VirtualBox

Ticket #20313: VBoxHardening.2.log

File VBoxHardening.2.log, 292.6 KB (added by moydelgado, 3 years ago)

I'm getting same exception

Line 
12e9c.1d4: Log file opened: 6.1.20r143896 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa04a6200
22e9c.1d4: \SystemRoot\System32\ntdll.dll:
32e9c.1d4: CreationTime: 2021-04-16T00:42:03.012798800Z
42e9c.1d4: LastWriteTime: 2021-04-16T00:42:03.124698200Z
52e9c.1d4: ChangeTime: 2021-04-25T18:24:06.026552000Z
62e9c.1d4: FileAttributes: 0x20
72e9c.1d4: Size: 0x1ee518
82e9c.1d4: NT Headers: 0xe8
92e9c.1d4: Timestamp: 0x9bed63d6
102e9c.1d4: Machine: 0x8664 - amd64
112e9c.1d4: Timestamp: 0x9bed63d6
122e9c.1d4: Image Version: 10.0
132e9c.1d4: SizeOfImage: 0x1f5000 (2052096)
142e9c.1d4: Resource Dir: 0x184000 LB 0x6fd28
152e9c.1d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162e9c.1d4: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172e9c.1d4: ProductName: Microsoft® Windows® Operating System
182e9c.1d4: ProductVersion: 10.0.19041.928
192e9c.1d4: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
202e9c.1d4: FileDescription: NT Layer DLL
212e9c.1d4: \SystemRoot\System32\kernel32.dll:
222e9c.1d4: CreationTime: 2021-04-16T00:41:30.619375600Z
232e9c.1d4: LastWriteTime: 2021-04-16T00:41:30.666292900Z
242e9c.1d4: ChangeTime: 2021-04-25T18:23:55.303945800Z
252e9c.1d4: FileAttributes: 0x20
262e9c.1d4: Size: 0xbac30
272e9c.1d4: NT Headers: 0xe8
282e9c.1d4: Timestamp: 0x61e69688
292e9c.1d4: Machine: 0x8664 - amd64
302e9c.1d4: Timestamp: 0x61e69688
312e9c.1d4: Image Version: 10.0
322e9c.1d4: SizeOfImage: 0xbd000 (774144)
332e9c.1d4: Resource Dir: 0xbb000 LB 0x520
342e9c.1d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352e9c.1d4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362e9c.1d4: ProductName: Microsoft® Windows® Operating System
372e9c.1d4: ProductVersion: 10.0.19041.928
382e9c.1d4: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
392e9c.1d4: FileDescription: Windows NT BASE API Client DLL
402e9c.1d4: \SystemRoot\System32\KernelBase.dll:
412e9c.1d4: CreationTime: 2021-04-16T00:42:04.993242300Z
422e9c.1d4: LastWriteTime: 2021-04-16T00:42:05.153374700Z
432e9c.1d4: ChangeTime: 2021-04-25T18:24:04.291376800Z
442e9c.1d4: FileAttributes: 0x20
452e9c.1d4: Size: 0x2c8b78
462e9c.1d4: NT Headers: 0xf0
472e9c.1d4: Timestamp: 0x2f2f77bf
482e9c.1d4: Machine: 0x8664 - amd64
492e9c.1d4: Timestamp: 0x2f2f77bf
502e9c.1d4: Image Version: 10.0
512e9c.1d4: SizeOfImage: 0x2c8000 (2916352)
522e9c.1d4: Resource Dir: 0x29f000 LB 0x548
532e9c.1d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542e9c.1d4: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552e9c.1d4: ProductName: Microsoft® Windows® Operating System
562e9c.1d4: ProductVersion: 10.0.19041.906
572e9c.1d4: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
582e9c.1d4: FileDescription: Windows NT BASE API Client DLL
592e9c.1d4: \SystemRoot\System32\apisetschema.dll:
602e9c.1d4: CreationTime: 2019-12-07T09:08:13.518339400Z
612e9c.1d4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
622e9c.1d4: ChangeTime: 2021-04-16T00:46:30.823078900Z
632e9c.1d4: FileAttributes: 0x20
642e9c.1d4: Size: 0x1f538
652e9c.1d4: NT Headers: 0xd0
662e9c.1d4: Timestamp: 0x31288ce0
672e9c.1d4: Machine: 0x8664 - amd64
682e9c.1d4: Timestamp: 0x31288ce0
692e9c.1d4: Image Version: 10.0
702e9c.1d4: SizeOfImage: 0x20000 (131072)
712e9c.1d4: Resource Dir: 0x1f000 LB 0x408
722e9c.1d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732e9c.1d4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742e9c.1d4: ProductName: Microsoft® Windows® Operating System
752e9c.1d4: ProductVersion: 10.0.19041.1
762e9c.1d4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
772e9c.1d4: FileDescription: ApiSet Schema DLL
782e9c.1d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792e9c.1d4: supR3HardenedWinFindAdversaries: 0x20
802e9c.1d4: \SystemRoot\System32\drivers\cfwids.sys:
812e9c.1d4: CreationTime: 2020-04-09T20:15:22.000000000Z
822e9c.1d4: LastWriteTime: 2020-12-11T21:36:48.000000000Z
832e9c.1d4: ChangeTime: 2021-04-12T11:49:15.251301400Z
842e9c.1d4: FileAttributes: 0x20
852e9c.1d4: Size: 0x127c0
862e9c.1d4: NT Headers: 0xf0
872e9c.1d4: Timestamp: 0x5fcfecdd
882e9c.1d4: Machine: 0x8664 - amd64
892e9c.1d4: Timestamp: 0x5fcfecdd
902e9c.1d4: Image Version: 0.0
912e9c.1d4: SizeOfImage: 0x14000 (81920)
922e9c.1d4: Resource Dir: 0x12000 LB 0x550
932e9c.1d4: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
942e9c.1d4: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
952e9c.1d4: ProductName: SYSCORE
962e9c.1d4: ProductVersion: 20.12.0.173
972e9c.1d4: FileVersion: SYSCORE.20.12.0.173
982e9c.1d4: PrivateBuild: SYSCORE.20.12.0.173
992e9c.1d4: FileDescription: McAfee Personal Firewall IDS Plugin
1002e9c.1d4: \SystemRoot\System32\drivers\McPvDrv.sys:
1012e9c.1d4: CreationTime: 2020-12-15T14:06:01.088248900Z
1022e9c.1d4: LastWriteTime: 2021-01-18T07:58:42.000000000Z
1032e9c.1d4: ChangeTime: 2021-04-12T11:52:24.563885100Z
1042e9c.1d4: FileAttributes: 0x20
1052e9c.1d4: Size: 0x15c18
1062e9c.1d4: NT Headers: 0xf8
1072e9c.1d4: Timestamp: 0x5ff2a4d8
1082e9c.1d4: Machine: 0x8664 - amd64
1092e9c.1d4: Timestamp: 0x5ff2a4d8
1102e9c.1d4: Image Version: 6.3
1112e9c.1d4: SizeOfImage: 0x18000 (98304)
1122e9c.1d4: Resource Dir: 0x16000 LB 0x350
1132e9c.1d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1142e9c.1d4: [Raw version resource data: 0x16060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
1152e9c.1d4: ProductName: McAfee File Lock
1162e9c.1d4: ProductVersion: 9,3,0,0
1172e9c.1d4: FileVersion: 9,3,101,0
1182e9c.1d4: FileDescription: McAfee File Lock Driver
1192e9c.1d4: \SystemRoot\System32\drivers\mfeavfk.sys:
1202e9c.1d4: CreationTime: 2020-04-09T20:15:22.000000000Z
1212e9c.1d4: LastWriteTime: 2020-12-11T22:36:46.000000000Z
1222e9c.1d4: ChangeTime: 2021-04-12T11:49:14.826134900Z
1232e9c.1d4: FileAttributes: 0x20
1242e9c.1d4: Size: 0x5e3c0
1252e9c.1d4: NT Headers: 0xf0
1262e9c.1d4: Timestamp: 0x5fcfec2a
1272e9c.1d4: Machine: 0x8664 - amd64
1282e9c.1d4: Timestamp: 0x5fcfec2a
1292e9c.1d4: Image Version: 0.0
1302e9c.1d4: SizeOfImage: 0x5f000 (389120)
1312e9c.1d4: Resource Dir: 0x5d000 LB 0x758
1322e9c.1d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1332e9c.1d4: [Raw version resource data: 0x5d110 LB 0x334, codepage 0x0 (reserved 0x0)]
1342e9c.1d4: ProductName: SYSCORE
1352e9c.1d4: ProductVersion: 20.12.0.173
1362e9c.1d4: FileVersion: SYSCORE.20.12.0.173
1372e9c.1d4: PrivateBuild: SYSCORE.20.12.0.173 F15,F16,F19
1382e9c.1d4: FileDescription: Anti-Virus File System Filter Driver
1392e9c.1d4: \SystemRoot\System32\drivers\mfefirek.sys:
1402e9c.1d4: CreationTime: 2020-04-09T20:15:22.000000000Z
1412e9c.1d4: LastWriteTime: 2020-12-11T21:36:48.000000000Z
1422e9c.1d4: ChangeTime: 2021-04-12T11:49:14.757897300Z
1432e9c.1d4: FileAttributes: 0x20
1442e9c.1d4: Size: 0x7f7c0
1452e9c.1d4: NT Headers: 0xe0
1462e9c.1d4: Timestamp: 0x5fcfeca3
1472e9c.1d4: Machine: 0x8664 - amd64
1482e9c.1d4: Timestamp: 0x5fcfeca3
1492e9c.1d4: Image Version: 0.0
1502e9c.1d4: SizeOfImage: 0x81000 (528384)
1512e9c.1d4: Resource Dir: 0x7d000 LB 0x388
1522e9c.1d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1532e9c.1d4: [Raw version resource data: 0x7d060 LB 0x328, codepage 0x0 (reserved 0x0)]
1542e9c.1d4: ProductName: SYSCORE
1552e9c.1d4: ProductVersion: 20.12.0.173
1562e9c.1d4: FileVersion: SYSCORE.20.12.0.173
1572e9c.1d4: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
1582e9c.1d4: FileDescription: McAfee Core Firewall Engine Driver
1592e9c.1d4: \SystemRoot\System32\drivers\mfehidk.sys:
1602e9c.1d4: CreationTime: 2020-04-09T20:15:22.000000000Z
1612e9c.1d4: LastWriteTime: 2020-12-11T21:36:46.000000000Z
1622e9c.1d4: ChangeTime: 2021-04-12T11:49:13.549595100Z
1632e9c.1d4: FileAttributes: 0x20
1642e9c.1d4: Size: 0xfadc0
1652e9c.1d4: NT Headers: 0xf8
1662e9c.1d4: Timestamp: 0x5fcfebd9
1672e9c.1d4: Machine: 0x8664 - amd64
1682e9c.1d4: Timestamp: 0x5fcfebd9
1692e9c.1d4: Image Version: 0.0
1702e9c.1d4: SizeOfImage: 0x105000 (1069056)
1712e9c.1d4: Resource Dir: 0x101000 LB 0x758
1722e9c.1d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1732e9c.1d4: [Raw version resource data: 0x101110 LB 0x320, codepage 0x0 (reserved 0x0)]
1742e9c.1d4: ProductName: SYSCORE
1752e9c.1d4: ProductVersion: 20.12.0.173
1762e9c.1d4: FileVersion: SYSCORE.20.12.0.173
1772e9c.1d4: PrivateBuild: SYSCORE.20.12.0.173 F14,F15,F16,F18,F20
1782e9c.1d4: FileDescription: McAfee Link Driver
1792e9c.1d4: \SystemRoot\System32\drivers\mfencbdc.sys:
1802e9c.1d4: CreationTime: 2020-05-01T13:55:06.000000000Z
1812e9c.1d4: LastWriteTime: 2020-12-17T12:02:22.000000000Z
1822e9c.1d4: ChangeTime: 2021-04-24T13:11:45.101532700Z
1832e9c.1d4: FileAttributes: 0x20
1842e9c.1d4: Size: 0x947c0
1852e9c.1d4: NT Headers: 0xe0
1862e9c.1d4: Timestamp: 0x5fd9dbef
1872e9c.1d4: Machine: 0x8664 - amd64
1882e9c.1d4: Timestamp: 0x5fd9dbef
1892e9c.1d4: Image Version: 0.0
1902e9c.1d4: SizeOfImage: 0x98000 (622592)
1912e9c.1d4: Resource Dir: 0x96000 LB 0x458
1922e9c.1d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1932e9c.1d4: [Raw version resource data: 0x96060 LB 0x3f4, codepage 0x0 (reserved 0x0)]
1942e9c.1d4: ProductName: Anti-Malware Core
1952e9c.1d4: ProductVersion: 20.12.0
1962e9c.1d4: FileVersion: Anti-Malware Core.20.12.0.473.x64
1972e9c.1d4: PrivateBuild: Anti-Malware Core.20.12.0.473.x64
1982e9c.1d4: FileDescription: Event Driver
1992e9c.1d4: \SystemRoot\System32\drivers\mfewfpk.sys:
2002e9c.1d4: CreationTime: 2020-04-09T20:15:22.000000000Z
2012e9c.1d4: LastWriteTime: 2020-12-11T21:36:48.000000000Z
2022e9c.1d4: ChangeTime: 2021-04-12T11:48:45.329306500Z
2032e9c.1d4: FileAttributes: 0x20
2042e9c.1d4: Size: 0x3d9c0
2052e9c.1d4: NT Headers: 0xf0
2062e9c.1d4: Timestamp: 0x5fcfebec
2072e9c.1d4: Machine: 0x8664 - amd64
2082e9c.1d4: Timestamp: 0x5fcfebec
2092e9c.1d4: Image Version: 0.0
2102e9c.1d4: SizeOfImage: 0x59000 (364544)
2112e9c.1d4: Resource Dir: 0x57000 LB 0x380
2122e9c.1d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2132e9c.1d4: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
2142e9c.1d4: ProductName: SYSCORE
2152e9c.1d4: ProductVersion: 20.12.0.173
2162e9c.1d4: FileVersion: SYSCORE.20.12.0.173
2172e9c.1d4: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
2182e9c.1d4: FileDescription: Anti-Virus Mini-Firewall Driver
2192e9c.1d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2202e9c.1d4: Calling main()
2212e9c.1d4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2222e9c.1d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2232e9c.1d4: SUPR3HardenedMain: Respawn #1
2242e9c.1d4: System32: \Device\HarddiskVolume3\Windows\System32
2252e9c.1d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2262e9c.1d4: KnownDllPath: C:\WINDOWS\System32
2272e9c.1d4: supR3HardenedWinInit: Performing a limited self purification...
2282e9c.1d4: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
2292e9c.1d4: *0000000000000000-0000000000eeffff 0x0001/0x0000 0x0000000
2302e9c.1d4: *0000000000ef0000-0000000000efffff 0x0004/0x0004 0x0040000
2312e9c.1d4: 0000000000f00000-0000000000f0ffff 0x0001/0x0000 0x0000000
2322e9c.1d4: *0000000000f10000-0000000000f2cfff 0x0002/0x0002 0x0040000
2332e9c.1d4: 0000000000f2d000-0000000000f2ffff 0x0001/0x0000 0x0000000
2342e9c.1d4: *0000000000f30000-0000000000f33fff 0x0002/0x0002 0x0040000
2352e9c.1d4: 0000000000f34000-0000000000f3ffff 0x0001/0x0000 0x0000000
2362e9c.1d4: *0000000000f40000-0000000000f41fff 0x0004/0x0004 0x0020000
2372e9c.1d4: 0000000000f42000-0000000000f4ffff 0x0001/0x0000 0x0000000
2382e9c.1d4: *0000000000f50000-0000000000f51fff 0x0004/0x0004 0x0020000
2392e9c.1d4: 0000000000f52000-0000000000f69fff 0x0000/0x0004 0x0020000
2402e9c.1d4: 0000000000f6a000-0000000000ffffff 0x0001/0x0000 0x0000000
2412e9c.1d4: *0000000001000000-00000000011affff 0x0000/0x0004 0x0020000
2422e9c.1d4: 00000000011b0000-00000000011b2fff 0x0004/0x0004 0x0020000
2432e9c.1d4: 00000000011b3000-00000000011fffff 0x0000/0x0004 0x0020000
2442e9c.1d4: *0000000001200000-00000000012b0fff 0x0000/0x0004 0x0020000
2452e9c.1d4: 00000000012b1000-00000000012b3fff 0x0104/0x0004 0x0020000
2462e9c.1d4: 00000000012b4000-00000000012fffff 0x0004/0x0004 0x0020000
2472e9c.1d4: *0000000001300000-00000000013c8fff 0x0002/0x0002 0x0040000
2482e9c.1d4: 00000000013c9000-000000000144ffff 0x0001/0x0000 0x0000000
2492e9c.1d4: *0000000001450000-0000000001456fff 0x0004/0x0004 0x0020000
2502e9c.1d4: 0000000001457000-000000000154ffff 0x0000/0x0004 0x0020000
2512e9c.1d4: *0000000001550000-0000000001574fff 0x0004/0x0004 0x0020000
2522e9c.1d4: 0000000001575000-000000000164ffff 0x0000/0x0004 0x0020000
2532e9c.1d4: 0000000001650000-000000000168ffff 0x0001/0x0000 0x0000000
2542e9c.1d4: *0000000001690000-000000000169efff 0x0004/0x0004 0x0020000
2552e9c.1d4: 000000000169f000-000000000169ffff 0x0000/0x0004 0x0020000
2562e9c.1d4: *00000000016a0000-0000000001895fff 0x0004/0x0004 0x0020000
2572e9c.1d4: 0000000001896000-0000000001896fff 0x0000/0x0004 0x0020000
2582e9c.1d4: 0000000001897000-000000007ffdffff 0x0001/0x0000 0x0000000
2592e9c.1d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2602e9c.1d4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
2612e9c.1d4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
2622e9c.1d4: 000000007ffe6000-00007ff407eeffff 0x0001/0x0000 0x0000000
2632e9c.1d4: *00007ff407ef0000-00007ff407ef4fff 0x0002/0x0002 0x0040000
2642e9c.1d4: 00007ff407ef5000-00007ff407feffff 0x0000/0x0002 0x0040000
2652e9c.1d4: *00007ff407ff0000-00007ff50800ffff 0x0000/0x0004 0x0020000
2662e9c.1d4: *00007ff508010000-00007ff50a00ffff 0x0000/0x0004 0x0020000
2672e9c.1d4: 00007ff50a010000-00007ff50a010fff 0x0004/0x0004 0x0020000
2682e9c.1d4: 00007ff50a011000-00007ff50a01ffff 0x0001/0x0000 0x0000000
2692e9c.1d4: *00007ff50a020000-00007ff50a020fff 0x0002/0x0002 0x0040000
2702e9c.1d4: 00007ff50a021000-00007ff50a02ffff 0x0001/0x0000 0x0000000
2712e9c.1d4: *00007ff50a030000-00007ff50a052fff 0x0002/0x0002 0x0040000
2722e9c.1d4: 00007ff50a053000-00007ff73fbdffff 0x0001/0x0000 0x0000000
2732e9c.1d4: *00007ff73fbe0000-00007ff73fbe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2742e9c.1d4: 00007ff73fbe1000-00007ff73fc57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2752e9c.1d4: 00007ff73fc58000-00007ff73fc58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2762e9c.1d4: 00007ff73fc59000-00007ff73fca1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2772e9c.1d4: 00007ff73fca2000-00007ff73fca4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2782e9c.1d4: 00007ff73fca5000-00007ff73fca7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2792e9c.1d4: 00007ff73fca8000-00007ff73fcaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2802e9c.1d4: 00007ff73fcab000-00007ff73fcabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2812e9c.1d4: 00007ff73fcac000-00007ff73fcadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2822e9c.1d4: 00007ff73fcae000-00007ff73fcaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2832e9c.1d4: 00007ff73fcaf000-00007ff73fcf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2842e9c.1d4: 00007ff73fcf8000-00007ffadfb9ffff 0x0001/0x0000 0x0000000
2852e9c.1d4: *00007ffadfba0000-00007ffadfba0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2862e9c.1d4: 00007ffadfba1000-00007ffadfcb1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2872e9c.1d4: 00007ffadfcb2000-00007ffadfe29fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2882e9c.1d4: 00007ffadfe2a000-00007ffadfe2dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2892e9c.1d4: 00007ffadfe2e000-00007ffadfe2efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2902e9c.1d4: 00007ffadfe2f000-00007ffadfe67fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2912e9c.1d4: 00007ffadfe68000-00007ffae17affff 0x0001/0x0000 0x0000000
2922e9c.1d4: *00007ffae17b0000-00007ffae17b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2932e9c.1d4: 00007ffae17b1000-00007ffae182efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2942e9c.1d4: 00007ffae182f000-00007ffae1861fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2952e9c.1d4: 00007ffae1862000-00007ffae1862fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2962e9c.1d4: 00007ffae1863000-00007ffae1863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2972e9c.1d4: 00007ffae1864000-00007ffae186cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2982e9c.1d4: 00007ffae186d000-00007ffae232ffff 0x0001/0x0000 0x0000000
2992e9c.1d4: *00007ffae2330000-00007ffae2330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3002e9c.1d4: 00007ffae2331000-00007ffae244bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3012e9c.1d4: 00007ffae244c000-00007ffae2493fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3022e9c.1d4: 00007ffae2494000-00007ffae2494fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3032e9c.1d4: 00007ffae2495000-00007ffae2496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3042e9c.1d4: 00007ffae2497000-00007ffae249ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3052e9c.1d4: 00007ffae24a0000-00007ffae2524fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3062e9c.1d4: 00007ffae2525000-00007ffffffeffff 0x0001/0x0000 0x0000000
3072e9c.1d4: kernel32.dll: timestamp 0x61e69688 (rc=VINF_SUCCESS)
3082e9c.1d4: kernelbase.dll: timestamp 0x2f2f77bf (rc=VINF_SUCCESS)
3092e9c.1d4: VBoxHeadless.exe: timestamp 0x607e57d1 (rc=VINF_SUCCESS)
3102e9c.1d4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
3112e9c.1d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3122e9c.1d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3132e9c.1d4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
3142e9c.1d4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
3152e9c.1d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3162e9c.1d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
3172e9c.1d4: supR3HardNtEnableThreadCreationEx:
3182e9c.1d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae23a4b10 pvNtTerminateThread=00007ffae23cd770
3192e9c.1d4: supR3HardenedWinDoReSpawn(1): New child 1d28.8b0 [kernel32].
3202e9c.1d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000640000 cbPeb=0x388
3212e9c.1d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae2330000 uNtDllChildAddr=00007ffae2330000
3222e9c.1d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae23a4b10
3232e9c.1d4: supR3HardenedWinSetupChildInit: Initial context:
324 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff73fbe7740 rdx=0000000000640000
325 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
326 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
327 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
328 rip=00007ffae2382630 rsp=00000000008ffd58 rbp=0000000000000000 ctxflags=0010001b
329 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
330 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
331 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
332 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
333 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3342e9c.1d4: supR3HardenedWinSetupChildInit: Start child.
3352e9c.1d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3362e9c.1d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
3372e9c.1d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3382e9c.1d4: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000
3392e9c.1d4: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000
3402e9c.1d4: *0000000000500000-000000000051cfff 0x0002/0x0002 0x0040000
3412e9c.1d4: 000000000051d000-000000000051ffff 0x0001/0x0000 0x0000000
3422e9c.1d4: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
3432e9c.1d4: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
3442e9c.1d4: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000
3452e9c.1d4: 0000000000532000-00000000005fffff 0x0001/0x0000 0x0000000
3462e9c.1d4: *0000000000600000-000000000063ffff 0x0000/0x0004 0x0020000
3472e9c.1d4: 0000000000640000-0000000000642fff 0x0004/0x0004 0x0020000
3482e9c.1d4: 0000000000643000-00000000007fffff 0x0000/0x0004 0x0020000
3492e9c.1d4: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
3502e9c.1d4: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
3512e9c.1d4: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
3522e9c.1d4: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
3532e9c.1d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3542e9c.1d4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
3552e9c.1d4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
3562e9c.1d4: 000000007ffe6000-00007ff5884dffff 0x0001/0x0000 0x0000000
3572e9c.1d4: *00007ff5884e0000-00007ff5884e0fff 0x0002/0x0002 0x0040000
3582e9c.1d4: 00007ff5884e1000-00007ff5884effff 0x0001/0x0000 0x0000000
3592e9c.1d4: *00007ff5884f0000-00007ff588512fff 0x0002/0x0002 0x0040000
3602e9c.1d4: 00007ff588513000-00007ff73fbdffff 0x0001/0x0000 0x0000000
3612e9c.1d4: *00007ff73fbe0000-00007ff73fbe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3622e9c.1d4: 00007ff73fbe1000-00007ff73fc57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3632e9c.1d4: 00007ff73fc58000-00007ff73fc58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3642e9c.1d4: 00007ff73fc59000-00007ff73fca1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3652e9c.1d4: 00007ff73fca2000-00007ff73fca2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3662e9c.1d4: 00007ff73fca3000-00007ff73fca3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3672e9c.1d4: 00007ff73fca4000-00007ff73fca8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3682e9c.1d4: 00007ff73fca9000-00007ff73fca9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3692e9c.1d4: 00007ff73fcaa000-00007ff73fcaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3702e9c.1d4: 00007ff73fcab000-00007ff73fcaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3712e9c.1d4: 00007ff73fcaf000-00007ff73fcf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3722e9c.1d4: 00007ff73fcf8000-00007ffae232ffff 0x0001/0x0000 0x0000000
3732e9c.1d4: *00007ffae2330000-00007ffae2330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3742e9c.1d4: 00007ffae2331000-00007ffae244bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3752e9c.1d4: 00007ffae244c000-00007ffae2493fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3762e9c.1d4: 00007ffae2494000-00007ffae249ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3772e9c.1d4: 00007ffae24a0000-00007ffae24aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3782e9c.1d4: 00007ffae24af000-00007ffae24affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3792e9c.1d4: 00007ffae24b0000-00007ffae24b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3802e9c.1d4: 00007ffae24b3000-00007ffae2524fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3812e9c.1d4: 00007ffae2525000-00007ffffffeffff 0x0001/0x0000 0x0000000
3822e9c.1d4: supR3HardNtChildPurify: Done after 516 ms and 0 fixes (loop #0).
3831d28.8b0: Log file opened: 6.1.20r143896 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
3841d28.8b0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae2330000 g_uNtVerCombined=0xa04a6200 (stack ~00000000008ff7e8)
3851d28.8b0: ntdll.dll: timestamp 0x9bed63d6 (rc=VINF_SUCCESS)
3861d28.8b0: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2052096 allocation)
3872e9c.1d4: supR3HardNtEnableThreadCreationEx:
3881d28.8b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3891d28.8b0: System32: \Device\HarddiskVolume3\Windows\System32
3901d28.8b0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3911d28.8b0: KnownDllPath: C:\WINDOWS\System32
3921d28.8b0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3931d28.8b0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3941d28.8b0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3951d28.8b0: Registered Dll notification callback with NTDLL.
3961d28.8b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3971d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3981d28.8b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3991d28.8b0: supR3HardenedDllNotificationCallback: load 00007ffadfba0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
4001d28.8b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4011d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4021d28.8b0: supR3HardenedDllNotificationCallback: load 00007ffae17b0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
4031d28.8b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4041d28.8b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
4051d28.8b0: supR3HardenedDllNotificationCallback: load 00007ff73fbe0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
4061d28.8b0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
4071d28.8b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4081d28.8b0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
4091d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
4101d28.8b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae23a4b10 pvNtTerminateThread=00007ffae23cd770
4111d28.8b0: \SystemRoot\System32\ntdll.dll:
4121d28.8b0: CreationTime: 2021-04-16T00:42:03.012798800Z
4131d28.8b0: LastWriteTime: 2021-04-16T00:42:03.124698200Z
4141d28.8b0: ChangeTime: 2021-04-25T18:24:06.026552000Z
4151d28.8b0: FileAttributes: 0x20
4161d28.8b0: Size: 0x1ee518
4172e9c.1d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 109 ms.
4181d28.8b0: NT Headers: 0xe8
4191d28.8b0: Timestamp: 0x9bed63d6
4201d28.8b0: Machine: 0x8664 - amd64
4211d28.8b0: Timestamp: 0x9bed63d6
4221d28.8b0: Image Version: 10.0
4231d28.8b0: SizeOfImage: 0x1f5000 (2052096)
4241d28.8b0: Resource Dir: 0x184000 LB 0x6fd28
4251d28.8b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4261d28.8b0: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4271d28.8b0: ProductName: Microsoft® Windows® Operating System
4281d28.8b0: ProductVersion: 10.0.19041.928
4291d28.8b0: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
4301d28.8b0: FileDescription: NT Layer DLL
4311d28.8b0: \SystemRoot\System32\kernel32.dll:
4321d28.8b0: CreationTime: 2021-04-16T00:41:30.619375600Z
4331d28.8b0: LastWriteTime: 2021-04-16T00:41:30.666292900Z
4341d28.8b0: ChangeTime: 2021-04-25T18:23:55.303945800Z
4351d28.8b0: FileAttributes: 0x20
4361d28.8b0: Size: 0xbac30
4371d28.8b0: NT Headers: 0xe8
4381d28.8b0: Timestamp: 0x61e69688
4391d28.8b0: Machine: 0x8664 - amd64
4401d28.8b0: Timestamp: 0x61e69688
4411d28.8b0: Image Version: 10.0
4421d28.8b0: SizeOfImage: 0xbd000 (774144)
4431d28.8b0: Resource Dir: 0xbb000 LB 0x520
4441d28.8b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4451d28.8b0: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4461d28.8b0: ProductName: Microsoft® Windows® Operating System
4471d28.8b0: ProductVersion: 10.0.19041.928
4481d28.8b0: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
4491d28.8b0: FileDescription: Windows NT BASE API Client DLL
4501d28.8b0: \SystemRoot\System32\KernelBase.dll:
4511d28.8b0: CreationTime: 2021-04-16T00:42:04.993242300Z
4521d28.8b0: LastWriteTime: 2021-04-16T00:42:05.153374700Z
4531d28.8b0: ChangeTime: 2021-04-25T18:24:04.291376800Z
4541d28.8b0: FileAttributes: 0x20
4551d28.8b0: Size: 0x2c8b78
4561d28.8b0: NT Headers: 0xf0
4571d28.8b0: Timestamp: 0x2f2f77bf
4581d28.8b0: Machine: 0x8664 - amd64
4591d28.8b0: Timestamp: 0x2f2f77bf
4601d28.8b0: Image Version: 10.0
4611d28.8b0: SizeOfImage: 0x2c8000 (2916352)
4621d28.8b0: Resource Dir: 0x29f000 LB 0x548
4631d28.8b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4641d28.8b0: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4651d28.8b0: ProductName: Microsoft® Windows® Operating System
4661d28.8b0: ProductVersion: 10.0.19041.906
4671d28.8b0: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
4681d28.8b0: FileDescription: Windows NT BASE API Client DLL
4691d28.8b0: \SystemRoot\System32\apisetschema.dll:
4701d28.8b0: CreationTime: 2019-12-07T09:08:13.518339400Z
4711d28.8b0: LastWriteTime: 2019-12-07T09:08:13.518339400Z
4721d28.8b0: ChangeTime: 2021-04-16T00:46:30.823078900Z
4731d28.8b0: FileAttributes: 0x20
4741d28.8b0: Size: 0x1f538
4751d28.8b0: NT Headers: 0xd0
4761d28.8b0: Timestamp: 0x31288ce0
4771d28.8b0: Machine: 0x8664 - amd64
4781d28.8b0: Timestamp: 0x31288ce0
4791d28.8b0: Image Version: 10.0
4801d28.8b0: SizeOfImage: 0x20000 (131072)
4811d28.8b0: Resource Dir: 0x1f000 LB 0x408
4821d28.8b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4831d28.8b0: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4841d28.8b0: ProductName: Microsoft® Windows® Operating System
4851d28.8b0: ProductVersion: 10.0.19041.1
4861d28.8b0: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
4871d28.8b0: FileDescription: ApiSet Schema DLL
4881d28.8b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4891d28.8b0: supR3HardenedWinFindAdversaries: 0x20
4901d28.8b0: \SystemRoot\System32\drivers\cfwids.sys:
4911d28.8b0: CreationTime: 2020-04-09T20:15:22.000000000Z
4921d28.8b0: LastWriteTime: 2020-12-11T21:36:48.000000000Z
4931d28.8b0: ChangeTime: 2021-04-12T11:49:15.251301400Z
4941d28.8b0: FileAttributes: 0x20
4951d28.8b0: Size: 0x127c0
4961d28.8b0: NT Headers: 0xf0
4971d28.8b0: Timestamp: 0x5fcfecdd
4981d28.8b0: Machine: 0x8664 - amd64
4991d28.8b0: Timestamp: 0x5fcfecdd
5001d28.8b0: Image Version: 0.0
5011d28.8b0: SizeOfImage: 0x14000 (81920)
5021d28.8b0: Resource Dir: 0x12000 LB 0x550
5031d28.8b0: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
5041d28.8b0: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
5051d28.8b0: ProductName: SYSCORE
5061d28.8b0: ProductVersion: 20.12.0.173
5071d28.8b0: FileVersion: SYSCORE.20.12.0.173
5081d28.8b0: PrivateBuild: SYSCORE.20.12.0.173
5091d28.8b0: FileDescription: McAfee Personal Firewall IDS Plugin
5101d28.8b0: \SystemRoot\System32\drivers\McPvDrv.sys:
5111d28.8b0: CreationTime: 2020-12-15T14:06:01.088248900Z
5121d28.8b0: LastWriteTime: 2021-01-18T07:58:42.000000000Z
5131d28.8b0: ChangeTime: 2021-04-12T11:52:24.563885100Z
5141d28.8b0: FileAttributes: 0x20
5151d28.8b0: Size: 0x15c18
5161d28.8b0: NT Headers: 0xf8
5171d28.8b0: Timestamp: 0x5ff2a4d8
5181d28.8b0: Machine: 0x8664 - amd64
5191d28.8b0: Timestamp: 0x5ff2a4d8
5201d28.8b0: Image Version: 6.3
5211d28.8b0: SizeOfImage: 0x18000 (98304)
5221d28.8b0: Resource Dir: 0x16000 LB 0x350
5231d28.8b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5241d28.8b0: [Raw version resource data: 0x16060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
5251d28.8b0: ProductName: McAfee File Lock
5261d28.8b0: ProductVersion: 9,3,0,0
5271d28.8b0: FileVersion: 9,3,101,0
5281d28.8b0: FileDescription: McAfee File Lock Driver
5291d28.8b0: \SystemRoot\System32\drivers\mfeavfk.sys:
5301d28.8b0: CreationTime: 2020-04-09T20:15:22.000000000Z
5311d28.8b0: LastWriteTime: 2020-12-11T22:36:46.000000000Z
5321d28.8b0: ChangeTime: 2021-04-12T11:49:14.826134900Z
5331d28.8b0: FileAttributes: 0x20
5341d28.8b0: Size: 0x5e3c0
5351d28.8b0: NT Headers: 0xf0
5361d28.8b0: Timestamp: 0x5fcfec2a
5371d28.8b0: Machine: 0x8664 - amd64
5381d28.8b0: Timestamp: 0x5fcfec2a
5391d28.8b0: Image Version: 0.0
5401d28.8b0: SizeOfImage: 0x5f000 (389120)
5411d28.8b0: Resource Dir: 0x5d000 LB 0x758
5421d28.8b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5431d28.8b0: [Raw version resource data: 0x5d110 LB 0x334, codepage 0x0 (reserved 0x0)]
5441d28.8b0: ProductName: SYSCORE
5451d28.8b0: ProductVersion: 20.12.0.173
5461d28.8b0: FileVersion: SYSCORE.20.12.0.173
5471d28.8b0: PrivateBuild: SYSCORE.20.12.0.173 F15,F16,F19
5481d28.8b0: FileDescription: Anti-Virus File System Filter Driver
5491d28.8b0: \SystemRoot\System32\drivers\mfefirek.sys:
5501d28.8b0: CreationTime: 2020-04-09T20:15:22.000000000Z
5511d28.8b0: LastWriteTime: 2020-12-11T21:36:48.000000000Z
5521d28.8b0: ChangeTime: 2021-04-12T11:49:14.757897300Z
5531d28.8b0: FileAttributes: 0x20
5541d28.8b0: Size: 0x7f7c0
5551d28.8b0: NT Headers: 0xe0
5561d28.8b0: Timestamp: 0x5fcfeca3
5571d28.8b0: Machine: 0x8664 - amd64
5581d28.8b0: Timestamp: 0x5fcfeca3
5591d28.8b0: Image Version: 0.0
5601d28.8b0: SizeOfImage: 0x81000 (528384)
5611d28.8b0: Resource Dir: 0x7d000 LB 0x388
5621d28.8b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5631d28.8b0: [Raw version resource data: 0x7d060 LB 0x328, codepage 0x0 (reserved 0x0)]
5641d28.8b0: ProductName: SYSCORE
5651d28.8b0: ProductVersion: 20.12.0.173
5661d28.8b0: FileVersion: SYSCORE.20.12.0.173
5671d28.8b0: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
5681d28.8b0: FileDescription: McAfee Core Firewall Engine Driver
5691d28.8b0: \SystemRoot\System32\drivers\mfehidk.sys:
5701d28.8b0: CreationTime: 2020-04-09T20:15:22.000000000Z
5711d28.8b0: LastWriteTime: 2020-12-11T21:36:46.000000000Z
5721d28.8b0: ChangeTime: 2021-04-12T11:49:13.549595100Z
5731d28.8b0: FileAttributes: 0x20
5741d28.8b0: Size: 0xfadc0
5751d28.8b0: NT Headers: 0xf8
5761d28.8b0: Timestamp: 0x5fcfebd9
5771d28.8b0: Machine: 0x8664 - amd64
5781d28.8b0: Timestamp: 0x5fcfebd9
5791d28.8b0: Image Version: 0.0
5801d28.8b0: SizeOfImage: 0x105000 (1069056)
5811d28.8b0: Resource Dir: 0x101000 LB 0x758
5821d28.8b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5831d28.8b0: [Raw version resource data: 0x101110 LB 0x320, codepage 0x0 (reserved 0x0)]
5841d28.8b0: ProductName: SYSCORE
5851d28.8b0: ProductVersion: 20.12.0.173
5861d28.8b0: FileVersion: SYSCORE.20.12.0.173
5871d28.8b0: PrivateBuild: SYSCORE.20.12.0.173 F14,F15,F16,F18,F20
5881d28.8b0: FileDescription: McAfee Link Driver
5891d28.8b0: \SystemRoot\System32\drivers\mfencbdc.sys:
5901d28.8b0: CreationTime: 2020-05-01T13:55:06.000000000Z
5911d28.8b0: LastWriteTime: 2020-12-17T12:02:22.000000000Z
5921d28.8b0: ChangeTime: 2021-04-24T13:11:45.101532700Z
5931d28.8b0: FileAttributes: 0x20
5941d28.8b0: Size: 0x947c0
5951d28.8b0: NT Headers: 0xe0
5961d28.8b0: Timestamp: 0x5fd9dbef
5971d28.8b0: Machine: 0x8664 - amd64
5981d28.8b0: Timestamp: 0x5fd9dbef
5991d28.8b0: Image Version: 0.0
6001d28.8b0: SizeOfImage: 0x98000 (622592)
6011d28.8b0: Resource Dir: 0x96000 LB 0x458
6021d28.8b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6031d28.8b0: [Raw version resource data: 0x96060 LB 0x3f4, codepage 0x0 (reserved 0x0)]
6041d28.8b0: ProductName: Anti-Malware Core
6051d28.8b0: ProductVersion: 20.12.0
6061d28.8b0: FileVersion: Anti-Malware Core.20.12.0.473.x64
6071d28.8b0: PrivateBuild: Anti-Malware Core.20.12.0.473.x64
6081d28.8b0: FileDescription: Event Driver
6091d28.8b0: \SystemRoot\System32\drivers\mfewfpk.sys:
6101d28.8b0: CreationTime: 2020-04-09T20:15:22.000000000Z
6111d28.8b0: LastWriteTime: 2020-12-11T21:36:48.000000000Z
6121d28.8b0: ChangeTime: 2021-04-12T11:48:45.329306500Z
6131d28.8b0: FileAttributes: 0x20
6141d28.8b0: Size: 0x3d9c0
6151d28.8b0: NT Headers: 0xf0
6161d28.8b0: Timestamp: 0x5fcfebec
6171d28.8b0: Machine: 0x8664 - amd64
6181d28.8b0: Timestamp: 0x5fcfebec
6191d28.8b0: Image Version: 0.0
6201d28.8b0: SizeOfImage: 0x59000 (364544)
6211d28.8b0: Resource Dir: 0x57000 LB 0x380
6221d28.8b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6231d28.8b0: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
6241d28.8b0: ProductName: SYSCORE
6251d28.8b0: ProductVersion: 20.12.0.173
6261d28.8b0: FileVersion: SYSCORE.20.12.0.173
6271d28.8b0: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
6281d28.8b0: FileDescription: Anti-Virus Mini-Firewall Driver
6291d28.8b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6301d28.8b0: Calling main()
6311d28.8b0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
6321d28.8b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6331d28.8b0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
6341d28.8b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
6351d28.8b0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
6361d28.8b0: SUPR3HardenedMain: Respawn #2
6371d28.8b0: supR3HardNtEnableThreadCreationEx:
6381d28.8b0: supR3HardenedDllNotificationCallback: load 00007ffae2120000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6391d28.8b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6401d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6411d28.8b0: supR3HardenedDllNotificationCallback: load 00007ffae1da0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
6421d28.8b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6431d28.8b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
6441d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
6451d28.8b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
6461d28.8b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
6471d28.8b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6481d28.8b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6491d28.8b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6501d28.8b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6511d28.8b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6521d28.8b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2330000 'C:\WINDOWS\System32\ntdll.dll'
6531d28.8b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae23a4b10 pvNtTerminateThread=00007ffae23cd770
6541d28.8b0: supR3HardenedWinDoReSpawn(2): New child 15bc.50c [kernel32].
6551d28.8b0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
6561d28.8b0: supR3HardNtChildGatherData: PebBaseAddress=0000000000cf6000 cbPeb=0x388
6571d28.8b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffae2330000 uNtDllChildAddr=00007ffae2330000
6581d28.8b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffae23a4b10
6591d28.8b0: supR3HardenedWinSetupChildInit: Initial context:
660 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff73fbe7740 rdx=0000000000cf6000
661 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
662 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
663 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
664 rip=00007ffae2382630 rsp=0000000000effad8 rbp=0000000000000000 ctxflags=0010001b
665 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
666 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
667 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
668 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
669 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
6701d28.8b0: kernel32.dll: timestamp 0x61e69688 (rc=VINF_SUCCESS)
6711d28.8b0: supR3HardenedWinSetupChildInit: Start child.
6721d28.8b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
6731d28.8b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
6741d28.8b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6751d28.8b0: *0000000000000000-0000000000b7ffff 0x0001/0x0000 0x0000000
6761d28.8b0: *0000000000b80000-0000000000b9ffff 0x0004/0x0004 0x0020000
6771d28.8b0: *0000000000ba0000-0000000000bbcfff 0x0002/0x0002 0x0040000
6781d28.8b0: 0000000000bbd000-0000000000bbffff 0x0001/0x0000 0x0000000
6791d28.8b0: *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000
6801d28.8b0: 0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000
6811d28.8b0: *0000000000bd0000-0000000000bd1fff 0x0004/0x0004 0x0020000
6821d28.8b0: 0000000000bd2000-0000000000bfffff 0x0001/0x0000 0x0000000
6831d28.8b0: *0000000000c00000-0000000000cf5fff 0x0000/0x0004 0x0020000
6841d28.8b0: 0000000000cf6000-0000000000cf8fff 0x0004/0x0004 0x0020000
6851d28.8b0: 0000000000cf9000-0000000000dfffff 0x0000/0x0004 0x0020000
6861d28.8b0: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
6871d28.8b0: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
6881d28.8b0: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
6891d28.8b0: 0000000000f00000-000000007ffdffff 0x0001/0x0000 0x0000000
6901d28.8b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6911d28.8b0: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
6921d28.8b0: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
6931d28.8b0: 000000007ffe6000-00007ff5c4aaffff 0x0001/0x0000 0x0000000
6941d28.8b0: *00007ff5c4ab0000-00007ff5c4ab0fff 0x0002/0x0002 0x0040000
6951d28.8b0: 00007ff5c4ab1000-00007ff5c4abffff 0x0001/0x0000 0x0000000
6961d28.8b0: *00007ff5c4ac0000-00007ff5c4ae2fff 0x0002/0x0002 0x0040000
6971d28.8b0: 00007ff5c4ae3000-00007ff73fbdffff 0x0001/0x0000 0x0000000
6981d28.8b0: *00007ff73fbe0000-00007ff73fbe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6991d28.8b0: 00007ff73fbe1000-00007ff73fc57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7001d28.8b0: 00007ff73fc58000-00007ff73fc58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7011d28.8b0: 00007ff73fc59000-00007ff73fca1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7021d28.8b0: 00007ff73fca2000-00007ff73fca2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7031d28.8b0: 00007ff73fca3000-00007ff73fca3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7041d28.8b0: 00007ff73fca4000-00007ff73fca8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7051d28.8b0: 00007ff73fca9000-00007ff73fca9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7061d28.8b0: 00007ff73fcaa000-00007ff73fcaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7071d28.8b0: 00007ff73fcab000-00007ff73fcaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7081d28.8b0: 00007ff73fcaf000-00007ff73fcf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7091d28.8b0: 00007ff73fcf8000-00007ffae232ffff 0x0001/0x0000 0x0000000
7101d28.8b0: *00007ffae2330000-00007ffae2330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7111d28.8b0: 00007ffae2331000-00007ffae244bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7121d28.8b0: 00007ffae244c000-00007ffae2493fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7131d28.8b0: 00007ffae2494000-00007ffae249ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7141d28.8b0: 00007ffae24a0000-00007ffae24aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7151d28.8b0: 00007ffae24af000-00007ffae24affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7161d28.8b0: 00007ffae24b0000-00007ffae24b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7171d28.8b0: 00007ffae24b3000-00007ffae2524fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7181d28.8b0: 00007ffae2525000-00007ffffffeffff 0x0001/0x0000 0x0000000
7191d28.8b0: VBoxHeadless.exe: timestamp 0x607e57d1 (rc=VINF_SUCCESS)
7201d28.8b0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
7211d28.8b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7221d28.8b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
7231d28.8b0: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
7241d28.8b0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
72515bc.50c: Log file opened: 6.1.20r143896 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
72615bc.50c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffae2330000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000eff568)
7271d28.8b0: supR3HardNtEnableThreadCreationEx:
72815bc.50c: ntdll.dll: timestamp 0x9bed63d6 (rc=VINF_SUCCESS)
72915bc.50c: New simple heap: #1 0000000001000000 LB 0x400000 (for 2052096 allocation)
73015bc.50c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
73115bc.50c: System32: \Device\HarddiskVolume3\Windows\System32
73215bc.50c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
73315bc.50c: KnownDllPath: C:\WINDOWS\System32
73415bc.50c: supR3HardenedVmProcessInit: Opening vboxdrv...
73515bc.50c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
73615bc.50c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
73715bc.50c: Registered Dll notification callback with NTDLL.
73815bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
73915bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
74015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
74115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadfba0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
74215bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
74315bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
74415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae17b0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
74515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
74615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
74715bc.50c: supR3HardenedDllNotificationCallback: load 00007ff73fbe0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
74815bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
74915bc.50c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
75015bc.50c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
75115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75215bc.50c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffae23a4b10 pvNtTerminateThread=00007ffae23cd770
7531d28.8b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
75415bc.50c: \SystemRoot\System32\ntdll.dll:
75515bc.50c: CreationTime: 2021-04-16T00:42:03.012798800Z
75615bc.50c: LastWriteTime: 2021-04-16T00:42:03.124698200Z
75715bc.50c: ChangeTime: 2021-04-25T18:24:06.026552000Z
75815bc.50c: FileAttributes: 0x20
75915bc.50c: Size: 0x1ee518
76015bc.50c: NT Headers: 0xe8
76115bc.50c: Timestamp: 0x9bed63d6
76215bc.50c: Machine: 0x8664 - amd64
76315bc.50c: Timestamp: 0x9bed63d6
76415bc.50c: Image Version: 10.0
76515bc.50c: SizeOfImage: 0x1f5000 (2052096)
76615bc.50c: Resource Dir: 0x184000 LB 0x6fd28
76715bc.50c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
76815bc.50c: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
76915bc.50c: ProductName: Microsoft® Windows® Operating System
77015bc.50c: ProductVersion: 10.0.19041.928
77115bc.50c: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
77215bc.50c: FileDescription: NT Layer DLL
77315bc.50c: \SystemRoot\System32\kernel32.dll:
77415bc.50c: CreationTime: 2021-04-16T00:41:30.619375600Z
77515bc.50c: LastWriteTime: 2021-04-16T00:41:30.666292900Z
77615bc.50c: ChangeTime: 2021-04-25T18:23:55.303945800Z
77715bc.50c: FileAttributes: 0x20
77815bc.50c: Size: 0xbac30
77915bc.50c: NT Headers: 0xe8
78015bc.50c: Timestamp: 0x61e69688
78115bc.50c: Machine: 0x8664 - amd64
78215bc.50c: Timestamp: 0x61e69688
78315bc.50c: Image Version: 10.0
78415bc.50c: SizeOfImage: 0xbd000 (774144)
78515bc.50c: Resource Dir: 0xbb000 LB 0x520
78615bc.50c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
78715bc.50c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
78815bc.50c: ProductName: Microsoft® Windows® Operating System
78915bc.50c: ProductVersion: 10.0.19041.928
79015bc.50c: FileVersion: 10.0.19041.928 (WinBuild.160101.0800)
79115bc.50c: FileDescription: Windows NT BASE API Client DLL
79215bc.50c: \SystemRoot\System32\KernelBase.dll:
79315bc.50c: CreationTime: 2021-04-16T00:42:04.993242300Z
79415bc.50c: LastWriteTime: 2021-04-16T00:42:05.153374700Z
79515bc.50c: ChangeTime: 2021-04-25T18:24:04.291376800Z
79615bc.50c: FileAttributes: 0x20
79715bc.50c: Size: 0x2c8b78
79815bc.50c: NT Headers: 0xf0
79915bc.50c: Timestamp: 0x2f2f77bf
80015bc.50c: Machine: 0x8664 - amd64
80115bc.50c: Timestamp: 0x2f2f77bf
80215bc.50c: Image Version: 10.0
80315bc.50c: SizeOfImage: 0x2c8000 (2916352)
80415bc.50c: Resource Dir: 0x29f000 LB 0x548
80515bc.50c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
80615bc.50c: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
80715bc.50c: ProductName: Microsoft® Windows® Operating System
80815bc.50c: ProductVersion: 10.0.19041.906
80915bc.50c: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
81015bc.50c: FileDescription: Windows NT BASE API Client DLL
81115bc.50c: \SystemRoot\System32\apisetschema.dll:
81215bc.50c: CreationTime: 2019-12-07T09:08:13.518339400Z
81315bc.50c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
81415bc.50c: ChangeTime: 2021-04-16T00:46:30.823078900Z
81515bc.50c: FileAttributes: 0x20
81615bc.50c: Size: 0x1f538
81715bc.50c: NT Headers: 0xd0
81815bc.50c: Timestamp: 0x31288ce0
81915bc.50c: Machine: 0x8664 - amd64
82015bc.50c: Timestamp: 0x31288ce0
82115bc.50c: Image Version: 10.0
82215bc.50c: SizeOfImage: 0x20000 (131072)
82315bc.50c: Resource Dir: 0x1f000 LB 0x408
82415bc.50c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
82515bc.50c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
82615bc.50c: ProductName: Microsoft® Windows® Operating System
82715bc.50c: ProductVersion: 10.0.19041.1
82815bc.50c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
82915bc.50c: FileDescription: ApiSet Schema DLL
83015bc.50c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
83115bc.50c: supR3HardenedWinFindAdversaries: 0x20
83215bc.50c: \SystemRoot\System32\drivers\cfwids.sys:
83315bc.50c: CreationTime: 2020-04-09T20:15:22.000000000Z
83415bc.50c: LastWriteTime: 2020-12-11T21:36:48.000000000Z
83515bc.50c: ChangeTime: 2021-04-12T11:49:15.251301400Z
83615bc.50c: FileAttributes: 0x20
83715bc.50c: Size: 0x127c0
83815bc.50c: NT Headers: 0xf0
83915bc.50c: Timestamp: 0x5fcfecdd
84015bc.50c: Machine: 0x8664 - amd64
84115bc.50c: Timestamp: 0x5fcfecdd
84215bc.50c: Image Version: 0.0
84315bc.50c: SizeOfImage: 0x14000 (81920)
84415bc.50c: Resource Dir: 0x12000 LB 0x550
84515bc.50c: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
84615bc.50c: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
84715bc.50c: ProductName: SYSCORE
84815bc.50c: ProductVersion: 20.12.0.173
84915bc.50c: FileVersion: SYSCORE.20.12.0.173
85015bc.50c: PrivateBuild: SYSCORE.20.12.0.173
85115bc.50c: FileDescription: McAfee Personal Firewall IDS Plugin
85215bc.50c: \SystemRoot\System32\drivers\McPvDrv.sys:
85315bc.50c: CreationTime: 2020-12-15T14:06:01.088248900Z
85415bc.50c: LastWriteTime: 2021-01-18T07:58:42.000000000Z
85515bc.50c: ChangeTime: 2021-04-12T11:52:24.563885100Z
85615bc.50c: FileAttributes: 0x20
85715bc.50c: Size: 0x15c18
85815bc.50c: NT Headers: 0xf8
85915bc.50c: Timestamp: 0x5ff2a4d8
86015bc.50c: Machine: 0x8664 - amd64
86115bc.50c: Timestamp: 0x5ff2a4d8
86215bc.50c: Image Version: 6.3
86315bc.50c: SizeOfImage: 0x18000 (98304)
86415bc.50c: Resource Dir: 0x16000 LB 0x350
86515bc.50c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
86615bc.50c: [Raw version resource data: 0x16060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
86715bc.50c: ProductName: McAfee File Lock
86815bc.50c: ProductVersion: 9,3,0,0
86915bc.50c: FileVersion: 9,3,101,0
87015bc.50c: FileDescription: McAfee File Lock Driver
87115bc.50c: \SystemRoot\System32\drivers\mfeavfk.sys:
87215bc.50c: CreationTime: 2020-04-09T20:15:22.000000000Z
87315bc.50c: LastWriteTime: 2020-12-11T22:36:46.000000000Z
87415bc.50c: ChangeTime: 2021-04-12T11:49:14.826134900Z
87515bc.50c: FileAttributes: 0x20
87615bc.50c: Size: 0x5e3c0
87715bc.50c: NT Headers: 0xf0
87815bc.50c: Timestamp: 0x5fcfec2a
87915bc.50c: Machine: 0x8664 - amd64
88015bc.50c: Timestamp: 0x5fcfec2a
88115bc.50c: Image Version: 0.0
88215bc.50c: SizeOfImage: 0x5f000 (389120)
88315bc.50c: Resource Dir: 0x5d000 LB 0x758
88415bc.50c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
88515bc.50c: [Raw version resource data: 0x5d110 LB 0x334, codepage 0x0 (reserved 0x0)]
88615bc.50c: ProductName: SYSCORE
88715bc.50c: ProductVersion: 20.12.0.173
88815bc.50c: FileVersion: SYSCORE.20.12.0.173
88915bc.50c: PrivateBuild: SYSCORE.20.12.0.173 F15,F16,F19
89015bc.50c: FileDescription: Anti-Virus File System Filter Driver
89115bc.50c: \SystemRoot\System32\drivers\mfefirek.sys:
89215bc.50c: CreationTime: 2020-04-09T20:15:22.000000000Z
89315bc.50c: LastWriteTime: 2020-12-11T21:36:48.000000000Z
89415bc.50c: ChangeTime: 2021-04-12T11:49:14.757897300Z
89515bc.50c: FileAttributes: 0x20
89615bc.50c: Size: 0x7f7c0
89715bc.50c: NT Headers: 0xe0
89815bc.50c: Timestamp: 0x5fcfeca3
89915bc.50c: Machine: 0x8664 - amd64
90015bc.50c: Timestamp: 0x5fcfeca3
90115bc.50c: Image Version: 0.0
90215bc.50c: SizeOfImage: 0x81000 (528384)
90315bc.50c: Resource Dir: 0x7d000 LB 0x388
90415bc.50c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
90515bc.50c: [Raw version resource data: 0x7d060 LB 0x328, codepage 0x0 (reserved 0x0)]
90615bc.50c: ProductName: SYSCORE
90715bc.50c: ProductVersion: 20.12.0.173
90815bc.50c: FileVersion: SYSCORE.20.12.0.173
90915bc.50c: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
91015bc.50c: FileDescription: McAfee Core Firewall Engine Driver
91115bc.50c: \SystemRoot\System32\drivers\mfehidk.sys:
91215bc.50c: CreationTime: 2020-04-09T20:15:22.000000000Z
91315bc.50c: LastWriteTime: 2020-12-11T21:36:46.000000000Z
91415bc.50c: ChangeTime: 2021-04-12T11:49:13.549595100Z
91515bc.50c: FileAttributes: 0x20
91615bc.50c: Size: 0xfadc0
91715bc.50c: NT Headers: 0xf8
91815bc.50c: Timestamp: 0x5fcfebd9
91915bc.50c: Machine: 0x8664 - amd64
92015bc.50c: Timestamp: 0x5fcfebd9
92115bc.50c: Image Version: 0.0
92215bc.50c: SizeOfImage: 0x105000 (1069056)
92315bc.50c: Resource Dir: 0x101000 LB 0x758
92415bc.50c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
92515bc.50c: [Raw version resource data: 0x101110 LB 0x320, codepage 0x0 (reserved 0x0)]
92615bc.50c: ProductName: SYSCORE
92715bc.50c: ProductVersion: 20.12.0.173
92815bc.50c: FileVersion: SYSCORE.20.12.0.173
92915bc.50c: PrivateBuild: SYSCORE.20.12.0.173 F14,F15,F16,F18,F20
93015bc.50c: FileDescription: McAfee Link Driver
93115bc.50c: \SystemRoot\System32\drivers\mfencbdc.sys:
93215bc.50c: CreationTime: 2020-05-01T13:55:06.000000000Z
93315bc.50c: LastWriteTime: 2020-12-17T12:02:22.000000000Z
93415bc.50c: ChangeTime: 2021-04-24T13:11:45.101532700Z
93515bc.50c: FileAttributes: 0x20
93615bc.50c: Size: 0x947c0
93715bc.50c: NT Headers: 0xe0
93815bc.50c: Timestamp: 0x5fd9dbef
93915bc.50c: Machine: 0x8664 - amd64
94015bc.50c: Timestamp: 0x5fd9dbef
94115bc.50c: Image Version: 0.0
94215bc.50c: SizeOfImage: 0x98000 (622592)
94315bc.50c: Resource Dir: 0x96000 LB 0x458
94415bc.50c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94515bc.50c: [Raw version resource data: 0x96060 LB 0x3f4, codepage 0x0 (reserved 0x0)]
94615bc.50c: ProductName: Anti-Malware Core
94715bc.50c: ProductVersion: 20.12.0
94815bc.50c: FileVersion: Anti-Malware Core.20.12.0.473.x64
94915bc.50c: PrivateBuild: Anti-Malware Core.20.12.0.473.x64
95015bc.50c: FileDescription: Event Driver
95115bc.50c: \SystemRoot\System32\drivers\mfewfpk.sys:
95215bc.50c: CreationTime: 2020-04-09T20:15:22.000000000Z
95315bc.50c: LastWriteTime: 2020-12-11T21:36:48.000000000Z
95415bc.50c: ChangeTime: 2021-04-12T11:48:45.329306500Z
95515bc.50c: FileAttributes: 0x20
95615bc.50c: Size: 0x3d9c0
95715bc.50c: NT Headers: 0xf0
95815bc.50c: Timestamp: 0x5fcfebec
95915bc.50c: Machine: 0x8664 - amd64
96015bc.50c: Timestamp: 0x5fcfebec
96115bc.50c: Image Version: 0.0
96215bc.50c: SizeOfImage: 0x59000 (364544)
96315bc.50c: Resource Dir: 0x57000 LB 0x380
96415bc.50c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
96515bc.50c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
96615bc.50c: ProductName: SYSCORE
96715bc.50c: ProductVersion: 20.12.0.173
96815bc.50c: FileVersion: SYSCORE.20.12.0.173
96915bc.50c: PrivateBuild: SYSCORE.20.12.0.173 F17,F18
97015bc.50c: FileDescription: Anti-Virus Mini-Firewall Driver
97115bc.50c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
97215bc.50c: Calling main()
97315bc.50c: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
97415bc.50c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
97515bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
97615bc.50c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
97715bc.50c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
97815bc.50c: SUPR3HardenedMain: Final process, opening VBoxDrv...
97915bc.50c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001000000 LB 0x400000)
98015bc.50c: supR3HardNtEnableThreadCreationEx:
98115bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
98215bc.50c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
98315bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
98415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
98515bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
98615bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadaed0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
98715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
98815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
98915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
99115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
99215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
99415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadaed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
99515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
99615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
99715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
99815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
99915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
100015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
100115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
100215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
100315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
100415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
100515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
100615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
100715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100815bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1390000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
100915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
101015bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae2120000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
101115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
101215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae00a0000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
101315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
101415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadfa70000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
101515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
101615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
101715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0130000 LB 0x0015f000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
101815bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
101915bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
102015bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
102115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
102215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
102315bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
102415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
102515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
102615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
102715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
102815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
102915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
103015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
103115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
103215bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
103315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
103415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
103515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
103615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
103715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf590000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
103815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
103915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae00a0000 'C:\WINDOWS\system32\Wintrust.dll'
104015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
104115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
104215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
104315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0100000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
104415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
104515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0100000 'C:\WINDOWS\system32\bcrypt.dll'
104615bc.50c: bcrypt.dll loaded at 00007ffae0100000, BCryptOpenAlgorithmProvider at 00007ffae01051e0, preloading providers:
104715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
104815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
104915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105015bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0020000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
105115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
105215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0020000 'C:\WINDOWS\system32\bcryptprimitives.dll'
105315bc.50c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000144cea0)
105415bc.50c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000014500f0)
105515bc.50c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001450410)
105615bc.50c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001450730)
105715bc.50c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001450a50)
105815bc.50c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001450d70)
105915bc.50c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001451090)
106015bc.50c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000014513b0)
106115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
106215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
106315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf350000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
106415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
106515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
106615bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
106715bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
106815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
106915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
107015bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
107115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
107215bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadeb20000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
107415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
107615bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
107715bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
107815bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf370000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
107915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
108015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
108115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
108315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
108415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae00a0000 'C:\WINDOWS\System32\WINTRUST.DLL'
108615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
108715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
108815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\CRYPT32.dll'
108915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1c50000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
109015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
109115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
109215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
109315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
109515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1da0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
109615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
109715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
109815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
109915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
110015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
110115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
110215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
110315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffade380000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
110415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
110515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
110615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
110715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf9b0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
110815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
110915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
111015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
111115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
111215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
111315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
111415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
111515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
111615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
111915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
112015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
112115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
112215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
112315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
112415bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
112515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
112615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
112715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
112815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112915bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113015bc.50c: supR3HardenedDllNotificationCallback: load 00007fface0e0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
113115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
113515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
113815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
114115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
114415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
114715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
115015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
115215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
115415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
115615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
115815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
116015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\WINDOWS\System32\cryptnet.dll'
116115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
116215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface0e0000 'C:\Windows\System32\cryptnet.dll'
116315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1700000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
116415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
116515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
116615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
116715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
116815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
116915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
117015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
117115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
117215bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
117315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
117415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
117515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
117615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
117715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
117815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
117915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
118115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
118215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
118415bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
118515bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014bbc80
118615bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
118715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57DCDA2AC5DAA6EB013F737C1F52BB3995410D1A
118815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
118915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2120000 'C:\WINDOWS\System32\rpcrt4.dll'
119115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
119215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
119415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
119515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
119715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.928.cat'; file='\SystemRoot\System32\ntdll.dll'
119815bc.50c: g_pfnWinVerifyTrust=00007ffae00a1da0
119915bc.50c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
120015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
120115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
120315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
120415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
120615bc.50c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
120715bc.50c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
120815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
120915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
121115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
121215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
121415bc.50c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
121515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
121615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
121815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
121915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
122015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
122115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
122215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
122315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
122415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
122515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
122615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
122715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
122815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
122915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
123015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
123115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
123215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
123315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
123415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
123515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
123615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
123715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
123815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
123915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
124015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
124115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
124215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
124315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
124415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
124515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
124615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
124715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
124815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
124915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
125015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
125115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
125215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
125315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
125415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
125515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
125615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
125715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
125815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
125915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
126015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
126115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
126215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
126315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
126415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
126515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
126615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
126715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
126815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
126915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
127015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
127115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
127215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
127315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
127415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
127515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
127615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
127715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
127815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
127915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
128015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
128115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
128215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
128315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
128415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
128515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\system32\crypt32.dll'
128615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
128715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
128815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
128915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
129015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
129115bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
129215bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
129315bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
129415bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
129515bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
129615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
129715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
129815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
129915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
130015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
130115bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
130215bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
130315bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
130415bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
130515bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
130615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
130715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
130815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
130915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
131015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
131115bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
131215bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
131315bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
131415bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
131515bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
131615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
131715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
131815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
131915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
132015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
132115bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
132215bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
132315bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
132415bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
132515bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
132615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
132715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
132815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
132915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
133015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
133115bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
133215bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
133315bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
133415bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
133515bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
133615bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
133715bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
133815bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
133915bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
134015bc.50c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
134115bc.50c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=55
134215bc.50c: SUPR3HardenedMain: Load Runtime...
134315bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
134415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
134515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
134615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
134715bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
134815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
134915bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
135015bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
135115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
135215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
135315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
135415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
135515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
135615bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
135715bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
135815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
135915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
136015bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
136115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
136215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
136315bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
136415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
136515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
136615bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
136715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
136815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
136915bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
137015bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
137115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
137215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
137315bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
137415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
137515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
137615bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
137715bc.50c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137815bc.50c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
137915bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
138015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
138115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
138215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
138315bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
138415bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
138515bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
138615bc.50c: supR3HardenedDllNotificationCallback: load 00000000668c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
138715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
138815bc.50c: supR3HardenedDllNotificationCallback: load 0000000065d40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
138915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
139015bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae2280000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
139115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
139215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffa9a400000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
139315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
139415bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
139715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
139815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
140415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
140515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
141115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
141215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141515bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
141815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
141915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142015bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142215bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
142515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142715bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
143215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
143315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143415bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144415bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145415bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146415bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146915bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
147415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
147615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
148115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
148615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
149015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
149115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
149215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
149315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
149415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
149515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
149615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
149715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
149815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
149915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
150015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
150115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
150215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
150315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
150415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
150515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
150615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
150715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
150815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
150915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
151015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
151115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
151215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
151315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
151415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
151515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
151615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
151715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
151815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
151915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
152015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
152115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
152215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
152315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
152415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
152515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
152615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
152715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
152815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
152915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
153015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
153115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
153215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
153315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
153415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
153515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
153615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
153715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
153815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
153915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
154015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
154115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
154215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
154315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
154415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
154515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
154615bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
154715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
154815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
154915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
155015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
155115bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
155215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
155315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
155415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
155515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
155615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
155715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
155815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
155915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
156015bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
156115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
156215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
156315bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
156415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
156515bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
156615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
156715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
156815bc.50c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
156915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
157015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9a400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
157115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
157215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
157315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
157415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
157515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae00a0000 'C:\WINDOWS\system32\Wintrust.dll'
157615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
157715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
157915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
158015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
158115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
158215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\system32\crypt32.dll'
158315bc.50c: SUPR3HardenedMain: Load TrustedMain...
158415bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll: Signature #1/2: info status: 24202
158515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
158615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
158715bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
158815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
158915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
159015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
159115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
159215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
159315bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
159415bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
159515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
159815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
159915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
160015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
160115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
160215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
160315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
160415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
160515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
160615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
160715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
160815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
160915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
161015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
161115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
161215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
161315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
161415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
161515bc.50c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
161615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
161715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
161815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
161915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
162015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
162115bc.50c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
162215bc.50c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
162315bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
162415bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
162515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
162615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
162715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
162815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
162915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
163015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
163115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
163215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
163315bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
163415bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
163515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
163615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
163715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
163815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
163915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
164015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
164115bc.50c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
164215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
164315bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
164415bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
164515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
164615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
164715bc.50c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
164815bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
164915bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
165015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
165115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
165215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
165315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
165415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
165515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
165615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
165715bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
165815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
165915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
166015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
166115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
166215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
166315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
166415bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
166515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
166615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
166715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
166815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
166915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
167015bc.50c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
167115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
167215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
167315bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
167415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
167515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
167615bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
167715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
167815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
167915bc.50c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
168015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
168315bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
168415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1870000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
168515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
168615bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadfb70000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
168715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
168815bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadff80000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
168915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
169015bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1e40000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
169115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
169215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadfe70000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
169315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
169415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
169515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
169615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
169715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
169815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
169915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae2250000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
170015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
170115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0af0000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
170215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
170315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1cd0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
170415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
170515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffad1a70000 LB 0x00052000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
170615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
170715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
170815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
170915bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
171015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
171115bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
171215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
171315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
171415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
171515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
171615bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
171715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
171815bc.50c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
171915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
172015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
172215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
172315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
172415bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
172515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
172615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
172715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
172815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
172915bc.50c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
173015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
173215bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
173315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
173415bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
173515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
173615bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
173715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
173815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
173915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
174015bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
174115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
174215bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
174315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
174415bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
174515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
174615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-string-l1-1-0'
174715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
174815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
174915bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
175015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
175115bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
175215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
175315bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
175415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
175515bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
175615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
175715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
175815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
175915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
176015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
176115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-datetime-l1-1-1'
176215bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
176315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
176415bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
176515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
176615bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
176715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
176815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
176915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
177015bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
177115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
177215bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
177315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
177415bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
177515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
177615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-obsolete-l1-2-0'
177715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
177815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
177915bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
178015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
178115bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
178215bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
178315bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
178415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
178515bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
178615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
178715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
178815bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
178915bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
179015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
179115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
179215bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
179315bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
179415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
179515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
179615bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
179715bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
179815bc.50c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
179915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
180015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
180115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
180215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
180315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1670000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
180415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
180515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1670000 'C:\WINDOWS\system32\IMM32.DLL'
180615bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
180715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
180815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
180915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
181015bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
181115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
181215bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
181315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
181415bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
181515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
181615bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
181715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
181815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
181915bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
182015bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
182115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
182215bc.50c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
182315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
182415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1a70000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
182515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
182615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
182715bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
182815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
182915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
183015bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
183115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
183215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
183315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
183415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
183515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
183615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
183715bc.50c: SUPR3HardenedMain: Calling TrustedMain (00007ffad1a72ae0)...
183815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
183915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
184015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
184115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
184215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffade360000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
184315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
184415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae2070000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
184515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
184615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
184715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
184815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
184915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
185015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
185115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185315bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
185415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
185515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
185615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
185915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
186015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
186115bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
186215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
186315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
186415bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
186515bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
186615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
186715bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
186815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
186915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
187015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
187115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
187215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
187315bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
187415bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
187515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
187615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
187715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
187815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
187915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
188015bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
188115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
188215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
188315bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
188415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
188515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
188615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
188715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
188815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
188915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
189015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
189115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
189215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
189315bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
189415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffa965f0000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
189515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
189615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa965f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
189715bc.50c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
189815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
189915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
190015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
190115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
190215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
190315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
190415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
190515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
190615bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
190715bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
190815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
190915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
191015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
191115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
191215bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
191315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
191415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
191515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
191615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
191715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
191815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
191915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
192015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
192115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) WinVerifyTrust
192215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
192315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
192415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
192515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
192615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
192715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
192815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
192915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
193015bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
193115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
193215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
193315bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
193415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
193515bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
193615bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae1c70000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
193715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
193815bc.50c: supR3HardenedDllNotificationCallback: load 00007ffa9d740000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
193915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
194015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9d740000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
194115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
194215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
194315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1cd0000 'C:\Windows\System32\oleaut32.dll'
194415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
194515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
194615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0af0000 'C:\WINDOWS\System32\ole32.dll'
194715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
194815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
194915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1cd0000 'C:\WINDOWS\System32\OLEAUT32.dll'
195015bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000794 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
195115bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
195215bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
195315bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB3ECA1473EC52F9B019D265122638E0788939AC
195415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
195515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
195615bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
195715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
195815bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
196015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
196115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
196215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
196315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
196415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
196515bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000760 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
196615bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
196715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
196815bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=81079EBE9391E32B4247EEC5D81D5FE7F690612C
196915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
197015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
197115bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
197215bc.50c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
197315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
197415bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
197515bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
197615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
197715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
197815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
197915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
198215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
198515bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
198615bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
198715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaccbd0000 LB 0x00094000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
198815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
198915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7e70000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
199015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
199115bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
199215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
199315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
199415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac7e70000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
199515bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007d8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
199615bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
199715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
199815bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34BA357EFBCEA3447E98131975A6D86BBAD90C80
199915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
200015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
200115bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
200215bc.50c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
200315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
200415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
200515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
200615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
200715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
200815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
200915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
201015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
201115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
201215bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
201315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7ae0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
201415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
201515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac7ae0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
201615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
201715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
201815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-0.dll'
201915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
202015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
202115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
202215bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007ac pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
202315bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
202415bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
202515bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
202615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
202715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
202815bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
202915bc.50c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
203015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
203115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
203215bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
203315bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
203415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
203515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
203615bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
203715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
204015bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
204115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7b00000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
204215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
204315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac7b00000 'C:\WINDOWS\system32\wbem\fastprox.dll'
204415bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c0 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
204515bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
204615bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
204715bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
204815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
204915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
205015bc.50c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
205115bc.50c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
205415bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
205515bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
205615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
205715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
205815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
205915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
206215bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
206315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffacc830000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
206415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
206515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacc830000 'C:\WINDOWS\System32\amsi.dll'
206615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
206715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
206815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
206915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf970000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
207015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
207115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
207215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
207315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
207415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
207515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
207615bc.50c: \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll: Owner is administrators group.
207715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
207815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
207915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'psapi.dll'.
208015bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
208115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
208215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
208315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shlwapi.dll'.
208415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
208515bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll) WinVerifyTrust
208615bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
208715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
208815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
208915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
209015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
209115bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
209215bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
209315bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
209415bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
209515bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
209615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
209715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
209815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
209915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
210015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
210115bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
210215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
210315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
210415bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
210515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
210615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
210715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
210815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
210915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
211015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
211115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
211215bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
211315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
211415bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
211515bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
211615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
211715bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
211815bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
211915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
212015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
212115bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll) WinVerifyTrust
212215bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll
212315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\McAfee\MfeAV\AMSIExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
212415bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
212515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
212615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
212715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
212815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
212915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
213015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
213115bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
213215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
213315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
213415bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
213515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
213615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
213715bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
213815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
213915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
214015bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
214115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
214215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
214315bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
214415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
214515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
214615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
214715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
214815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
214915bc.50c: Error (rc=0):
215015bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
215115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
215215bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
215315bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
215415bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
215515bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
215615bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
215715bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
215815bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
215915bc.50c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
216015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
216115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
216215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
216315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
216415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
216515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
216615bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
216715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
216815bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
216915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
217015bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
217115bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
217215bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
217315bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
217415bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
217515bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
217615bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
217715bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
217815bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
217915bc.50c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
218015bc.50c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
218115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
218215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
218315bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
218415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
218515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
218615bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
218715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
218815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\McAfee\MfeAV\AMSIExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218915bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
219015bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
219115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
219215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
219315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
219415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
219515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
219615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
219715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
219815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
219915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
220015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
220115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
220215bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
220315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
220415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
220515bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
220615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
220715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
220815bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
220915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
221015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
221115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
221215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
221315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
221415bc.50c: Error (rc=0):
221515bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
221615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
221715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
221815bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
221915bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
222015bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
222115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
222215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
222315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
222415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
222515bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
222615bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
222715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
222815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
222915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
223015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\McAfee\MfeAV\AMSIExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223115bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
223215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
223315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
223415bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
223515bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
223615bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
223715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
223815bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
223915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
224015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
224115bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
224215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
224315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
224415bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
224515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
224615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
224715bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
224815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
224915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
225015bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
225115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
225215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
225315bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
225415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
225515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
225615bc.50c: Error (rc=0):
225715bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
225815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
225915bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
226015bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
226115bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
226215bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
226315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
226415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
226515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
226615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
226715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
226815bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
226915bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
227015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
227115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
227215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
227315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
227415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
227515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
227615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
227715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
227815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
227915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
228015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
228115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
228215bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
228315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
228415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
228515bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
228615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
228715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
228815bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
228915bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
229015bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
229115bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
229215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
229315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
229415bc.50c: Error (rc=0):
229515bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
229615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
229715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
229815bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
229915bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
230015bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
230115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
230215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll
230315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
230415bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
230515bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
230615bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
230715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
230815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
230915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
231015bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
231115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
231215bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
231315bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
231415bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
231515bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
231615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
231715bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
231815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
231915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
232015bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
232115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
232215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
232315bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
232415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
232515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
232615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
232715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
232815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
232915bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
233015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
233115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
233215bc.50c: Error (rc=0):
233315bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
233415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
233515bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
233615bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
233715bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
233815bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
233915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
234015bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
234115bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
234215bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
234315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
234415bc.50c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll
234515bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
234615bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
234715bc.50c: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
234815bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
234915bc.50c: supR3HardenedDllNotificationCallback: load 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [fFlags=0x0]
235015bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
235115bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
235215bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
235315bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
235415bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
235515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
235615bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
235715bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
235815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-synch-l1-2-0'
235915bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
236015bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
236115bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-fibers-l1-1-1'
236215bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
236315bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
236415bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfba0000 'api-ms-win-core-localization-l1-2-1'
236515bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'C:\WINDOWS\System32\kernel32.dll'
236615bc.50c: Error (rc=0):
236715bc.50c: supR3HardenedMonitor_LdrLoadDll: rejecting UNC name '\\?\C:\Windows\System32\ADVAPI32.dll'
236815bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc00000fb
236915bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7970000 LB 0x000ed000 C:\Program Files\McAfee\MfeAV\AMSIExt.dll [flags=0x0]
237015bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0390000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [flags=0x0]
237115bc.50c: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
237215bc.50c: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
237315bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
237415bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [flags=0x0]
237515bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [flags=0x0]
237615bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\McAfee\MfeAV\AMSIExt.dll'
237715bc.50c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
237815bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
237915bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae1700000 'C:\WINDOWS\System32\ADVAPI32.dll'
238015bc.71c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
238115bc.71c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
238215bc.71c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
238315bc.71c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
238415bc.71c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
238515bc.71c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
238615bc.71c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
238715bc.71c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
238815bc.71c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
238915bc.71c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
239015bc.71c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
239115bc.71c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
239215bc.71c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
239315bc.71c: supR3HardenedDllNotificationCallback: load 00007ffa9ac80000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
239415bc.71c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
239515bc.71c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ac80000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
239615bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
239715bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000914 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
239815bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
239915bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
240015bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAC8C290E6A586220883FAD5DCDC734D078E5A36
240115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
240215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
240315bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04111~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
240415bc.a84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
240515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
240615bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
240715bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
240815bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
240915bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
241015bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
241115bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
241215bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
241315bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
241415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
241515bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
241615bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008c0 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
241715bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014bbc80
241815bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014bbc80
241915bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBF6397EB75AA0F0A1F00943D02D98D1F9C5BA
242015bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
242115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
242215bc.a84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.928.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
242315bc.a84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
242415bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) WinVerifyTrust
242515bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
242615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
242715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
242815bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
242915bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243015bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
243115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
243215bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
243315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
243415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
243515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
243615bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
243715bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
243815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
243915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
244015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
244115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
244215bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
244315bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
244415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
244515bc.a84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
244615bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
244715bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
244815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
244915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
245015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
245115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
245215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
245315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
245415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
245515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
245615bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
245715bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
245815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
245915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
246015bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
246115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
246215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
246315bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
246415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
246515bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
246615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
246715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
246815bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
246915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
247015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
247115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247315bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
247415bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
247515bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
247615bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
247715bc.a84: supR3HardenedDllNotificationCallback: load 00007ffae0340000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
247815bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
247915bc.a84: supR3HardenedDllNotificationCallback: load 00007ffad1d70000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
248015bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
248115bc.a84: supR3HardenedDllNotificationCallback: load 00007ffae0d00000 LB 0x00469000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
248215bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
248315bc.a84: supR3HardenedDllNotificationCallback: load 00007ffad3360000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
248415bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
248515bc.a84: supR3HardenedDllNotificationCallback: load 00007ffad1da0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
248615bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
248715bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1da0000 'C:\Windows\System32\NetSetupShim.dll'
248815bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
248915bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
249015bc.a84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
249115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
249215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
249315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
249415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
249515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
249615bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
249715bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
249815bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
249915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
250015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
250115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
250215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
250315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
250415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
250515bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
250615bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
250715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
250815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
250915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
251015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
251115bc.a84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
251215bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
251315bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
251415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
251515bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
251615bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
251715bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
251815bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
251915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
252015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
252115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
252215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
252315bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
252415bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
252515bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
252615bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
252715bc.a84: supR3HardenedDllNotificationCallback: load 00007ffae1490000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
252815bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
252915bc.a84: supR3HardenedDllNotificationCallback: load 00007ffad4070000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
253015bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
253115bc.a84: supR3HardenedDllNotificationCallback: load 00007ffac27c0000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
253215bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
253315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac27c0000 'C:\Windows\System32\NetSetupEngine.dll'
253415bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
253515bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
253615bc.a84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
253715bc.2360: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
253815bc.2360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
253915bc.2360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
254015bc.2360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
254115bc.2360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
254215bc.2360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
254315bc.2360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
254415bc.2360: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
254515bc.2360: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
254615bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
254715bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
254815bc.2360: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
254915bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
255015bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
255115bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
255215bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
255315bc.2360: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
255415bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
255515bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
255615bc.2360: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
255715bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
255815bc.2360: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
255915bc.2360: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
256015bc.2360: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
256115bc.2360: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
256215bc.2360: supR3HardenedDllNotificationCallback: load 00007ffacc3b0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
256315bc.2360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
256415bc.2360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacc3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
256515bc.9d0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
256615bc.9d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
256715bc.9d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
256815bc.9d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
256915bc.9d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
257015bc.9d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
257115bc.9d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
257215bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
257315bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
257415bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
257515bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
257615bc.9d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
257715bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
257815bc.9d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
257915bc.9d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
258015bc.9d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
258115bc.9d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
258215bc.9d0: supR3HardenedDllNotificationCallback: load 00007ffacc290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
258315bc.9d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
258415bc.9d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacc290000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
258515bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
258615bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
258715bc.a84: supR3HardenedDllNotificationCallback: load 00007ffae03a0000 LB 0x00742000 C:\WINDOWS\System32\Shell32.dll [fFlags=0x0]
258815bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
258915bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae03a0000 'C:\WINDOWS\system32\Shell32.dll'
259015bc.a84: supR3HardenedDllNotificationCallback: load 00007ffadf410000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
259115bc.a84: supR3HardenedDllNotificationCallback: load 00007ffaddbb0000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
259215bc.a84: supR3HardenedDllNotificationCallback: load 00007ffae15c0000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
259315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
259415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
259515bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
259615bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
259715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
259815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
259915bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
260015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
260315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
260415bc.a84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
260515bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
260615bc.a84: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
260715bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
260815bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
260915bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
261015bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
261115bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
261215bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
261315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
261415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
261515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
261615bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
261715bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
261815bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
261915bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
262015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
262115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
262215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
262315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae0130000 'C:\WINDOWS\System32\crypt32.dll'
262415bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
262515bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
262615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
262715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
262815bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
262915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
263015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
263115bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
263215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
263315bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
263415bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
263515bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
263615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
263715bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
263815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
263915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
264015bc.a84: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
264115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
264215bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
264315bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
264415bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
264515bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
264615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
264715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
264815bc.a84: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
264915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
265015bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
265115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
265215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
265315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
265415bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
265515bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
265615bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
265715bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
265815bc.a84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
265915bc.a84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
266015bc.a84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
266115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
266215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
266315bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
266415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
266515bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
266615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
266715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
266815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
266915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
267015bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
267115bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
267215bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
267315bc.a84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
267415bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
267515bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
267615bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
267715bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
267815bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
267915bc.a84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
268015bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268115bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
268215bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
268315bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
268415bc.a84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
268515bc.a84: supR3HardenedDllNotificationCallback: load 00007ffadaf10000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
268615bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
268715bc.a84: supR3HardenedDllNotificationCallback: load 00007ffa947e0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
268815bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
268915bc.a84: supR3HardenedDllNotificationCallback: load 00007ffadee70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
269015bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
269115bc.a84: supR3HardenedDllNotificationCallback: load 00007ffa95640000 LB 0x009f0000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
269215bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
269315bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa95640000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
269415bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
269515bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
269615bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
269715bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa965f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
269815bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
269915bc.a84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
270015bc.a84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
270115bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa947e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
270215bc.a84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
270315bc.3258: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
270415bc.3258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
270515bc.3258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
270615bc.3258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
270715bc.3258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
270815bc.3258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
270915bc.3258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
271015bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
271115bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
271215bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
271315bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
271415bc.3258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
271515bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
271615bc.3258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
271715bc.3258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
271815bc.3258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
271915bc.3258: supR3HardenedDllNotificationCallback: load 00007ffacba70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
272015bc.3258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
272115bc.3258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacba70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
272215bc.2b10: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
272315bc.2b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
272415bc.2b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
272515bc.2b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
272615bc.2b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
272715bc.2b10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
272815bc.2b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
272915bc.2b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
273015bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
273115bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
273215bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
273315bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
273415bc.2b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
273515bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
273615bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
273715bc.2b10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
273815bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
273915bc.2b10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
274015bc.2b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
274115bc.2b10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
274215bc.2b10: supR3HardenedDllNotificationCallback: load 00007ffacc280000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
274315bc.2b10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
274415bc.2b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacc280000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
274515bc.132c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
274615bc.132c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeb20000 'C:\WINDOWS\system32\rsaenh.dll'
274715bc.132c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
274815bc.132c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
274915bc.132c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
275015bc.132c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
275115bc.132c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
275215bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
275315bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
275415bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
275515bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
275615bc.132c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
275715bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
275815bc.132c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
275915bc.132c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
276015bc.132c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
276115bc.132c: supR3HardenedDllNotificationCallback: load 00007ffacba40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
276215bc.132c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
276315bc.132c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacba40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
276415bc.132c: supR3HardenedDllNotificationCallback: Unload 00007ffacba40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
276515bc.2b10: supR3HardenedDllNotificationCallback: Unload 00007ffacc280000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
276615bc.3258: supR3HardenedDllNotificationCallback: Unload 00007ffacba70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
276715bc.9d0: supR3HardenedDllNotificationCallback: Unload 00007ffacc290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
276815bc.2360: supR3HardenedDllNotificationCallback: Unload 00007ffacc3b0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
276915bc.a84: supR3HardenedDllNotificationCallback: Unload 00007ffa95640000 LB 0x009f0000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
277015bc.a84: supR3HardenedDllNotificationCallback: Unload 00007ffadaf10000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
277115bc.a84: supR3HardenedDllNotificationCallback: Unload 00007ffa947e0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
277215bc.a84: supR3HardenedDllNotificationCallback: Unload 00007ffadee70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
277315bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7ae0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
277415bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7b00000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
277515bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffa9d740000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
277615bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffac7e70000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
277715bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffaccbd0000 LB 0x00094000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
277815bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffa965f0000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
277915bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffad1da0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
278015bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffad1d70000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
278115bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffae0d00000 LB 0x00469000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
278215bc.50c: supR3HardenedDllNotificationCallback: Unload 00007ffad3360000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
278315bc.50c: Terminating the normal way: rcExit=0
278415bc.50c: KiUserExceptionDispatcher: 0xc0000005 (0000000000000008, 00007ffac79d9b2c) @ 00007ffac79d9b2c (flags=0x0)
2785 rax=00007ffac79d9b2c rbx=0000000001449460 rcx=00007ffac7a4d700 rdx=0000000000000007
2786 rsi=0000000000000017 rdi=00000000014493c8 r8 =00000000ffffffff r9 =0000000000000001
2787 r10=0000000000000000 r11=0000000000efef30 r12=0000000000000000 r13=00007ffae249b2b0
2788 r14=0000000001449500 r15=0000000000000001 P1=0000000000000000 P2=0000000000000000
2789 rip=00007ffac79d9b2c rsp=0000000000efeff8 rbp=000000000000000c ctxflags=0010005f
2790 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010206 mxcrx=00001fa0
2791 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
2792 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
2793 dr6=0000000000000000 dr7=0000000000000000 vcr=000000010000003a dcr=0000000000000000
2794 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
279515bc.50c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
279615bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279715bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae17b0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
279815bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
279915bc.50c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
280015bc.50c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
280115bc.50c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
280215bc.50c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
280315bc.50c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2330000 'C:\WINDOWS\System32\ntdll.dll'
280415bc.50c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
280515bc.50c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
28061d28.8b0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 137801 ms, the end);
28072e9c.1d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 138551 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy