030: eb 7b 0f b7 d5 66 89 6c-24 52 66 89 54 24 50 48 .{...f.l$Rf.T$PH
176500000000017e13d0/0040: 89 5c 24 58 66 39 2b 74-11 66 ff c2 0f b7 c2 66 .\$Xf9+t.f.....f
176600000000017e13e0/0050: 89 54 24 50 66 39 2c 43-75 ef 66 03 d2 f6 47 10 .T$Pf9,Cu.f...G.
176700000000017e13f0/0060: 01 66 89 54 24 50 66 89-54 24 52 75 47 4c 8d 4c .f.T$Pf.T$RuGL.L
176800000000017e1400/0070: 24 70 33 d2 4c 8d 44 24-50 33 c9 ff d6 3d 18 00 $p3.L.D$P3...=..
176900000000017e1410/0080: 00 c0 74 30 85 c0 74 15-44 0f b7 4c 24 50 8b d0 ..t0..t.D..L$P..
177000000000017e1420/0090: 4c 8b 44 24 58 48 8b cf-e8 17 fe ff ff 0f b7 44 L.D$XH.........D
177100000000017e1430/00a0: 24 50 48 d1 e8 48 8d 1c-43 48 83 c3 02 66 39 2b $PH..H..CH...f9+
177200000000017e1440/00b0: 75 80 eb 48 48 8b 4f 08-48 8d 15 41 fc ff ff e8 u..HH.O.H..A....
177300000000017e1450/00c0: 50 00 00 00 48 85 c0 74-33 48 89 6c 24 48 48 8d P...H..t3H.l$HH.
177400000000017e1460/00d0: 0d d3 fc ff ff 48 89 6c-24 40 45 33 c9 48 89 7c .....H.l$@E3.H.|
177500000000017e1470/00e0: 24 38 45 33 c0 48 89 4c-24 30 33 d2 48 89 6c 24 $8E3.H.L$03.H.l$
177600000000017e1480/00f0: 28 48 83 c9 ff 48 89 6c-24 20 ff d0 4c 8d 5c 24 (H...H.l$ ..L.\$
17772078.3270: 00000000017e1490/0000: 60 33 c0 49 8b 5b 18 49-8b 6b 20 49 8b 73 28 49 `3.I.[.I.k I.s(I
177800000000017e14a0/0010: 8b e3 5f c3 48 8b c4 48-89 58 08 48 89 68 10 48 .._.H..H.X.H.h.H
177900000000017e14b0/0020: 89 70 18 48 89 78 20 41-54 41 55 41 56 41 57 48 .p.H.x ATAUAVAWH
178000000000017e14c0/0030: 63 41 3c 4c 8b c9 48 03-c1 45 33 c0 b9 4c 01 00 cA<L..H..E3..L..
178100000000017e14d0/0040: 00 4c 8b fa 66 39 48 04-74 16 b9 64 86 00 00 66 .L..f9H.t..d...f
178200000000017e14e0/0050: 39 48 04 0f 85 b9 00 00-00 b9 88 00 00 00 eb 05 9H..............
178300000000017e14f0/0060: b9 78 00 00 00 44 39 44-01 04 0f 84 a2 00 00 00 .x...D9D........
178400000000017e1500/0070: 44 39 04 01 0f 84 98 00-00 00 44 8b 1c 01 41 8b D9........D...A.
178500000000017e1510/0080: f0 4d 03 d9 41 8b 6b 18-45 8b 63 20 ff cd 8b d5 .M..A.k.E.c ....
178600000000017e1520/0090: 4d 03 e1 d1 ea 83 fd 02-72 73 41 8b 04 94 44 8b M.......rsA...D.
178700000000017e1530/00a0: ea 41 8a 1f 4e 8d 14 08-84 db 74 22 49 8b ff 8a .A..N.....t"I...
178800000000017e1540/00b0: c3 49 2b fa 41 0f be 0a-8a d8 0f be c0 2b c1 75 .I+.A........+.u
178900000000017e1550/00c0: 0d 49 ff c2 42 8a 04 17-8a d8 84 c0 75 e6 41 0f .I..B.......u.A.
179000000000017e1560/00d0: be 02 0f be cb 2b c8 79-05 8d 6a ff eb 07 85 c9 .....+.y..j.....
179100000000017e1570/00e0: 7e 12 8d 72 01 8b d5 2b-d6 d1 ea 03 d6 41 3b d5 ~..r...+.....A;.
179200000000017e1580/00f0: 75 a8 eb 19 41 8b 4b 24-49 03 c9 0f b7 14 51 41 u...A.K$I.....QA
17932078.3270: 00000000017e1590/0000: 8b 4b 1c 49 03 c9 44 8b-04 91 4d 03 c1 49 8b c0 .K.I..D...M..I..
179400000000017e15a0/0010: eb 02 33 c0 48 8b 5c 24-28 48 8b 6c 24 30 48 8b ..3.H.\$(H.l$0H.
179500000000017e15b0/0020: 74 24 38 48 8b 7c 24 40-41 5f 41 5e 41 5d 41 5c t$8H.|$@A_A^A]A\
179600000000017e15c0/0030: c3 cc cc cc 01 1b 0c 00-1b 74 08 00 1b 64 07 00 .........t...d..
179700000000017e15d0/0040: 1b 54 06 00 1b 34 05 00-1b f0 19 e0 17 d0 15 c0 .T...4..........
179800000000017e15e0/0050: 01 19 0a 00 19 64 0f 00-19 34 0e 00 19 52 12 f0 .....d...4...R..
179900000000017e15f0/0060: 10 e0 0e c0 0c 70 0b 50-01 1e 0b 00 1e 64 22 00 .....p.P.....d".
180000000000017e1600/0070: 1e 34 21 00 1e 01 1a 00-12 f0 10 e0 0e c0 0c 70 .4!............p
180100000000017e1610/0080: 0b 50 00 00 01 14 08 00-14 64 11 00 14 54 10 00 .P.......d...T..
180200000000017e1620/0090: 14 34 0f 00 14 b2 10 70-cc cc cc cc cc cc cc cc .4.....p........
180300000000017e1630/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
180400000000017e1640/00b0: 00 00 00 00 00 00 00 00-55 00 4d 00 49 00 6e 00 ........U.M.I.n.
180500000000017e1650/00c0: 74 00 65 00 72 00 63 00-65 00 70 00 74 00 6f 00 t.e.r.c.e.p.t.o.
180600000000017e1660/00d0: 72 00 73 00 5f 00 78 00-36 00 34 00 2e 00 64 00 r.s._.x.6.4...d.
180700000000017e1670/00e0: 6c 00 6c 00 00 00 00 00-00 00 00 00 00 00 00 00 l.l.............
180800000000017e1680/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
18092078.3270: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000da0000/0000000000da0000 LB 0/0x1000]
18102078.3270: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000da0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
18112078.3270: 0000000000da1000-0000000000daffff 0x0001/0x0000 0x0000000
18122078.3270: *0000000000db0000-0000000000db3fff 0x0002/0x0002 0x0040000
18132078.3270: 0000000000db4000-0000000000dbffff 0x0001/0x0000 0x0000000
18142078.3270: *0000000000dc0000-0000000000dc1fff 0x0004/0x0004 0x0020000
18152078.3270: 0000000000dc2000-0000000000dfffff 0x0001/0x0000 0x0000000
18162078.3270: *0000000000e00000-0000000000fbcfff 0x0000/0x0004 0x0020000
18172078.3270: 0000000000fbd000-0000000000fbffff 0x0004/0x0004 0x0020000
18182078.3270: 0000000000fc0000-0000000000ffffff 0x0000/0x0004 0x0020000
18192078.3270: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
18202078.3270: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
18212078.3270: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
18222078.3270: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
18232078.3270: 000000007fff0000-00007ff5dac1ffff 0x0001/0x0000 0x0000000
18242078.3270: *00007ff5dac20000-00007ff5dac20fff 0x0002/0x0002 0x0040000
18252078.3270: 00007ff5dac21000-00007ff5dac2ffff 0x0001/0x0000 0x0000000
18262078.3270: *00007ff5dac30000-00007ff5dac52fff 0x0002/0x0002 0x0040000
18272078.3270: 00007ff5dac53000-00007ff62c2effff 0x0001/0x0000 0x0000000
18282078.3270: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18292078.3270: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18302078.3270: 00007ff62c367000-00007ff62c367fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18312078.3270: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18322078.3270: 00007ff62c3b0000-00007ff62c3b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18332078.3270: 00007ff62c3b1000-00007ff62c3b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18342078.3270: 00007ff62c3b2000-00007ff62c3b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18352078.3270: 00007ff62c3b7000-00007ff62c3b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18362078.3270: 00007ff62c3b8000-00007ff62c3b8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18372078.3270: 00007ff62c3b9000-00007ff62c3bcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18382078.3270: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18392078.3270: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
18402078.3270: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18412078.3270: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18422078.3270: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18432078.3270: 00007fff6f8ff000-00007fff6f90afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18442078.3270: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18452078.3270: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18462078.3270: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18472078.3270: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18482078.3270: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
18492078.3270: VBoxHeadless.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS)
18502078.3270: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
18512078.3270: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
18522078.3270: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x840
18532078.3270: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 58 sleeps
18542078.3270: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
18552078.3270: *0000000000000000-0000000000c5ffff 0x0001/0x0000 0x0000000
18562078.3270: *0000000000c60000-0000000000c7ffff 0x0004/0x0004 0x0020000
18572078.3270: *0000000000c80000-0000000000c9afff 0x0002/0x0002 0x0040000
18582078.3270: 0000000000c9b000-0000000000c9ffff 0x0001/0x0000 0x0000000
18592078.3270: *0000000000ca0000-0000000000d9afff 0x0000/0x0004 0x0020000
18602078.3270: 0000000000d9b000-0000000000d9dfff 0x0104/0x0004 0x0020000
18612078.3270: 0000000000d9e000-0000000000d9ffff 0x0004/0x0004 0x0020000
18622078.3270: 0000000000da0000-0000000000daffff 0x0001/0x0000 0x0000000
18632078.3270: *0000000000db0000-0000000000db3fff 0x0002/0x0002 0x0040000
18642078.3270: 0000000000db4000-0000000000dbffff 0x0001/0x0000 0x0000000
18652078.3270: *0000000000dc0000-0000000000dc1fff 0x0004/0x0004 0x0020000
18662078.3270: 0000000000dc2000-0000000000dfffff 0x0001/0x0000 0x0000000
18672078.3270: *0000000000e00000-0000000000fbcfff 0x0000/0x0004 0x0020000
18682078.3270: 0000000000fbd000-0000000000fbffff 0x0004/0x0004 0x0020000
18692078.3270: 0000000000fc0000-0000000000ffffff 0x0000/0x0004 0x0020000
18702078.3270: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
18712078.3270: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
18722078.3270: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
18732078.3270: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
18742078.3270: 000000007fff0000-00007ff5dac1ffff 0x0001/0x0000 0x0000000
18752078.3270: *00007ff5dac20000-00007ff5dac20fff 0x0002/0x0002 0x0040000
18762078.3270: 00007ff5dac21000-00007ff5dac2ffff 0x0001/0x0000 0x0000000
18772078.3270: *00007ff5dac30000-00007ff5dac52fff 0x0002/0x0002 0x0040000
18782078.3270: 00007ff5dac53000-00007ff62c2effff 0x0001/0x0000 0x0000000
18792078.3270: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18802078.3270: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18812078.3270: 00007ff62c367000-00007ff62c367fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18822078.3270: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18832078.3270: 00007ff62c3b0000-00007ff62c3bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18842078.3270: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18852078.3270: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
18862078.3270: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18872078.3270: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18882078.3270: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18892078.3270: 00007fff6f8ff000-00007fff6f902fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18902078.3270: 00007fff6f903000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18912078.3270: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18922078.3270: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18932078.3270: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18942078.3270: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18952078.3270: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
18962078.3270: supR3HardNtChildPurify: Done after 1069 ms and 1 fixes (loop #1).
189725a0.1d14: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047ba00
189825a0.1d14: supR3HardenedVmProcessInit: uNtDllAddr=00007fff6f7a0000 g_uNtVerCombined=0xa047ba00 (stack ~0000000000d9f9d8)
189925a0.1d14: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
190025a0.1d14: New simple heap: #1 0000000001100000 LB 0x400000 (for 2031616 allocation)
19012078.3270: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
19022078.3270: supR3HardNtEnableThreadCreationEx:
190325a0.1d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
190425a0.1d14: System32: \Device\HarddiskVolume4\Windows\System32
190525a0.1d14: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
190625a0.1d14: KnownDllPath: C:\WINDOWS\System32
190725a0.1d14: supR3HardenedVmProcessInit: Opening vboxdrv...
190825a0.1d14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
190925a0.1d14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
191025a0.1d14: Registered Dll notification callback with NTDLL.
191125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
191225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
191325a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
191425a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c7d0000 LB 0x002a4000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
191525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
191625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
191725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6eb70000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
191825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
191925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\KERNEL32.DLL'
192025a0.1d14: supR3HardenedDllNotificationCallback: load 00007ff62c2f0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
192125a0.1d14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
192225a0.1d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
192325a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
192425a0.1d14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
19252078.3270: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 76 ms.
192625a0.1d14: \SystemRoot\System32\ntdll.dll:
192725a0.1d14: CreationTime: 2020-07-27T09:29:22.468662600Z
192825a0.1d14: LastWriteTime: 2020-07-27T09:29:22.507631900Z
192925a0.1d14: ChangeTime: 2020-07-28T06:10:52.472083500Z
193025a0.1d14: FileAttributes: 0x20
193125a0.1d14: Size: 0x1e8460
193225a0.1d14: NT Headers: 0xd8
193325a0.1d14: Timestamp: 0xb29ecf52
193425a0.1d14: Machine: 0x8664 - amd64
193525a0.1d14: Timestamp: 0xb29ecf52
193625a0.1d14: Image Version: 10.0
193725a0.1d14: SizeOfImage: 0x1f0000 (2031616)
193825a0.1d14: Resource Dir: 0x17f000 LB 0x6f310
193925a0.1d14: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
194025a0.1d14: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
194125a0.1d14: ProductName: Microsoft® Windows® Operating System
194225a0.1d14: ProductVersion: 10.0.18362.815
194325a0.1d14: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
194425a0.1d14: FileDescription: NT Layer DLL
194525a0.1d14: \SystemRoot\System32\kernel32.dll:
194625a0.1d14: CreationTime: 2020-07-27T09:28:50.277970100Z
194725a0.1d14: LastWriteTime: 2020-07-27T09:28:50.294953700Z
194825a0.1d14: ChangeTime: 2020-07-28T06:10:41.051213400Z
194925a0.1d14: FileAttributes: 0x20
195025a0.1d14: Size: 0xb0498
195125a0.1d14: NT Headers: 0xe8
195225a0.1d14: Timestamp: 0xce6bbd73
195325a0.1d14: Machine: 0x8664 - amd64
195425a0.1d14: Timestamp: 0xce6bbd73
195525a0.1d14: Image Version: 10.0
195625a0.1d14: SizeOfImage: 0xb2000 (729088)
195725a0.1d14: Resource Dir: 0xb0000 LB 0x520
195825a0.1d14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
195925a0.1d14: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
196025a0.1d14: ProductName: Microsoft® Windows® Operating System
196125a0.1d14: ProductVersion: 10.0.18362.959
196225a0.1d14: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
196325a0.1d14: FileDescription: Windows NT BASE API Client DLL
196425a0.1d14: \SystemRoot\System32\KernelBase.dll:
196525a0.1d14: CreationTime: 2020-07-27T09:29:23.091189900Z
196625a0.1d14: LastWriteTime: 2020-07-27T09:29:23.150058300Z
196725a0.1d14: ChangeTime: 2020-07-28T06:10:50.315875600Z
196825a0.1d14: FileAttributes: 0x20
196925a0.1d14: Size: 0x2a4058
197025a0.1d14: NT Headers: 0xf8
197125a0.1d14: Timestamp: 0x7b90c1b5
197225a0.1d14: Machine: 0x8664 - amd64
197325a0.1d14: Timestamp: 0x7b90c1b5
197425a0.1d14: Image Version: 10.0
197525a0.1d14: SizeOfImage: 0x2a4000 (2768896)
197625a0.1d14: Resource Dir: 0x27e000 LB 0x548
197725a0.1d14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
197825a0.1d14: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
197925a0.1d14: ProductName: Microsoft® Windows® Operating System
198025a0.1d14: ProductVersion: 10.0.18362.959
198125a0.1d14: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
198225a0.1d14: FileDescription: Windows NT BASE API Client DLL
198325a0.1d14: \SystemRoot\System32\apisetschema.dll:
198425a0.1d14: CreationTime: 2019-03-19T04:43:54.837151500Z
198525a0.1d14: LastWriteTime: 2019-03-19T04:43:54.837151500Z
198625a0.1d14: ChangeTime: 2020-07-27T09:30:52.160553000Z
198725a0.1d14: FileAttributes: 0x20
198825a0.1d14: Size: 0x1d028
198925a0.1d14: NT Headers: 0xc8
199025a0.1d14: Timestamp: 0xd6ced080
199125a0.1d14: Machine: 0x8664 - amd64
199225a0.1d14: Timestamp: 0xd6ced080
199325a0.1d14: Image Version: 10.0
199425a0.1d14: SizeOfImage: 0x1e000 (122880)
199525a0.1d14: Resource Dir: 0x1d000 LB 0x408
199625a0.1d14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
199725a0.1d14: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
199825a0.1d14: ProductName: Microsoft® Windows® Operating System
199925a0.1d14: ProductVersion: 10.0.18362.1
200025a0.1d14: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
200125a0.1d14: FileDescription: ApiSet Schema DLL
200225a0.1d14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
200325a0.1d14: supR3HardenedWinFindAdversaries: 0x840
200425a0.1d14: \SystemRoot\System32\drivers\klflt.sys:
200525a0.1d14: CreationTime: 2020-03-06T08:53:28.856343500Z
200625a0.1d14: LastWriteTime: 2020-03-12T20:48:02.000000000Z
200725a0.1d14: ChangeTime: 2020-05-15T10:01:19.828084100Z
200825a0.1d14: FileAttributes: 0x20
200925a0.1d14: Size: 0x3f100
201025a0.1d14: NT Headers: 0xf8
201125a0.1d14: Timestamp: 0x5e6a66e9
201225a0.1d14: Machine: 0x8664 - amd64
201325a0.1d14: Timestamp: 0x5e6a66e9
201425a0.1d14: Image Version: 6.1
201525a0.1d14: SizeOfImage: 0x4d000 (315392)
201625a0.1d14: Resource Dir: 0x4a000 LB 0x430
201725a0.1d14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
201825a0.1d14: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
201925a0.1d14: ProductName: Coretech Delivery
202025a0.1d14: ProductVersion: 30.289.132.0-e369c7d411
202125a0.1d14: FileVersion: 30.289.132.0
202225a0.1d14: FileDescription: Filter Core [fre_win7_x64]
202325a0.1d14: \SystemRoot\System32\drivers\klif.sys:
202425a0.1d14: CreationTime: 2020-03-06T08:53:28.861361800Z
202525a0.1d14: LastWriteTime: 2020-03-12T20:48:04.000000000Z
202625a0.1d14: ChangeTime: 2020-05-15T10:01:19.795147700Z
202725a0.1d14: FileAttributes: 0x20
202825a0.1d14: Size: 0x12d500
202925a0.1d14: NT Headers: 0x100
203025a0.1d14: Timestamp: 0x5e6a6704
203125a0.1d14: Machine: 0x8664 - amd64
203225a0.1d14: Timestamp: 0x5e6a6704
203325a0.1d14: Image Version: 6.1
203425a0.1d14: SizeOfImage: 0x12f000 (1241088)
203525a0.1d14: Resource Dir: 0x125000 LB 0x3410
203625a0.1d14: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
203725a0.1d14: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
203825a0.1d14: ProductName: Coretech Delivery
203925a0.1d14: ProductVersion: 30.289.132.0-e369c7d411
204025a0.1d14: FileVersion: 30.289.132.0
204125a0.1d14: FileDescription: Core System Interceptors [fre_win7_x64]
204225a0.1d14: \SystemRoot\System32\drivers\klim6.sys:
204325a0.1d14: CreationTime: 2019-01-28T00:49:40.000000000Z
204425a0.1d14: LastWriteTime: 2020-03-05T01:33:42.000000000Z
204525a0.1d14: ChangeTime: 2020-05-15T10:01:20.628593700Z
204625a0.1d14: FileAttributes: 0x20
204725a0.1d14: Size: 0x159f0
204825a0.1d14: NT Headers: 0xe0
204925a0.1d14: Timestamp: 0x8c875967
205025a0.1d14: Machine: 0x8664 - amd64
205125a0.1d14: Timestamp: 0x8c875967
205225a0.1d14: Image Version: 6.1
205325a0.1d14: SizeOfImage: 0x12000 (73728)
205425a0.1d14: Resource Dir: 0x10000 LB 0x448
205525a0.1d14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
205625a0.1d14: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
205725a0.1d14: ProductName: Coretech Delivery
205825a0.1d14: ProductVersion: 30.289.126.0-2a58c6003b
205925a0.1d14: FileVersion: 30.289.126.0
206025a0.1d14: FileDescription: Packet Network Filter [fre_win7_x64]
206125a0.1d14: \SystemRoot\System32\drivers\kneps.sys:
206225a0.1d14: CreationTime: 2019-04-29T04:50:14.000000000Z
206325a0.1d14: LastWriteTime: 2020-03-06T02:31:48.000000000Z
206425a0.1d14: ChangeTime: 2020-05-15T10:01:20.486058100Z
206525a0.1d14: FileAttributes: 0x20
206625a0.1d14: Size: 0x44300
206725a0.1d14: NT Headers: 0xf8
206825a0.1d14: Timestamp: 0x359fc650
206925a0.1d14: Machine: 0x8664 - amd64
207025a0.1d14: Timestamp: 0x359fc650
207125a0.1d14: Image Version: 6.1
207225a0.1d14: SizeOfImage: 0x44000 (278528)
207325a0.1d14: Resource Dir: 0x41000 LB 0x440
207425a0.1d14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
207525a0.1d14: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
207625a0.1d14: ProductName: Coretech Delivery
207725a0.1d14: ProductVersion: 30.289.126.0-2a58c6003b
207825a0.1d14: FileVersion: 30.289.126.0
207925a0.1d14: FileDescription: Network Processor [fre_win7_x64]
208025a0.1d14: \SystemRoot\System32\drivers\inspect.sys:
208125a0.1d14: CreationTime: 2019-10-22T10:41:08.000000000Z
208225a0.1d14: LastWriteTime: 2019-10-22T10:41:08.000000000Z
208325a0.1d14: ChangeTime: 2019-12-12T12:56:19.421137100Z
208425a0.1d14: FileAttributes: 0x20
208525a0.1d14: Size: 0x137c8
208625a0.1d14: NT Headers: 0xf8
208725a0.1d14: Timestamp: 0x5cfbc135
208825a0.1d14: Machine: 0x8664 - amd64
208925a0.1d14: Timestamp: 0x5cfbc135
209025a0.1d14: Image Version: 10.0
209125a0.1d14: SizeOfImage: 0x14000 (81920)
209225a0.1d14: Resource Dir: 0x12000 LB 0x690
209325a0.1d14: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
209425a0.1d14: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
209525a0.1d14: ProductName: DOZOR Agent
209625a0.1d14: ProductVersion: 3.3.0.0
209725a0.1d14: FileVersion: 1.0.1.3
209825a0.1d14: FileDescription: Process Control Driver
209925a0.1d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
210025a0.1d14: Calling main()
210125a0.1d14: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
210225a0.1d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
210325a0.1d14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
210425a0.1d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
210525a0.1d14: SUPR3HardenedMain: Final process, opening VBoxDrv...
210625a0.1d14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
210725a0.1d14: supR3HardNtEnableThreadCreationEx:
210825a0.1d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
210925a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
211025a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
211125a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
211225a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff66710000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
211325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
211425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
211525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66710000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
211725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
211825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66710000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
212025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66710000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
212125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
212225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
212325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
212425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
212525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
212625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
212725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
212825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
212925a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
213025a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
213125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
213225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
213325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
213425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
213525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
213625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
213725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
213825a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
213925a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
214025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
214125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
214225a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
214325a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
214425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
214525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
214625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
214725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
214825a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e120000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
214925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
215025a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c630000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
215125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
215225a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6ca80000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
215325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
215425a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
215525a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6cd00000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
215625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
215725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6f450000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
215825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
215925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6cc50000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
216025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
216125a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
216225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
216325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-synch-l1-2-0'
216425a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
216525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
216625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-fibers-l1-1-1'
216725a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
216825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
216925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-fibers-l1-1-1'
217025a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
217125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
217225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-synch-l1-2-0'
217325a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
217425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
217525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-localization-l1-2-1'
217625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cc50000 'C:\WINDOWS\system32\Wintrust.dll'
217725a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
217825a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
217925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
218025a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6ccd0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
218125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
218225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6ccd0000 'C:\WINDOWS\system32\bcrypt.dll'
218325a0.1d14: bcrypt.dll loaded at 00007fff6ccd0000, BCryptOpenAlgorithmProvider at 00007fff6ccd4c70, preloading providers:
218425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
218525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
218625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6cbd0000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
218825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
218925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cbd0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
219025a0.1d14: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000156dff0)
219125a0.1d14: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000156ed50)
219225a0.1d14: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000156f050)
219325a0.1d14: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000156f350)
219425a0.1d14: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000156f650)
219525a0.1d14: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000156f950)
219625a0.1d14: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000156fc50)
219725a0.1d14: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001570360)
219825a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6ccb0000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
219925a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
220025a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
220125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
220225a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
220325a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
220425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
220525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
220625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
220725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
220825a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
220925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6b9a0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
221025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
221125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
221225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
221325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
221425a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
221525a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c000000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
221625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
221725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
221825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
221925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
222025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
222125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
222225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\kernel32.dll'
222325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
222425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
222525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cc50000 'C:\WINDOWS\System32\WINTRUST.DLL'
222625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
222725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
222825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\CRYPT32.dll'
222925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6d820000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
223025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
223125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
223225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
223325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
223425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
223525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
223625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
223725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
223925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6f3a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
224025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
224125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
224225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
224325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
224425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
224525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
224625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
224725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6b030000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
224825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
224925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c6c0000 LB 0x00023000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
225025a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
225125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
225225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
225425a0.1d14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
225525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
225625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
225725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
225825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
225925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
226025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
226225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
226325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
226425a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
226525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
226625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226725a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
226825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
226925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
227025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
227125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
227225a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
227325a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff477a0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
227425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
227525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
227625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
227725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
227825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
227925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
228025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
228125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
228225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
228325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
228425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
228525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
228625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
228725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
228825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
228925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
229025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
229125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
229225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
229325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
229425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
229525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
229625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
229725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
229825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
229925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
230025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
230125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
230225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
230325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\WINDOWS\System32\cryptnet.dll'
230425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
230525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff477a0000 'C:\Windows\System32\cryptnet.dll'
230625a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6dda0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
230725a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
230825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
230925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
231025a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
231125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
231225a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
231325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
231425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
231525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
231625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
231725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
231825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
231925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
232025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
232125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
232225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
232325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
232425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
232525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
232625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
232725a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
232825a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001645680
232925a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
233025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F
233125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
233225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f450000 'C:\WINDOWS\System32\rpcrt4.dll'
233425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
233525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
233725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
233825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
234025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\SystemRoot\System32\ntdll.dll'
234125a0.1d14: g_pfnWinVerifyTrust=00007fff6cc561f0
234225a0.1d14: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
234325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
234425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
234525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
234625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
234725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
234825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
234925a0.1d14: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
235025a0.1d14: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
235125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
235225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
235425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
235525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
235725a0.1d14: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
235825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
235925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
236025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
236125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
236225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
236325a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
236425a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
236525a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
236625a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
236725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
236825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
236925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
237025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
237125a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
237225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
237325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
237425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
237525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
237625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
237725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
237825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
237925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
238025a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
238125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
238225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
238325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
238425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
238525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
238625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
238725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
238825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
238925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
239025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
239125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
239225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
239325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
239425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
239525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
239625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
239725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
239825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
239925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
240025a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
240225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
240325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
240425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
240525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
240625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
240725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
240825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
240925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
241025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
241125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
241225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
241325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
241425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
241525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
241625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
241725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
241825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
241925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
242025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
242125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
242225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
242325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
242425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
242525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
242625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
242725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
242825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
242925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
243025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
243125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
243225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\system32\crypt32.dll'
243325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x55c4ef205ae3d700 Email=ssl@server.9tv.co.il, CN=archive.9tv.co.il
243425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
243525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x52f35a23ad43e700 Email=ssl@server.9tv.co.il, CN=www.archive.9tv.co.il
243625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
243725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
243825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
243925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
244025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xdee05e72d2fce000 CN=spb2wks002.puls.local
244125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
244225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xbee9d764924fbb00 O=AO Kaspersky Lab, CN=Kaspersky Endpoint Security Personal Root Certificate
244325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x996f072e2fa7ec00 CN=spb2wks002.puls.local
244425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xd140ebc339a98a2f CN=WZTeam
244525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x39c174e2854aa600 CN=TRASSIR
244625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf27194c5fa02d100 C=EN, CN=DigiCert SHA2 Extended Validation Server CA 2
244725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
244825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
244925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
245025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
245125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
245225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
245325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
245425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
245525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
245625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
245725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
245825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
245925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
246025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
246125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
246225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
246325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
246425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
246525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
246625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
246725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
246825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
246925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
247025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
247125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
247225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
247325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
247425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
247525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
247625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
247725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
247825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
247925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
248025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
248125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
248225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
248325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
248425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
248525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x37c8415723cdb100 DC=local, DC=puls, CN=PULS-CA
248625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xe207b6374ba7a700 DC=local, DC=puls, CN=puls-RDP1-CA
248725a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xea2fcc21464fba00 DC=local, DC=puls, CN=serv-p
248825a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x74d616fa7976c000 DC=local, DC=puls, CN=serv-p
248925a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
249025a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x50b559415accb800 DC=local, DC=puls, CN=PULS-SERV2-P-CA
249125a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x5e9001153632c500 DC=local, DC=puls, CN=serv-p
249225a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x1622ad47ddeec900 DC=local, DC=puls, CN=serv-p
249325a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xfe1db9b6ec9e9000 DC=local, DC=puls, CN=PULS-CA
249425a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x627454ff6824be00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
249525a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
249625a0.1d14: supR3HardenedWinIsDesiredRootCA: Adding 0xe18c1732f20ab00 DC=local, DC=puls, CN=puls-V-PRINT-SRV-CA
249725a0.1d14: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
249825a0.1d14: SUPR3HardenedMain: Load Runtime...
249925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
250025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
250125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
250225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
250325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
250425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
250525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
250625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
250725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
250825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
250925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
251025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
251125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
251225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
251325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
251425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
251525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
251625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
251725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
251825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
251925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
252025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
252125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
252225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
252325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
252425a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
252525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
252625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
252725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
252825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
252925a0.1d14: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
253025a0.1d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
253125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
253225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
253325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
253425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
253525a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
253625a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
253725a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
253825a0.1d14: supR3HardenedDllNotificationCallback: load 0000000059f50000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
253925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
254025a0.1d14: supR3HardenedDllNotificationCallback: load 0000000059320000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
254125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
254225a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e5e0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
254325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
254425a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff39450000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
254525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
254625a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
254725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
254825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
254925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
255125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
255225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
255325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
255425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
255525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
255625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
255825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
255925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
256025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
256125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
256225a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
256325a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
256425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
256525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
256625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
256725a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
256825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
256925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
257025a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
257125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
257225a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
257325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
257425a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
257525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
257625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
257725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
257825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
257925a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
258025a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
258125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
258225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
258325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
258425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
258525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
258625a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
258725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
258825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
258925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
259025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
259125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
259225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
259325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
259425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
259525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
259625a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
259725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
259825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
259925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
260025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
260125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
260225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
260325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
260425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
260525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
260625a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
260725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
260825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
260925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
261025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
261125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
261225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
261325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
261425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
261525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
261625a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
261725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
261825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
261925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
262025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
262125a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
262225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
262325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
262425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
262525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
262625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
262825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
262925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
263025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
263125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
263225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
263325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
263425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
263525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
263625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
263725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
263825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
263925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
264025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
264125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
264225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
264325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
264425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
264525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
264625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
264725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
264825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
264925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
265025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
265125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
265225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
265325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
265425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
265525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
265625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
265725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
265825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
265925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
266025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
266125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
266225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
266325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
266425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
266525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
266625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
266725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
266825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
266925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
267025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
267125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
267225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
267325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
267425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
267525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
267625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
267725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
267825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
267925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
268025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
268125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
268225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
268325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
268425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
268525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
268625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
268725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
268825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
268925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
269025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
269125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
269225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
269325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
269425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
269525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
269625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
269725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
269825a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
269925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
270025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
270125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
270225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
270325a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
270425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
270525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
270625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
270725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
270825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
270925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
271025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
271125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
271225a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
271325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
271425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
271525a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
271625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
271725a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
271825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
271925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
272025a0.1d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
272125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
272225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff39450000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
272325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
272425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
272525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
272625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
272725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cc50000 'C:\WINDOWS\system32\Wintrust.dll'
272825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
272925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
273025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
273125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
273225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
273325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
273425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\system32\crypt32.dll'
273525a0.1d14: SUPR3HardenedMain: Load TrustedMain...
273625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
273725a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
273825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
273925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
274025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
274125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
274225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
274325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
274425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
274525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
274625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
274725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
274825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
274925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
275025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
275125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
275225a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
275325a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
275425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
275525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
275625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
275725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
275825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
275925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
276025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
276125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
276225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
276325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
276425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
276525a0.1d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
276625a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
276725a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
276825a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
276925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
277025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
277125a0.1d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
277225a0.1d14: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
277325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
277425a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
277525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
277625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
277725a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
277825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
277925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
278025a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
278125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
278225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
278325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
278425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
278525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
278625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
278725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
278825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
278925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
279025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
279125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
279225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
279325a0.1d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
279425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
279525a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
279625a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
279725a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
279825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
279925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
280025a0.1d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
280125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
280225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
280325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
280425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
280525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
280625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
280725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
280825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
280925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
281025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
281125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
281225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
281325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
281425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
281525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
281625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
281725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
281825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
281925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
282025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
282125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
282225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
282325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
282425a0.1d14: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
282525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
282625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
282725a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
282825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
282925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
283025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
283125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
283225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
283325a0.1d14: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
283425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
283525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
283625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
283725a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
283825a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e270000 LB 0x00335000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
283925a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
284025a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c6f0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
284125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
284225a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6d780000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
284325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
284425a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e6b0000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
284525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
284625a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6d5e0000 LB 0x00196000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
284725a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
284825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
284925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
285025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
285125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
285225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
285325a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e5b0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
285425a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
285525a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6ea10000 LB 0x00157000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
285625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
285725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6f570000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
285825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
285925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff4edc0000 LB 0x00052000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
286025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
286125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
286225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
286325a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
286425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
286525a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
286625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
286725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
286825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
286925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
287025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
287125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
287225a0.1d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
287325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
287425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
287525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
287625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
287725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
287825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
287925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
288025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
288125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
288225a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
288325a0.1d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
288425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
288525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\kernel32.dll'
288625a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
288725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
288825a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
288925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
289025a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
289125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
289225a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
289325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
289425a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
289525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
289625a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
289725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
289825a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
289925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
290025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-string-l1-1-0'
290125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
290225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
290325a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
290425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
290525a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
290625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
290725a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
290825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
290925a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
291025a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
291125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
291225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
291325a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
291425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
291525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-datetime-l1-1-1'
291625a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
291725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
291825a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
291925a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
292025a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
292125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
292225a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
292325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
292425a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
292525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
292625a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
292725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
292825a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
292925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
293025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-localization-obsolete-l1-2-0'
293125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
293225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
293325a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
293425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
293525a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
293625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
293725a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
293825a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
293925a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
294025a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
294125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
294225a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
294325a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
294425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
294525a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
294625a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
294725a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
294825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
294925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
295025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
295125a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
295225a0.1d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
295325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
295425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
295525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
295625a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
295725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6f6a0000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
295825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
295925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f6a0000 'C:\WINDOWS\system32\IMM32.DLL'
296025a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
296125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
296225a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
296325a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
296425a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
296525a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
296625a0.1d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
296725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
296825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff4edc0000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
296925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
297025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
297125a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
297225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
297325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
297425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
297525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
297625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
297725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
297825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
297925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
298025a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
298125a0.1d14: SUPR3HardenedMain: Calling TrustedMain (00007fff4edc2ae0)...
298225a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c650000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
298325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
298425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
298525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
298625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
298725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e070000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
298825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
298925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
299025a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
299125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
299225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
299325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
299425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
299525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
299625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
299725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
299825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
299925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
300025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
300125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
300225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
300325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
300425a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
300525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
300625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
300725a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
300825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
300925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
301025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
301125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
301225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
301325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
301425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
301525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
301625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
301725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
301825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
301925a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
302025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
302125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
302225a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
302325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
302425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
302525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
302625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
302725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
302825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
302925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
303025a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
303125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
303225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
303325a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
303425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
303525a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
303625a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff37a90000 LB 0x003be000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
303725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
303825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff37a90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
303925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
304025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
304125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
304225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
304325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
304425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
304525a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
304625a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
304725a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
304825a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
304925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
305025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
305125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
305225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
305325a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
305425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
305525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
305625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
305725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
305825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
305925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
306025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
306125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
306225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
306325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
306425a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
306525a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
306625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
306725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
306825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
306925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
307025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
307125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
307225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
307325a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
307425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
307525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
307625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
307725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
307825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
307925a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
308025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
308125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
308225a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
308325a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
308425a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
308525a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6e650000 LB 0x00052000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
308625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
308725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff4bee0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
308825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
308925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff4bee0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
309025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
309125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
309225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f570000 'C:\Windows\System32\oleaut32.dll'
309325a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
309425a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
309525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6ea10000 'C:\WINDOWS\System32\ole32.dll'
309625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
309725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
309825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f570000 'C:\WINDOWS\System32\OLEAUT32.dll'
309925a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000758 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
310025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
310125a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
310225a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
310325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
310425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
310525a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
310625a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
310725a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
310825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
310925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
311025a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
311125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
311225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
311325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
311425a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000760 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
311525a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
311625a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
311725a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
311825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
311925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
312025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
312125a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
312225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
312325a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
312425a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
312525a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
312625a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
312725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
312825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
312925a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
313025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
313125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
313225a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
313325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
313425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
313525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
313625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
313725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
313825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
313925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
314225a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
314325a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
314425a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff659f0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
314525a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
314625a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff64be0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
314725a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
314825a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
314925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
315025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
315125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff64be0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
315225a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000075c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
315325a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
315425a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
315525a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
315625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
315725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
315825a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
315925a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
316025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
316125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
316225a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
316325a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
316425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
316525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
316625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
316725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
316825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
316925a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
317025a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
317125a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff63ea0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
317225a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
317325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff63ea0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
317425a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
317525a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
317625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-localization-l1-2-0.dll'
317725a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
317825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
317925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6c7d0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
318025a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000788 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
318125a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
318225a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
318325a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
318425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
318525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
318625a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
318725a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
318825a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
318925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
319025a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
319125a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
319225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
319325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
319425a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
319525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
319625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
319725a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
319825a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
319925a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff64030000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
320025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
320125a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff64030000 'C:\WINDOWS\system32\wbem\fastprox.dll'
320225a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000790 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
320325a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
320425a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
320525a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
320625a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
320725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
320825a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.693.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
320925a0.1d14: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
321025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
321125a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
321225a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
321325a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
321425a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
321525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
321625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
321725a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
321825a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
321925a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
322025a0.1d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
322125a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
322225a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
322325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
322425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
322525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
322625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
322725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
322825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
322925a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
323025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
323125a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
323225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
323325a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
323425a0.1d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
323525a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff6c540000 LB 0x00025000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
323625a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
323725a0.1d14: supR3HardenedDllNotificationCallback: load 00007fff5d230000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
323825a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
323925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff5d230000 'C:\WINDOWS\System32\amsi.dll'
324025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
324125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6dda0000 'C:\WINDOWS\System32\ADVAPI32.dll'
324325a0.2060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
324425a0.2060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
324525a0.2060: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
324625a0.2060: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
324725a0.2060: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
324825a0.2060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
324925a0.2060: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
325025a0.2060: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
325125a0.2060: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
325225a0.2060: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
325325a0.2060: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
325425a0.2060: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
325525a0.2060: supR3HardenedDllNotificationCallback: load 00007fff37710000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
325625a0.2060: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
325725a0.2060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff37710000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
325825a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
325925a0.2b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
326025a0.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
326125a0.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
326225a0.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
326325a0.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
326425a0.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
326525a0.2b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
326625a0.2b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
326725a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
326825a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
326925a0.2b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
327025a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
327125a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
327225a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
327325a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
327425a0.2b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
327525a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
327625a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
327725a0.2b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
327825a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
327925a0.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
328025a0.2b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
328125a0.2b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
328225a0.2b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
328325a0.2b4c: supR3HardenedDllNotificationCallback: load 00007fff66700000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
328425a0.2b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
328525a0.2b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66700000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
328625a0.3bec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
328725a0.3bec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
328825a0.3bec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
328925a0.3bec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
329025a0.3bec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
329125a0.3bec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
329225a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
329325a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
329425a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
329525a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
329625a0.3bec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
329725a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
329825a0.3bec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
329925a0.3bec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
330025a0.3bec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
330125a0.3bec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
330225a0.3bec: supR3HardenedDllNotificationCallback: load 00007fff66630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
330325a0.3bec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
330425a0.3bec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66630000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
330525a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
330625a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
330725a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
330825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
330925a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
331025a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
331125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
331225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
331325a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
331425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
331525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
331625a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
331725a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
331825a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6cb80000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
331925a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
332025a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
332125a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6e1c0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
332225a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
332325a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
332425a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
332525a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
332625a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
332725a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6c620000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
332825a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
332925a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
333025a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6c670000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
333125a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
333225a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
333325a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
333425a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
333525a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6ce50000 LB 0x00782000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
333625a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
333725a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
333825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
333925a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
334025a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
334125a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
334225a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6ecb0000 LB 0x006e6000 C:\WINDOWS\System32\Shell32.dll [fFlags=0x0]
334325a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
334425a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6ecb0000 'C:\WINDOWS\system32\Shell32.dll'
334525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
334625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
334725a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
334825a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
334925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
335025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
335125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
335225a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
335325a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
335425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
335525a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
335625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
335725a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
335825a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [lacks WinVerifyTrust]
335925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
336025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
336125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
336225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
336325a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
336425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
336525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
336625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
336725a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
336825a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
336925a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
337025a0.17e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
337125a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
337225a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
337325a0.17e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
337425a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
337525a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
337625a0.17e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
337725a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
337825a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
337925a0.17e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
338025a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
338125a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
338225a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
338325a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
338425a0.17e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
338525a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
338625a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
338725a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
338825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
338925a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
339025a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
339125a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
339225a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
339325a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
339425a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
339525a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
339625a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
339725a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
339825a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
339925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
340025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
340125a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
340225a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
340325a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
340425a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
340525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
340625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
340725a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
340825a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
340925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
341025a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
341125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
341225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
341325a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
341425a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
341525a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341625a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
341725a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
341825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
341925a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
342025a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
342125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
342225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
342325a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
342425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
342525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
342625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
342725a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
342825a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
342925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
343025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
343125a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
343225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
343325a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
343425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
343525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
343625a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
343725a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
343825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
343925a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
344025a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
344125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
344225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
344325a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
344425a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
344525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
344625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
344725a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
344825a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
344925a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
345025a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
345125a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
345225a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
345325a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
345425a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
345525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
345625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
345725a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
345825a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
345925a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
346025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
346125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
346225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
346325a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
346425a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
346525a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
346625a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
346725a0.17e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
346825a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
346925a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
347025a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
347125a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
347225a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
347325a0.17e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
347425a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
347525a0.17e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
347625a0.17e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
347725a0.17e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
347825a0.17e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
347925a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6d840000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
348025a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
348125a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff4f860000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
348225a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
348325a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff316a0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
348425a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
348525a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6bb40000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
348625a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
348725a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff31f00000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
348825a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
348925a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31f00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
349025a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
349125a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
349225a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
349325a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff37a90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
349425a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
349525a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
349625a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
349725a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff316a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
349825a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
349925a0.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
350025a0.10f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
350125a0.10f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
350225a0.10f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
350325a0.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
350425a0.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
350525a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
350625a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
350725a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
350825a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
350925a0.10f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
351025a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
351125a0.10f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
351225a0.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
351325a0.10f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
351425a0.10f0: supR3HardenedDllNotificationCallback: load 00007fff66290000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
351525a0.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
351625a0.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66290000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
351725a0.41ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
351825a0.41ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
351925a0.41ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
352025a0.41ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
352125a0.41ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
352225a0.41ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
352325a0.41ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
352425a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
352525a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
352625a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
352725a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
352825a0.41ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
352925a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
353025a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
353125a0.41ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
353225a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
353325a0.41ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
353425a0.41ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
353525a0.41ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
353625a0.41ac: supR3HardenedDllNotificationCallback: load 00007fff66620000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
353725a0.41ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
353825a0.41ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66620000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
353925a0.33ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
354025a0.33ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
354125a0.33ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
354225a0.33ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
354325a0.33ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
354425a0.33ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
354525a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
354625a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
354725a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
354825a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
354925a0.33ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
355025a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
355125a0.33ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
355225a0.33ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
355325a0.33ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
355425a0.33ec: supR3HardenedDllNotificationCallback: load 00007fff65f10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
355525a0.33ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
355625a0.33ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff65f10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
355725a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
355825a0.17e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
355925a0.17e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6bb40000 'C:\WINDOWS\system32\Iphlpapi.dll'
356025a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
356125a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
356225a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
356325a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
356425a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6f440000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
356525a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
356625a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
356725a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff68900000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
356825a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
356925a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
357025a0.17e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
357125a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
357225a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff684a0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
357325a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
357425a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
357525a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
357625a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
357725a0.17e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
357825a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
357925a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff68290000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
358025a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
358125a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
358225a0.17e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
358325a0.17e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
358425a0.17e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
358525a0.17e8: supR3HardenedDllNotificationCallback: load 00007fff6bb80000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
358625a0.17e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
358725a0.4084: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
358825a0.4084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
358925a0.4084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
359025a0.4084: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000d08 (hFile=0000000000000cf0) with 0xc0000022 -> STATUS_TRUST_FAILURE
359125a0.4084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
359225a0.4084: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000cf0 (hFile=0000000000000d08) with 0xc0000022 -> STATUS_TRUST_FAILURE
359325a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007a4 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
359425a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
359525a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
359625a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=88837B0A9EBB242B4E4FB904A333C960EF93AE6F
359725a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
359825a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
359925a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
360025a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
360125a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
360225a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
360325a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
360425a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
360525a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
360625a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
360725a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
360825a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
360925a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
361025a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
361125a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
361225a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
361325a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
361425a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
361525a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
361625a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
361725a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
361825a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
361925a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
362025a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
362125a0.4084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
362225a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
362325a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
362425a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
362525a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
362625a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be8 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
362725a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
362825a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
362925a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4046160B2B0DC0559D0AE96A25C912515D96829D
363025a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
363125a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
363225a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
363325a0.4084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
363425a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
363525a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be0 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
363625a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
363725a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
363825a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A4B35134FE83EA6C710EA68891208811F657FE
363925a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
364025a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
364125a0.4084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
364225a0.4084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
364325a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
364425a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
364525a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
364625a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
364725a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
364825a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
364925a0.4084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
365025a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
365125a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
365225a0.4084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
365325a0.4084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
365425a0.4084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
365525a0.4084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
365625a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
365725a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
365825a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
365925a0.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
366025a0.4084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
366125a0.4084: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
366225a0.4084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
366325a0.4084: supR3HardenedDllNotificationCallback: load 00007fff6be30000 LB 0x00067000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
366425a0.4084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
366525a0.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6be30000 'C:\WINDOWS\system32\mswsock.dll'
366625a0.2b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6e6b0000 'C:\WINDOWS\system32\User32.dll'
366725a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
366825a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001645680
366925a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001645680
367025a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
367125a0.22b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
367225a0.22b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
367325a0.22b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367425a0.22b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
367525a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
367625a0.22b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
367725a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
367825a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
367925a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
368025a0.22b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
368125a0.22b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
368225a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
368325a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
368425a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
368525a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
368625a0.22b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
368725a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
368825a0.22b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
368925a0.22b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
369025a0.22b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
369125a0.22b8: supR3HardenedDllNotificationCallback: load 00007fff6a990000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
369225a0.22b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
369325a0.22b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a990000 'C:\WINDOWS\system32\uxtheme.dll'
369425a0.22b8: supR3HardenedDllNotificationCallback: load 00007fff6de60000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
369525a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
369625a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
369725a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
369825a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
369925a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
370025a0.22b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
370125a0.22b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
370225a0.22b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
370325a0.33ec: supR3HardenedDllNotificationCallback: Unload 00007fff65f10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
370425a0.41ac: supR3HardenedDllNotificationCallback: Unload 00007fff66620000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
370525a0.10f0: supR3HardenedDllNotificationCallback: Unload 00007fff66290000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
370625a0.3bec: supR3HardenedDllNotificationCallback: Unload 00007fff66630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
370725a0.2b4c: supR3HardenedDllNotificationCallback: Unload 00007fff66700000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
370825a0.17e8: supR3HardenedDllNotificationCallback: Unload 00007fff31f00000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
370925a0.17e8: supR3HardenedDllNotificationCallback: Unload 00007fff4f860000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
371025a0.17e8: supR3HardenedDllNotificationCallback: Unload 00007fff316a0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
371125a0.17e8: supR3HardenedDllNotificationCallback: Unload 00007fff6d840000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
371225a0.1d14: KiUserExceptionDispatcher: 0xc0000005 (0000000000000008, 0000000000da0310) @ 0000000000da0310 (flags=0x0)
3713 rax=0000000000da0310 rbx=0000000000000001 rcx=0000000000da05a0 rdx=0000000000000000
3714 rsi=0000000000000000 rdi=0000000000000730 r8 =0000000000000000 r9 =0000000000d9d7a0
3715 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
3716 r14=0000000000000730 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
3717 rip=0000000000da0310 rsp=0000000000d9d798 rbp=0000000000d9dde0 ctxflags=0010005f
3718 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010202 mxcrx=00001fa0
3719 P3=0000000000000134 P4=46000000000000c0 P5=0000000001c6f370 P6=0000000000000060
3720 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
3721 dr6=0000000000000000 dr7=0000000000000000 vcr=0000006000000001 dcr=000000006f468000
3722 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
372325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
372425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
372525a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
372625a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
372725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
372825a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
372925a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
373025a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
373125a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
373225a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
373325a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
373425a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
373525a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
373625a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
373725a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
373825a0.1d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
373925a0.1d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
374025a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
374125a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
374225a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
374325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cc50000 'C:\WINDOWS\System32\WINTRUST.DLL'
374425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\CRYPT32.dll'
374525a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
374625a0.1d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
374725a0.1d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
374825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
374925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
375025a0.1d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
375125a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
375225a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6dda0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
375325a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6b9a0000 'C:\WINDOWS\system32\rsaenh.dll'
375425a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6cd00000 'C:\WINDOWS\System32\crypt32.dll'
375525a0.1d14: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
375625a0.1d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
375725a0.1d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
375825a0.1d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
375925a0.1d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f7a0000 'C:\WINDOWS\System32\ntdll.dll'
37602078.3270: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 126083 ms, the end);
37613604.3b90: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 127296 ms, the end);
3762a80.23a8: Terminating the normal way: rcExit=0

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy