VirtualBox

Ticket #20540: VBoxHardening.log

File VBoxHardening.log, 467.3 KB (added by Javier Martínez, 3 years ago)
Line 
1243c.14d8: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa04a6200
2243c.14d8: \SystemRoot\System32\ntdll.dll:
3243c.14d8: CreationTime: 2021-09-10T13:40:09.725917600Z
4243c.14d8: LastWriteTime: 2021-09-10T13:40:09.764957200Z
5243c.14d8: ChangeTime: 2021-09-15T06:55:02.151797400Z
6243c.14d8: FileAttributes: 0x20
7243c.14d8: Size: 0x1ee518
8243c.14d8: NT Headers: 0xe8
9243c.14d8: Timestamp: 0x4f115fac
10243c.14d8: Machine: 0x8664 - amd64
11243c.14d8: Timestamp: 0x4f115fac
12243c.14d8: Image Version: 10.0
13243c.14d8: SizeOfImage: 0x1f5000 (2052096)
14243c.14d8: Resource Dir: 0x184000 LB 0x6fdc8
15243c.14d8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16243c.14d8: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17243c.14d8: ProductName: Microsoft® Windows® Operating System
18243c.14d8: ProductVersion: 10.0.19041.1202
19243c.14d8: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
20243c.14d8: FileDescription: NT Layer DLL
21243c.14d8: \SystemRoot\System32\kernel32.dll:
22243c.14d8: CreationTime: 2021-09-10T13:39:58.429708600Z
23243c.14d8: LastWriteTime: 2021-09-10T13:39:58.464844700Z
24243c.14d8: ChangeTime: 2021-09-15T06:55:02.017108500Z
25243c.14d8: FileAttributes: 0x20
26243c.14d8: Size: 0xbc060
27243c.14d8: NT Headers: 0xe8
28243c.14d8: Timestamp: 0x871fae9
29243c.14d8: Machine: 0x8664 - amd64
30243c.14d8: Timestamp: 0x871fae9
31243c.14d8: Image Version: 10.0
32243c.14d8: SizeOfImage: 0xbe000 (778240)
33243c.14d8: Resource Dir: 0xbc000 LB 0x520
34243c.14d8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35243c.14d8: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36243c.14d8: ProductName: Microsoft® Windows® Operating System
37243c.14d8: ProductVersion: 10.0.19041.1202
38243c.14d8: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
39243c.14d8: FileDescription: Windows NT BASE API Client DLL
40243c.14d8: \SystemRoot\System32\KernelBase.dll:
41243c.14d8: CreationTime: 2021-09-10T13:40:10.475488000Z
42243c.14d8: LastWriteTime: 2021-09-10T13:40:10.535998700Z
43243c.14d8: ChangeTime: 2021-09-15T06:55:02.366516300Z
44243c.14d8: FileAttributes: 0x20
45243c.14d8: Size: 0x2c9da8
46243c.14d8: NT Headers: 0xf0
47243c.14d8: Timestamp: 0xc9db1934
48243c.14d8: Machine: 0x8664 - amd64
49243c.14d8: Timestamp: 0xc9db1934
50243c.14d8: Image Version: 10.0
51243c.14d8: SizeOfImage: 0x2c9000 (2920448)
52243c.14d8: Resource Dir: 0x2a0000 LB 0x548
53243c.14d8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54243c.14d8: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55243c.14d8: ProductName: Microsoft® Windows® Operating System
56243c.14d8: ProductVersion: 10.0.19041.1202
57243c.14d8: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
58243c.14d8: FileDescription: Windows NT BASE API Client DLL
59243c.14d8: \SystemRoot\System32\apisetschema.dll:
60243c.14d8: CreationTime: 2019-12-07T09:08:13.518339400Z
61243c.14d8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62243c.14d8: ChangeTime: 2021-09-15T06:55:01.995636600Z
63243c.14d8: FileAttributes: 0x20
64243c.14d8: Size: 0x1f538
65243c.14d8: NT Headers: 0xd0
66243c.14d8: Timestamp: 0x31288ce0
67243c.14d8: Machine: 0x8664 - amd64
68243c.14d8: Timestamp: 0x31288ce0
69243c.14d8: Image Version: 10.0
70243c.14d8: SizeOfImage: 0x20000 (131072)
71243c.14d8: Resource Dir: 0x1f000 LB 0x408
72243c.14d8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73243c.14d8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74243c.14d8: ProductName: Microsoft® Windows® Operating System
75243c.14d8: ProductVersion: 10.0.19041.1
76243c.14d8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77243c.14d8: FileDescription: ApiSet Schema DLL
78243c.14d8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79243c.14d8: supR3HardenedWinFindAdversaries: 0x0
80243c.14d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81243c.14d8: Calling main()
82243c.14d8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
83243c.14d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84243c.14d8: SUPR3HardenedMain: Respawn #1
85243c.14d8: System32: \Device\HarddiskVolume4\Windows\System32
86243c.14d8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
87243c.14d8: KnownDllPath: C:\WINDOWS\System32
88243c.14d8: supR3HardenedWinInit: Performing a limited self purification...
89243c.14d8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
90243c.14d8: *0000000000000000-00000000009fffff 0x0001/0x0000 0x0000000
91243c.14d8: *0000000000a00000-0000000000be3fff 0x0000/0x0004 0x0020000
92243c.14d8: 0000000000be4000-0000000000be6fff 0x0004/0x0004 0x0020000
93243c.14d8: 0000000000be7000-0000000000bfffff 0x0000/0x0004 0x0020000
94243c.14d8: *0000000000c00000-0000000000c0ffff 0x0004/0x0004 0x0040000
95243c.14d8: 0000000000c10000-0000000000c1ffff 0x0001/0x0000 0x0000000
96243c.14d8: *0000000000c20000-0000000000c3cfff 0x0002/0x0002 0x0040000
97243c.14d8: 0000000000c3d000-0000000000c3ffff 0x0001/0x0000 0x0000000
98243c.14d8: *0000000000c40000-0000000000cf8fff 0x0000/0x0004 0x0020000
99243c.14d8: 0000000000cf9000-0000000000cfbfff 0x0104/0x0004 0x0020000
100243c.14d8: 0000000000cfc000-0000000000d3ffff 0x0004/0x0004 0x0020000
101243c.14d8: *0000000000d40000-0000000000d43fff 0x0002/0x0002 0x0040000
102243c.14d8: 0000000000d44000-0000000000d4ffff 0x0001/0x0000 0x0000000
103243c.14d8: *0000000000d50000-0000000000d51fff 0x0004/0x0004 0x0020000
104243c.14d8: 0000000000d52000-0000000000d5ffff 0x0001/0x0000 0x0000000
105243c.14d8: *0000000000d60000-0000000000e28fff 0x0002/0x0002 0x0040000
106243c.14d8: 0000000000e29000-0000000000e4ffff 0x0001/0x0000 0x0000000
107243c.14d8: *0000000000e50000-0000000000e56fff 0x0004/0x0004 0x0020000
108243c.14d8: 0000000000e57000-0000000000f4ffff 0x0000/0x0004 0x0020000
109243c.14d8: *0000000000f50000-0000000000f51fff 0x0004/0x0004 0x0020000
110243c.14d8: 0000000000f52000-0000000000f81fff 0x0000/0x0004 0x0020000
111243c.14d8: 0000000000f82000-0000000000f8ffff 0x0001/0x0000 0x0000000
112243c.14d8: *0000000000f90000-0000000000fb4fff 0x0004/0x0004 0x0020000
113243c.14d8: 0000000000fb5000-000000000108ffff 0x0000/0x0004 0x0020000
114243c.14d8: 0000000001090000-000000000110ffff 0x0001/0x0000 0x0000000
115243c.14d8: *0000000001110000-000000000111efff 0x0004/0x0004 0x0020000
116243c.14d8: 000000000111f000-000000000111ffff 0x0000/0x0004 0x0020000
117243c.14d8: *0000000001120000-0000000001120fff 0x0000/0x0004 0x0020000
118243c.14d8: 0000000001121000-0000000001316fff 0x0004/0x0004 0x0020000
119243c.14d8: 0000000001317000-0000000001317fff 0x0000/0x0004 0x0020000
120243c.14d8: 0000000001318000-000000007ffdffff 0x0001/0x0000 0x0000000
121243c.14d8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
122243c.14d8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
123243c.14d8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
124243c.14d8: 000000007ffec000-00007ff4c74cffff 0x0001/0x0000 0x0000000
125243c.14d8: *00007ff4c74d0000-00007ff4c74d4fff 0x0002/0x0002 0x0040000
126243c.14d8: 00007ff4c74d5000-00007ff4c75cffff 0x0000/0x0002 0x0040000
127243c.14d8: *00007ff4c75d0000-00007ff5c75effff 0x0000/0x0004 0x0020000
128243c.14d8: *00007ff5c75f0000-00007ff5c95effff 0x0000/0x0004 0x0020000
129243c.14d8: 00007ff5c95f0000-00007ff5c95f0fff 0x0004/0x0004 0x0020000
130243c.14d8: 00007ff5c95f1000-00007ff5c95fffff 0x0001/0x0000 0x0000000
131243c.14d8: *00007ff5c9600000-00007ff5c9600fff 0x0002/0x0002 0x0040000
132243c.14d8: 00007ff5c9601000-00007ff5c960ffff 0x0001/0x0000 0x0000000
133243c.14d8: *00007ff5c9610000-00007ff5c9632fff 0x0002/0x0002 0x0040000
134243c.14d8: 00007ff5c9633000-00007ff7854fffff 0x0001/0x0000 0x0000000
135243c.14d8: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
136243c.14d8: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
137243c.14d8: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
138243c.14d8: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
139243c.14d8: 00007ff7855c1000-00007ff7855c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
140243c.14d8: 00007ff7855c4000-00007ff7855c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
141243c.14d8: 00007ff7855c7000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
142243c.14d8: 00007ff7855ca000-00007ff7855cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
143243c.14d8: 00007ff7855cb000-00007ff7855ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
144243c.14d8: 00007ff7855cd000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
145243c.14d8: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
146243c.14d8: 00007ff785617000-00007fffed4affff 0x0001/0x0000 0x0000000
147243c.14d8: *00007fffed4b0000-00007fffed4b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
148243c.14d8: 00007fffed4b1000-00007fffed5c2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
149243c.14d8: 00007fffed5c3000-00007fffed73afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
150243c.14d8: 00007fffed73b000-00007fffed73efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
151243c.14d8: 00007fffed73f000-00007fffed73ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
152243c.14d8: 00007fffed740000-00007fffed778fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
153243c.14d8: 00007fffed779000-00007fffef0effff 0x0001/0x0000 0x0000000
154243c.14d8: *00007fffef0f0000-00007fffef0f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
155243c.14d8: 00007fffef0f1000-00007fffef16ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
156243c.14d8: 00007fffef170000-00007fffef1a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
157243c.14d8: 00007fffef1a3000-00007fffef1a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
158243c.14d8: 00007fffef1a4000-00007fffef1a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
159243c.14d8: 00007fffef1a5000-00007fffef1adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
160243c.14d8: 00007fffef1ae000-00007fffef9effff 0x0001/0x0000 0x0000000
161243c.14d8: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
162243c.14d8: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
163243c.14d8: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
164243c.14d8: 00007fffefb54000-00007fffefb54fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
165243c.14d8: 00007fffefb55000-00007fffefb56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
166243c.14d8: 00007fffefb57000-00007fffefb5ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
167243c.14d8: 00007fffefb60000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
168243c.14d8: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
169243c.14d8: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
170243c.14d8: kernelbase.dll: timestamp 0xc9db1934 (rc=VINF_SUCCESS)
171243c.14d8: VBoxHeadless.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
172243c.14d8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
173243c.14d8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
174243c.14d8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
175243c.14d8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
176243c.14d8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
177243c.14d8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
178243c.14d8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
179243c.14d8: supR3HardNtEnableThreadCreationEx:
180243c.14d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
181243c.14d8: supR3HardenedWinDoReSpawn(1): New child 778.9f4 [kernel32].
182243c.14d8: supR3HardNtChildGatherData: PebBaseAddress=000000000098a000 cbPeb=0x388
183243c.14d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffef9f0000 uNtDllChildAddr=00007fffef9f0000
184243c.14d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffefa64b00
185243c.14d8: supR3HardenedWinSetupChildInit: Initial context:
186 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff785507740 rdx=000000000098a000
187 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
188 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
189 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
190 rip=00007fffefa42630 rsp=00000000007df9d8 rbp=0000000000000000 ctxflags=0010001b
191 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
192 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
193 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
194 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
195 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
196243c.14d8: supR3HardenedWinSetupChildInit: Start child.
197243c.14d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
198243c.14d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 17 sleeps
199243c.14d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
200243c.14d8: *0000000000000000-000000000069ffff 0x0001/0x0000 0x0000000
201243c.14d8: *00000000006a0000-00000000006bffff 0x0004/0x0004 0x0020000
202243c.14d8: *00000000006c0000-00000000006dcfff 0x0002/0x0002 0x0040000
203243c.14d8: 00000000006dd000-00000000006dffff 0x0001/0x0000 0x0000000
204243c.14d8: *00000000006e0000-00000000007dafff 0x0000/0x0004 0x0020000
205243c.14d8: 00000000007db000-00000000007ddfff 0x0104/0x0004 0x0020000
206243c.14d8: 00000000007de000-00000000007dffff 0x0004/0x0004 0x0020000
207243c.14d8: *00000000007e0000-00000000007e3fff 0x0002/0x0002 0x0040000
208243c.14d8: 00000000007e4000-00000000007effff 0x0001/0x0000 0x0000000
209243c.14d8: *00000000007f0000-00000000007f1fff 0x0004/0x0004 0x0020000
210243c.14d8: 00000000007f2000-00000000007fffff 0x0001/0x0000 0x0000000
211243c.14d8: *0000000000800000-0000000000989fff 0x0000/0x0004 0x0020000
212243c.14d8: 000000000098a000-000000000098cfff 0x0004/0x0004 0x0020000
213243c.14d8: 000000000098d000-00000000009fffff 0x0000/0x0004 0x0020000
214243c.14d8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000
215243c.14d8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
216243c.14d8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
217243c.14d8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
218243c.14d8: 000000007ffec000-00007ff5e59affff 0x0001/0x0000 0x0000000
219243c.14d8: *00007ff5e59b0000-00007ff5e59b0fff 0x0002/0x0002 0x0040000
220243c.14d8: 00007ff5e59b1000-00007ff5e59bffff 0x0001/0x0000 0x0000000
221243c.14d8: *00007ff5e59c0000-00007ff5e59e2fff 0x0002/0x0002 0x0040000
222243c.14d8: 00007ff5e59e3000-00007ff7854fffff 0x0001/0x0000 0x0000000
223243c.14d8: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
224243c.14d8: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
225243c.14d8: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
226243c.14d8: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
227243c.14d8: 00007ff7855c1000-00007ff7855c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
228243c.14d8: 00007ff7855c2000-00007ff7855c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
229243c.14d8: 00007ff7855c3000-00007ff7855c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
230243c.14d8: 00007ff7855c8000-00007ff7855c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
231243c.14d8: 00007ff7855c9000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
232243c.14d8: 00007ff7855ca000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
233243c.14d8: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
234243c.14d8: 00007ff785617000-00007fffef9effff 0x0001/0x0000 0x0000000
235243c.14d8: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
236243c.14d8: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
237243c.14d8: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
238243c.14d8: 00007fffefb54000-00007fffefb5ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
239243c.14d8: 00007fffefb60000-00007fffefb6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
240243c.14d8: 00007fffefb6f000-00007fffefb6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
241243c.14d8: 00007fffefb70000-00007fffefb72fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
242243c.14d8: 00007fffefb73000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
243243c.14d8: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
244243c.14d8: supR3HardNtChildPurify: Done after 262 ms and 0 fixes (loop #0).
245778.9f4: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
246778.9f4: supR3HardenedVmProcessInit: uNtDllAddr=00007fffef9f0000 g_uNtVerCombined=0xa04a6200 (stack ~00000000007df468)
247778.9f4: ntdll.dll: timestamp 0x4f115fac (rc=VINF_SUCCESS)
248778.9f4: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2052096 allocation)
249243c.14d8: supR3HardNtEnableThreadCreationEx:
250778.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
251778.9f4: System32: \Device\HarddiskVolume4\Windows\System32
252778.9f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
253778.9f4: KnownDllPath: C:\WINDOWS\System32
254778.9f4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
255778.9f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
256778.9f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
257778.9f4: Registered Dll notification callback with NTDLL.
258778.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
259778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
260778.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
261778.9f4: supR3HardenedDllNotificationCallback: load 00007fffed4b0000 LB 0x002c9000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
262778.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
263778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
264778.9f4: supR3HardenedDllNotificationCallback: load 00007fffef0f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
265778.9f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
266778.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
267778.9f4: supR3HardenedDllNotificationCallback: load 00007ff785500000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
268778.9f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
269778.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
270778.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
271778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
272778.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
273243c.14d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms.
274778.9f4: \SystemRoot\System32\ntdll.dll:
275778.9f4: CreationTime: 2021-09-10T13:40:09.725917600Z
276778.9f4: LastWriteTime: 2021-09-10T13:40:09.764957200Z
277778.9f4: ChangeTime: 2021-09-15T06:55:02.151797400Z
278778.9f4: FileAttributes: 0x20
279778.9f4: Size: 0x1ee518
280778.9f4: NT Headers: 0xe8
281778.9f4: Timestamp: 0x4f115fac
282778.9f4: Machine: 0x8664 - amd64
283778.9f4: Timestamp: 0x4f115fac
284778.9f4: Image Version: 10.0
285778.9f4: SizeOfImage: 0x1f5000 (2052096)
286778.9f4: Resource Dir: 0x184000 LB 0x6fdc8
287778.9f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
288778.9f4: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
289778.9f4: ProductName: Microsoft® Windows® Operating System
290778.9f4: ProductVersion: 10.0.19041.1202
291778.9f4: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
292778.9f4: FileDescription: NT Layer DLL
293778.9f4: \SystemRoot\System32\kernel32.dll:
294778.9f4: CreationTime: 2021-09-10T13:39:58.429708600Z
295778.9f4: LastWriteTime: 2021-09-10T13:39:58.464844700Z
296778.9f4: ChangeTime: 2021-09-15T06:55:02.017108500Z
297778.9f4: FileAttributes: 0x20
298778.9f4: Size: 0xbc060
299778.9f4: NT Headers: 0xe8
300778.9f4: Timestamp: 0x871fae9
301778.9f4: Machine: 0x8664 - amd64
302778.9f4: Timestamp: 0x871fae9
303778.9f4: Image Version: 10.0
304778.9f4: SizeOfImage: 0xbe000 (778240)
305778.9f4: Resource Dir: 0xbc000 LB 0x520
306778.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
307778.9f4: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
308778.9f4: ProductName: Microsoft® Windows® Operating System
309778.9f4: ProductVersion: 10.0.19041.1202
310778.9f4: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
311778.9f4: FileDescription: Windows NT BASE API Client DLL
312778.9f4: \SystemRoot\System32\KernelBase.dll:
313778.9f4: CreationTime: 2021-09-10T13:40:10.475488000Z
314778.9f4: LastWriteTime: 2021-09-10T13:40:10.535998700Z
315778.9f4: ChangeTime: 2021-09-15T06:55:02.366516300Z
316778.9f4: FileAttributes: 0x20
317778.9f4: Size: 0x2c9da8
318778.9f4: NT Headers: 0xf0
319778.9f4: Timestamp: 0xc9db1934
320778.9f4: Machine: 0x8664 - amd64
321778.9f4: Timestamp: 0xc9db1934
322778.9f4: Image Version: 10.0
323778.9f4: SizeOfImage: 0x2c9000 (2920448)
324778.9f4: Resource Dir: 0x2a0000 LB 0x548
325778.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
326778.9f4: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
327778.9f4: ProductName: Microsoft® Windows® Operating System
328778.9f4: ProductVersion: 10.0.19041.1202
329778.9f4: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
330778.9f4: FileDescription: Windows NT BASE API Client DLL
331778.9f4: \SystemRoot\System32\apisetschema.dll:
332778.9f4: CreationTime: 2019-12-07T09:08:13.518339400Z
333778.9f4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
334778.9f4: ChangeTime: 2021-09-15T06:55:01.995636600Z
335778.9f4: FileAttributes: 0x20
336778.9f4: Size: 0x1f538
337778.9f4: NT Headers: 0xd0
338778.9f4: Timestamp: 0x31288ce0
339778.9f4: Machine: 0x8664 - amd64
340778.9f4: Timestamp: 0x31288ce0
341778.9f4: Image Version: 10.0
342778.9f4: SizeOfImage: 0x20000 (131072)
343778.9f4: Resource Dir: 0x1f000 LB 0x408
344778.9f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
345778.9f4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
346778.9f4: ProductName: Microsoft® Windows® Operating System
347778.9f4: ProductVersion: 10.0.19041.1
348778.9f4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
349778.9f4: FileDescription: ApiSet Schema DLL
350778.9f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
351778.9f4: supR3HardenedWinFindAdversaries: 0x0
352778.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
353778.9f4: Calling main()
354778.9f4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
355778.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
356778.9f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
357778.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
358778.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
359778.9f4: SUPR3HardenedMain: Respawn #2
360778.9f4: supR3HardNtEnableThreadCreationEx:
361778.9f4: supR3HardenedDllNotificationCallback: load 00007fffedaf0000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
362778.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
363778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
364778.9f4: supR3HardenedDllNotificationCallback: load 00007fffef910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
365778.9f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
366778.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
367778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
368778.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
369778.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
370778.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
371778.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
372778.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
373778.9f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
374778.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
375778.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef9f0000 'C:\WINDOWS\System32\ntdll.dll'
376778.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
377778.9f4: supR3HardenedWinDoReSpawn(2): New child 28bc.6c0 [kernel32].
378778.9f4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
379778.9f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000650000 cbPeb=0x388
380778.9f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffef9f0000 uNtDllChildAddr=00007fffef9f0000
381778.9f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffefa64b00
382778.9f4: supR3HardenedWinSetupChildInit: Initial context:
383 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff785507740 rdx=0000000000650000
384 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
385 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
386 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
387 rip=00007fffefa42630 rsp=00000000008ff9c8 rbp=0000000000000000 ctxflags=0010001b
388 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
389 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
390 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
391 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
392 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
393778.9f4: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
394778.9f4: supR3HardenedWinSetupChildInit: Start child.
395778.9f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
396778.9f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 269 ms, 17 sleeps
397778.9f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
398778.9f4: *0000000000000000-00000000004cffff 0x0001/0x0000 0x0000000
399778.9f4: *00000000004d0000-00000000004effff 0x0004/0x0004 0x0020000
400778.9f4: *00000000004f0000-000000000050cfff 0x0002/0x0002 0x0040000
401778.9f4: 000000000050d000-000000000050ffff 0x0001/0x0000 0x0000000
402778.9f4: *0000000000510000-0000000000513fff 0x0002/0x0002 0x0040000
403778.9f4: 0000000000514000-000000000051ffff 0x0001/0x0000 0x0000000
404778.9f4: *0000000000520000-0000000000521fff 0x0004/0x0004 0x0020000
405778.9f4: 0000000000522000-00000000005fffff 0x0001/0x0000 0x0000000
406778.9f4: *0000000000600000-000000000064ffff 0x0000/0x0004 0x0020000
407778.9f4: 0000000000650000-0000000000652fff 0x0004/0x0004 0x0020000
408778.9f4: 0000000000653000-00000000007fffff 0x0000/0x0004 0x0020000
409778.9f4: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
410778.9f4: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
411778.9f4: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
412778.9f4: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
413778.9f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
414778.9f4: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
415778.9f4: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
416778.9f4: 000000007ffec000-00007ff5b244ffff 0x0001/0x0000 0x0000000
417778.9f4: *00007ff5b2450000-00007ff5b2450fff 0x0002/0x0002 0x0040000
418778.9f4: 00007ff5b2451000-00007ff5b245ffff 0x0001/0x0000 0x0000000
419778.9f4: *00007ff5b2460000-00007ff5b2482fff 0x0002/0x0002 0x0040000
420778.9f4: 00007ff5b2483000-00007ff7854fffff 0x0001/0x0000 0x0000000
421778.9f4: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
422778.9f4: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
423778.9f4: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
424778.9f4: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
425778.9f4: 00007ff7855c1000-00007ff7855c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
426778.9f4: 00007ff7855c2000-00007ff7855c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
427778.9f4: 00007ff7855c3000-00007ff7855c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
428778.9f4: 00007ff7855c8000-00007ff7855c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
429778.9f4: 00007ff7855c9000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
430778.9f4: 00007ff7855ca000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
431778.9f4: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
432778.9f4: 00007ff785617000-00007fffef9effff 0x0001/0x0000 0x0000000
433778.9f4: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
434778.9f4: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
435778.9f4: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
436778.9f4: 00007fffefb54000-00007fffefb5ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
437778.9f4: 00007fffefb60000-00007fffefb6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
438778.9f4: 00007fffefb6f000-00007fffefb6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
439778.9f4: 00007fffefb70000-00007fffefb72fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
440778.9f4: 00007fffefb73000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
441778.9f4: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
442778.9f4: VBoxHeadless.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
443778.9f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
444778.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
445778.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
446778.9f4: supR3HardNtChildPurify: Done after 303 ms and 0 fixes (loop #0).
44728bc.6c0: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
44828bc.6c0: supR3HardenedVmProcessInit: uNtDllAddr=00007fffef9f0000 g_uNtVerCombined=0xa04a6200 (stack ~00000000008ff458)
449778.9f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000)
45028bc.6c0: ntdll.dll: timestamp 0x4f115fac (rc=VINF_SUCCESS)
45128bc.6c0: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2052096 allocation)
452778.9f4: supR3HardNtEnableThreadCreationEx:
45328bc.6c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
45428bc.6c0: System32: \Device\HarddiskVolume4\Windows\System32
45528bc.6c0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
45628bc.6c0: KnownDllPath: C:\WINDOWS\System32
45728bc.6c0: supR3HardenedVmProcessInit: Opening vboxdrv...
45828bc.6c0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
45928bc.6c0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
46028bc.6c0: Registered Dll notification callback with NTDLL.
46128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
46228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
46328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
46428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed4b0000 LB 0x002c9000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
46528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
46628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
46728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef0f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
46828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
46928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
47028bc.6c0: supR3HardenedDllNotificationCallback: load 00007ff785500000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
47128bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
47228bc.6c0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
47328bc.6c0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
47428bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
47528bc.6c0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
476778.9f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 86 ms.
47728bc.6c0: \SystemRoot\System32\ntdll.dll:
47828bc.6c0: CreationTime: 2021-09-10T13:40:09.725917600Z
47928bc.6c0: LastWriteTime: 2021-09-10T13:40:09.764957200Z
48028bc.6c0: ChangeTime: 2021-09-15T06:55:02.151797400Z
48128bc.6c0: FileAttributes: 0x20
48228bc.6c0: Size: 0x1ee518
48328bc.6c0: NT Headers: 0xe8
48428bc.6c0: Timestamp: 0x4f115fac
48528bc.6c0: Machine: 0x8664 - amd64
48628bc.6c0: Timestamp: 0x4f115fac
48728bc.6c0: Image Version: 10.0
48828bc.6c0: SizeOfImage: 0x1f5000 (2052096)
48928bc.6c0: Resource Dir: 0x184000 LB 0x6fdc8
49028bc.6c0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
49128bc.6c0: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
49228bc.6c0: ProductName: Microsoft® Windows® Operating System
49328bc.6c0: ProductVersion: 10.0.19041.1202
49428bc.6c0: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
49528bc.6c0: FileDescription: NT Layer DLL
49628bc.6c0: \SystemRoot\System32\kernel32.dll:
49728bc.6c0: CreationTime: 2021-09-10T13:39:58.429708600Z
49828bc.6c0: LastWriteTime: 2021-09-10T13:39:58.464844700Z
49928bc.6c0: ChangeTime: 2021-09-15T06:55:02.017108500Z
50028bc.6c0: FileAttributes: 0x20
50128bc.6c0: Size: 0xbc060
50228bc.6c0: NT Headers: 0xe8
50328bc.6c0: Timestamp: 0x871fae9
50428bc.6c0: Machine: 0x8664 - amd64
50528bc.6c0: Timestamp: 0x871fae9
50628bc.6c0: Image Version: 10.0
50728bc.6c0: SizeOfImage: 0xbe000 (778240)
50828bc.6c0: Resource Dir: 0xbc000 LB 0x520
50928bc.6c0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
51028bc.6c0: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
51128bc.6c0: ProductName: Microsoft® Windows® Operating System
51228bc.6c0: ProductVersion: 10.0.19041.1202
51328bc.6c0: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
51428bc.6c0: FileDescription: Windows NT BASE API Client DLL
51528bc.6c0: \SystemRoot\System32\KernelBase.dll:
51628bc.6c0: CreationTime: 2021-09-10T13:40:10.475488000Z
51728bc.6c0: LastWriteTime: 2021-09-10T13:40:10.535998700Z
51828bc.6c0: ChangeTime: 2021-09-15T06:55:02.366516300Z
51928bc.6c0: FileAttributes: 0x20
52028bc.6c0: Size: 0x2c9da8
52128bc.6c0: NT Headers: 0xf0
52228bc.6c0: Timestamp: 0xc9db1934
52328bc.6c0: Machine: 0x8664 - amd64
52428bc.6c0: Timestamp: 0xc9db1934
52528bc.6c0: Image Version: 10.0
52628bc.6c0: SizeOfImage: 0x2c9000 (2920448)
52728bc.6c0: Resource Dir: 0x2a0000 LB 0x548
52828bc.6c0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
52928bc.6c0: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
53028bc.6c0: ProductName: Microsoft® Windows® Operating System
53128bc.6c0: ProductVersion: 10.0.19041.1202
53228bc.6c0: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
53328bc.6c0: FileDescription: Windows NT BASE API Client DLL
53428bc.6c0: \SystemRoot\System32\apisetschema.dll:
53528bc.6c0: CreationTime: 2019-12-07T09:08:13.518339400Z
53628bc.6c0: LastWriteTime: 2019-12-07T09:08:13.518339400Z
53728bc.6c0: ChangeTime: 2021-09-15T06:55:01.995636600Z
53828bc.6c0: FileAttributes: 0x20
53928bc.6c0: Size: 0x1f538
54028bc.6c0: NT Headers: 0xd0
54128bc.6c0: Timestamp: 0x31288ce0
54228bc.6c0: Machine: 0x8664 - amd64
54328bc.6c0: Timestamp: 0x31288ce0
54428bc.6c0: Image Version: 10.0
54528bc.6c0: SizeOfImage: 0x20000 (131072)
54628bc.6c0: Resource Dir: 0x1f000 LB 0x408
54728bc.6c0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54828bc.6c0: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
54928bc.6c0: ProductName: Microsoft® Windows® Operating System
55028bc.6c0: ProductVersion: 10.0.19041.1
55128bc.6c0: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
55228bc.6c0: FileDescription: ApiSet Schema DLL
55328bc.6c0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
55428bc.6c0: supR3HardenedWinFindAdversaries: 0x0
55528bc.6c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
55628bc.6c0: Calling main()
55728bc.6c0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
55828bc.6c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
55928bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
56028bc.6c0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
56128bc.6c0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
56228bc.6c0: SUPR3HardenedMain: Final process, opening VBoxDrv...
56328bc.6c0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
56428bc.6c0: supR3HardNtEnableThreadCreationEx:
56528bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
56628bc.6c0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
56728bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
56828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56928bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57028bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcb6f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
57128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
58028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
58128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
58228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
58328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
58628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
58728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
58828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
59028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
59128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
59228bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef050000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
59328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
59428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffedaf0000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
59528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
59628bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed260000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
59728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
59828bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed160000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
59928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
60028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
60128bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed8b0000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
60228bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
60328bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
60428bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
60528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
60728bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
60828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
61028bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
61128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
61328bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
61428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
61628bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
61728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-l1-2-1'
61928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
62028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
62128bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeccf0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
62228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
62328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\system32\Wintrust.dll'
62428bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
62528bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
62628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed3d0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
62828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
62928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed3d0000 'C:\WINDOWS\system32\bcrypt.dll'
63028bc.6c0: bcrypt.dll loaded at 00007fffed3d0000, BCryptOpenAlgorithmProvider at 00007fffed3d51e0, preloading providers:
63128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
63228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
63328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed820000 LB 0x00083000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
63528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
63628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed820000 'C:\WINDOWS\system32\bcryptprimitives.dll'
63728bc.6c0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e9cd10)
63828bc.6c0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000ea0190)
63928bc.6c0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000ea04b0)
64028bc.6c0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000ea07d0)
64128bc.6c0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000ea0af0)
64228bc.6c0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000ea0e10)
64328bc.6c0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000ea1130)
64428bc.6c0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000ea1450)
64528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
64628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
64728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffecac0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
64828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
64928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
65028bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
65128bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
65228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
65328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
65428bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65628bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffec1d0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
65828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
66028bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
66128bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
66228bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffecab0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
66328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
66428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
66528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
66728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
66828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\System32\WINTRUST.DLL'
67028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
67128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\CRYPT32.dll'
67328bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeda40000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
67428bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
67528bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
67628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
67728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
67928bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
68028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
68128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
68228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
68328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
68528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
68628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
68728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeb9d0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
68828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
68928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
69028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
69128bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed050000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
69228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
69328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
69428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
69528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
69628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
69728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
69828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
69928bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
70028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70228bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
70428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
70528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
70628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
71028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
71128bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
71228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71328bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffc1b90000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
71528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
71928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72028bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
72228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
72528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
72828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
73028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
73128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
73328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
73428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
73628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
73828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
74028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
74228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
74428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
74528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\Windows\System32\cryptnet.dll'
74728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef490000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
74828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
75028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
75128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
75228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
75328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
75528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
75628bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
75728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
75828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
75928bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
76028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76228bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
76528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
76628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
76828bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
76928bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f10b70
77028bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
77128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=459E91D5F37CCB35AB26461A509CE3D00E44A669
77228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
77328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffedaf0000 'C:\WINDOWS\System32\rpcrt4.dll'
77528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
77828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
77928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
78128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1237.cat'; file='\SystemRoot\System32\ntdll.dll'
78228bc.6c0: g_pfnWinVerifyTrust=00007fffed261da0
78328bc.6c0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
78428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
78728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
78828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
79028bc.6c0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
79128bc.6c0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
79228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
79528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
79628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
79828bc.6c0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
79928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80028bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
80228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
80328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
80528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
80628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
80828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
80928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
81028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
81228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
81328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
81428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
81628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
81728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
81828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
82028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
82128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
82228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
82428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
82528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
82628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
82828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
82928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
83028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
83228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
83328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
83428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
83528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
83728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
83828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
84028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
84128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
84228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
84328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
84428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
84528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
84628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
84728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
84828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
84928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
85028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
85128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
85228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
85328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
85428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
85528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
85628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
85728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
85828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
85928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
86028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
86128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
86228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
86328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
86428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
86528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
86628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
86728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
86828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
86928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\system32\crypt32.dll'
87028bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
87128bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
87228bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
87328bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
87428bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
87528bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
87628bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
87728bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
87828bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xae9fa2382e1bb400 CN=ESET SSL Filter CA, O=ESET, spol. s r. o., C=SK
87928bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
88028bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
88128bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
88228bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
88328bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
88428bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
88528bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
88628bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
88728bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
88828bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
88928bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
89028bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
89128bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
89228bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
89328bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
89428bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
89528bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
89628bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
89728bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
89828bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
89928bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
90028bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
90128bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
90228bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
90328bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
90428bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
90528bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
90628bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
90728bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
90828bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
90928bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
91028bc.6c0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
91128bc.6c0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
91228bc.6c0: SUPR3HardenedMain: Load Runtime...
91328bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
91428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
91528bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
91628bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
91728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
91828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
91928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
92028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
92128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
92228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
92328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
92428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
92528bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
92628bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
92728bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
92828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
92928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
93028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
93128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
93228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
93328bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
93428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
93528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
93628bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
93728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
93828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
93928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
94028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
94128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
94228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
94328bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
94428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
94528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
94628bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
94728bc.6c0: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
94828bc.6c0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
94928bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
95028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
95128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
95228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
95328bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95428bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
95528bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
95628bc.6c0: supR3HardenedDllNotificationCallback: load 000000005c320000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
95728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
95828bc.6c0: supR3HardenedDllNotificationCallback: load 000000005c400000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
95928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
96028bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeefd0000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
96128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
96228bc.6c0: supR3HardenedDllNotificationCallback: load 00007fff9f530000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
96328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96428bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
96528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
96628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
97428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
98128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98528bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
98828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99028bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99228bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
99528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99728bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
100228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
100328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100428bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101428bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102428bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103428bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103928bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
104428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111628bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112128bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
112628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113028bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113328bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113528bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113828bc.6c0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
114128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
114228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
114328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
114428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
114528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\system32\Wintrust.dll'
114628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
114728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
114828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
114928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
115028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
115128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
115228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\system32\crypt32.dll'
115328bc.6c0: SUPR3HardenedMain: Load TrustedMain...
115428bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll: Signature #1/2: info status: 24202
115528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
115628bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
115728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
115828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
115928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
116028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'.
116128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
116228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
116328bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
116428bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
116528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
116628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
116728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
116828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
116928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
117028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
117128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
117228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
117328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
117428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
117528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
117628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
117728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
117828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
117928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
118028bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
118128bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
118228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
118328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
118428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
118528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
118628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
118728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
118828bc.6c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
118928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
119028bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
119128bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
119228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
119328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
119428bc.6c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
119528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
119628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
119728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
119828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
119928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
120028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
120128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
120228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
120328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
120428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
120528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
120628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
120728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
120828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
120928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
121028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
121128bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
121228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
121428bc.6c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
121528bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
121628bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
121728bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
121828bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
121928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122128bc.6c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
122228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
122328bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
122428bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
122528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
122628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
122728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
122828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
122928bc.6c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
123028bc.6c0: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
123128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
123228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
123328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
123428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
123528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
123628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
123728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
123828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
123928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
124028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
124128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
124228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
124328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
124428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
124528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
124628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
124928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
125028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
125128bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
125228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
125328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
125428bc.6c0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
125528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
125628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
125728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
125828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
125928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
126028bc.6c0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
126128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
126228bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
126328bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeda10000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
126428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
126528bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed780000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
126628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
126728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed2c0000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
126828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
126928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
127028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
127128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
127228bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
127328bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
127428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffedac0000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
127528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
127628bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef1b0000 LB 0x001a1000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
127728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
127828bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffee960000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
127928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
128028bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef360000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
128128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
128228bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef790000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
128328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
128428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffb0b30000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
128528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
128628bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
128728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
128828bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
128928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
129028bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
129128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
129228bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
129328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
129428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
129528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
129628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
129728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
129828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
129928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
130128bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
130228bc.6c0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
130328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
130628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
130728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
130828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
130928bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
131028bc.6c0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
131128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
131228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
131328bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
131428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
131528bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
131628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
131728bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
131828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
131928bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
132028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
132128bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
132228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
132328bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
132428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
132528bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
132628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
132728bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
132828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
132928bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
133028bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
133128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-string-l1-1-0'
133228bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
133328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
133428bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
133528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
133628bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
133728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
133828bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
133928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
134028bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
134128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
134228bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
134328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
134428bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
134528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
134628bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
134728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
134828bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
134928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
135028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-datetime-l1-1-1'
135128bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
135228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
135328bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
135428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
135528bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
135628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
135728bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
135828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
135928bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
136028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
136128bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
136228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
136328bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
136428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
136528bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
136628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
136728bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
136828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
136928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-obsolete-l1-2-0'
137028bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
137128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
137228bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
137328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
137428bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
137528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
137628bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
137728bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
137828bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
137928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
138028bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
138128bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
138228bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
138328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
138428bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
138528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
138628bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
138728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
138828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
138928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
139028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
139128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
139228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
139328bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
139428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139628bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
139728bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
139828bc.6c0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
139928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
140028bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeef90000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
140128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
140228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffeef90000 'C:\WINDOWS\system32\IMM32.DLL'
140328bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
140428bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
140528bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
140628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
140728bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
140828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
140928bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
141028bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
141128bc.6c0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
141228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
141328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0b30000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
141428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
141528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
141628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
141728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
141828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
141928bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
142028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
142128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
142228bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
142328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
142428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
142528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
142628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
142728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
142828bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
142928bc.6c0: SUPR3HardenedMain: Calling TrustedMain (00007fffb0b33420)...
143028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
143128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
143228bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
143328bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
143428bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeb030000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
143528bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
143628bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffef860000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
143728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
143828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
143928bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
144028bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
144128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
144228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
144328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
144428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
144528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
144628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
144728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
144828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
144928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
145028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
145128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
145228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
145328bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
145428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
145528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
145628bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
145728bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
145828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
145928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
146028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
146128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
146228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
146328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
146428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
146528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
146628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
146728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
146828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
146928bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
147028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
147128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
147228bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
147328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
147428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
147528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
147628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
147728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
147828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
147928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
148028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
148128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
148228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
148328bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
148428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
148528bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
148628bc.6c0: supR3HardenedDllNotificationCallback: load 00007fff9f070000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
148728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
148828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
148928bc.6c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
149028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
149128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
149228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
149328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
149428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
149528bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
149628bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
149728bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
149828bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
149928bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
150028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
150128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
150228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
150328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
150428bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
150528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
150628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
150728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
150828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
150928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
151028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
151128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
151228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
151328bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
151428bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
151528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
151628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
151728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
151828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
151928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
152028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
152128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
152228bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
152328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
152428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
152528bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
152628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
152728bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
152828bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffeda60000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
152928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
153028bc.6c0: supR3HardenedDllNotificationCallback: load 00007fff9f440000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
153128bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
153228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f440000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
153328bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
153428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
153528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef790000 'C:\Windows\System32\oleaut32.dll'
153628bc.2c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
153728bc.2c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
153828bc.2c28: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
153928bc.2c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
154028bc.2c28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
154128bc.2c28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
154228bc.2c28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
154328bc.2c28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
154428bc.2c28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
154528bc.2c28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
154628bc.2c28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
154728bc.2c28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
154828bc.2c28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
154928bc.2c28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
155028bc.2c28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
155128bc.2c28: supR3HardenedDllNotificationCallback: load 00007fffcadf0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
155228bc.2c28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
155328bc.2c28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcadf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
155428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
155528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
155628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef360000 'C:\WINDOWS\System32\ole32.dll'
155728bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
155828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
155928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef790000 'C:\WINDOWS\System32\OLEAUT32.dll'
156028bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007ac pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
156128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
156228bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
156328bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43C78A996B1A8A014016F442FFFD697A5BC70E12
156428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
156528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
156628bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
156728bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
156828bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
156928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
157028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
157128bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
157228bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
157328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
157428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
157528bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007b0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
157628bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
157728bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
157828bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3171C0A71232B61EEEB57057418104E9B8748536
157928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
158028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
158128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
158228bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
158328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
158428bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
158528bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
158628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
158728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
158828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
158928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159128bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
159228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159328bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
159528bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
159628bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
159728bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcf8f0000 LB 0x00092000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
159828bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
159928bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcfa10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
160028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
160128bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
160228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
160328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
160428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcfa10000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
160528bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
160628bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
160728bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
160828bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992357962ADA496D4D946786336473A2571388C1
160928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
161028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
161128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
161228bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
161328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
161428bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
161528bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
161628bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
161728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
161828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
161928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
162228bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
162328bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffceec0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
162428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
162528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffceec0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
162628bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
162728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
162828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-l1-2-0.dll'
162928bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
163028bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
163128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
163228bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007ec pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
163328bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
163428bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
163528bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
163628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
163728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
163828bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
163928bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
164028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
164128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
164228bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
164328bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
164428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
164528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
164628bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
164728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
165028bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
165128bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcef50000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
165228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
165328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcef50000 'C:\WINDOWS\system32\wbem\fastprox.dll'
165428bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007f8 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
165528bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
165628bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
165728bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
165828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
165928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
166028bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
166128bc.6c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
166228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166328bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
166428bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
166528bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
166628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
166728bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
166828bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
166928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
167028bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
167128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
167228bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
167328bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcdf60000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
167428bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
167528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcdf60000 'C:\WINDOWS\System32\amsi.dll'
167628bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
167728bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)
167828bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
167928bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffed010000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
168028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
168128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
168428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
168528bc.6c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll'
168628bc.6c0: \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll: Owner is administrators group.
168728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
168828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
168928bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
169028bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
169128bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
169228bc.6c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
169328bc.6c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll) WinVerifyTrust
169428bc.6c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll
169528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
169628bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
169728bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
169828bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
169928bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
170028bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
170128bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
170228bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
170328bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
170428bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170528bc.6c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170628bc.6c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
170728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\ESET\ESET Security\eamsi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170828bc.6c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll
170928bc.6c0: supR3HardenedDllNotificationCallback: load 00007fffcdf20000 LB 0x0003b000 C:\Program Files\ESET\ESET Security\eamsi.dll [fFlags=0x0]
171028bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll
171128bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
171228bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
171328bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
171428bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
171528bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
171628bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
171728bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
171828bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
171928bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
172028bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
172128bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
172228bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
172328bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
172428bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
172528bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-l1-2-1'
172628bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
172728bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
172828bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
172928bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
173028bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
173128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
173228bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
173328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-string-l1-1-0'
173528bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
173628bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173728bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-datetime-l1-1-1'
173828bc.6c0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
173928bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
174028bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-obsolete-l1-2-0'
174128bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcdf20000 'C:\Program Files\ESET\ESET Security\eamsi.dll'
174228bc.6c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
174328bc.6c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
174428bc.6c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef490000 'C:\WINDOWS\System32\ADVAPI32.dll'
174528bc.2f3c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
174628bc.2f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
174728bc.2f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
174828bc.2f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
174928bc.2f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
175028bc.2f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
175128bc.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
175228bc.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
175328bc.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
175428bc.2f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
175528bc.2f3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
175628bc.2f3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
175728bc.2f3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
175828bc.2f3c: supR3HardenedDllNotificationCallback: load 00007fff9e870000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
175928bc.2f3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
176028bc.2f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9e870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
176128bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
176228bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef360000 'C:\WINDOWS\system32\ole32.dll'
176428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
176528bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
176628bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
176728bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
176828bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAC8C290E6A586220883FAD5DCDC734D078E5A36
176928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
177028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
177128bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1202.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
177228bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
177328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
177428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
177528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
177628bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
177728bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
177828bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
177928bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
178028bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
178128bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
178228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
178328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume4\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
178428bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008f8 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
178528bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
178628bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
178728bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6C23BF3B67A596620B7EED4DB030740A61FEE94C
178828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
178928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
179028bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1237.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
179128bc.dd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
179228bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll) WinVerifyTrust
179328bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
179428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
179528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
179628bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
179728bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
179828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
179928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
180028bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
180128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
180228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
180328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'bcrypt.dll'.
180428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
180528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
180628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
180728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
180828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
180928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
181028bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
181128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
181228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
181328bc.dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
181428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
181528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
181628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
181728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
181828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
181928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
182028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
182128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
182228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
182328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
182428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
182528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
182628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
182728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
182828bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
182928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
183028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
183128bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
183228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
183328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
183428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
183528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
183628bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
183728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
183828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
183928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
184028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
184128bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
184228bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
184328bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
184428bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll
184528bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffed110000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
184628bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
184728bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffcb930000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
184828bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
184928bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffedd10000 LB 0x00472000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
185028bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
185128bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffcb960000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
185228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll
185328bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffcba40000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
185428bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
185528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcba40000 'C:\Windows\System32\NetSetupShim.dll'
185628bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
185728bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
185828bc.dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
185928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
186028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
186128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
186228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
186328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
186428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
186528bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
186628bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
186728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
186828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
186928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
187028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
187128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
187228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
187328bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll) WinVerifyTrust
187428bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
187528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
187628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
187728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
187828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
187928bc.dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
188028bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
188128bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
188228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
188328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
188428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
188528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
188628bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll) WinVerifyTrust
188728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
188828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
188928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189128bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189228bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
189328bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
189428bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffee190000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
189528bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
189628bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffe7280000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
189728bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
189828bc.dd4: supR3HardenedDllNotificationCallback: load 00007fff9e7a0000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
189928bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
190028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9e7a0000 'C:\Windows\System32\NetSetupEngine.dll'
190128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
190228bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
190328bc.dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
190428bc.1b7c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
190528bc.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
190628bc.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
190728bc.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
190828bc.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
190928bc.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
191028bc.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
191128bc.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
191228bc.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
191328bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191428bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
191528bc.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
191628bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
191728bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
191828bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
191928bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
192028bc.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
192128bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
192228bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
192328bc.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
192428bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
192528bc.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
192628bc.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
192728bc.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
192828bc.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
192928bc.1b7c: supR3HardenedDllNotificationCallback: load 00007fffcade0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
193028bc.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
193128bc.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcade0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
193228bc.c64: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
193328bc.c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
193428bc.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
193528bc.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
193628bc.c64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
193728bc.c64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
193828bc.c64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
193928bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
194028bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
194128bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
194228bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
194328bc.c64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
194428bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
194528bc.c64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
194628bc.c64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
194728bc.c64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
194828bc.c64: supR3HardenedDllNotificationCallback: load 00007fffcadd0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
194928bc.c64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
195028bc.c64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcadd0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
195128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
195228bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
195328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
195428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
195528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
195628bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
195728bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
195828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
195928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
196028bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
196128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
196228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
196328bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
196428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
196528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
196628bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
196728bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196828bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffee220000 LB 0x0073f000 C:\WINDOWS\System32\Shell32.dll [fFlags=0x0]
196928bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
197028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffee220000 'C:\WINDOWS\system32\Shell32.dll'
197128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
197228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
197328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
197428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
197528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
197628bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
197728bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wldp.dll)
197828bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wldp.dll
197928bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffecb60000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
198028bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
198128bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffeb230000 LB 0x00790000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
198228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
198328bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffef680000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
198428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
198528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
198628bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
198728bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
198828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
198928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
199028bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
199128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
199228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
199328bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
199428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
199528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
199628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
199728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
199828bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [lacks WinVerifyTrust]
199928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
200028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
200128bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
200228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
200328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
200428bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
200528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
200628bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
200728bc.dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
200828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
200928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
201028bc.dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wldp.dll'
201128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
201228bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
201328bc.dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
201428bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
201528bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
201628bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9e870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
201728bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
201828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
201928bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
202028bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
202128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
202228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
202328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
202428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
202528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
202628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
202728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
202828bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
202928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
203028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
203128bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
203228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203428bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
203528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
203628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
203728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
203828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
203928bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
204028bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
204128bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffb0ae0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
204228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
204328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0ae0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
204428bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffb0ae0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
204528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
204628bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
204728bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
204828bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
204928bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
205028bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
205128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
205228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
205328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
205428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
205528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
205628bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
205728bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
205828bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
205928bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
206028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
206128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
206228bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
206328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
206428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
206528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
206628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
206728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
206828bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
206928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
207028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
207128bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
207228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
207328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
207428bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
207528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
207628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
207728bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
207828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
207928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
208028bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
208128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
208228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
208328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
208428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
208528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
208628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
208728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
208828bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
208928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
209028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
209128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
209228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
209328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
209428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
209528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
209628bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
209728bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
209828bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
209928bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
210028bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
210128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
210228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
210328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
210428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
210528bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
210628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
210728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
210828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
210928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
211028bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
211128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
211228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
211328bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
211428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
211528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
211628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
211728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
211828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
211928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
212028bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
212128bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
212228bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
212328bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
212428bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
212528bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffab910000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
212628bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
212728bc.dd4: supR3HardenedDllNotificationCallback: load 00007fff9d530000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
212828bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
212928bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffec560000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
213028bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
213128bc.dd4: supR3HardenedDllNotificationCallback: load 00007fff9dd90000 LB 0x00a03000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
213228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
213328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9dd90000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
213428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
213528bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
213628bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
213728bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
213828bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffb0ae0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
213928bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
214028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0ae0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
214128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
214228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
214328bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
214428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
214528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
214628bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
214728bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
214828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9d530000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
214928bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
215028bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
215128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
215228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
215328bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
215428bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
215528bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
215628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
215728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
215828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
215928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
216028bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
216128bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
216228bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffbd0f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
216328bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
216428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbd0f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
216528bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
216628bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
216728bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
216828bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
216928bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
217028bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
217128bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
217228bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
217328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
217428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
217528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
217628bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
217728bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
217828bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffae960000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
217928bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
218028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffae960000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
218128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
218228bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
218328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
218428bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
218528bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
218628bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
218728bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
218828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
218928bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
219028bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
219128bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
219228bc.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
219328bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
219428bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
219528bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffab8f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
219628bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
219728bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffab8f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
219828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
219928bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
220028bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
220128bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
220228bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
220328bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
220428bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
220528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
220628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
220728bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
220828bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
220928bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
221028bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
221128bc.dd4: supR3HardenedDllNotificationCallback: load 00007fff9f050000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
221228bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
221328bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f050000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
221428bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
221528bc.93c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
221628bc.93c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
221728bc.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
221828bc.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
221928bc.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
222028bc.93c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
222128bc.93c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
222228bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
222328bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
222428bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
222528bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
222628bc.93c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
222728bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
222828bc.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
222928bc.93c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223028bc.93c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
223128bc.93c: supR3HardenedDllNotificationCallback: load 00007fff9f030000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
223228bc.93c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
223328bc.93c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f030000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
223428bc.a38: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
223528bc.a38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
223628bc.a38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
223728bc.a38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
223828bc.a38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
223928bc.a38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
224028bc.a38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
224128bc.a38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
224228bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
224328bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
224428bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
224528bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
224628bc.a38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
224728bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
224828bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
224928bc.a38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
225028bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
225128bc.a38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
225228bc.a38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
225328bc.a38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
225428bc.a38: supR3HardenedDllNotificationCallback: load 00007fffc9490000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
225528bc.a38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
225628bc.a38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc9490000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
225728bc.9a8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
225828bc.9a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
225928bc.9a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
226028bc.9a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
226128bc.9a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
226228bc.9a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
226328bc.9a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
226428bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
226528bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
226628bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
226728bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
226828bc.9a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
226928bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
227028bc.9a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
227128bc.9a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
227228bc.9a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
227328bc.9a8: supR3HardenedDllNotificationCallback: load 00007fffbfc80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
227428bc.9a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
227528bc.9a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbfc80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
227628bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
227728bc.dd4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
227828bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
227928bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
228028bc.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
228128bc.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
228228bc.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
228328bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
228428bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
228528bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
228628bc.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
228728bc.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228828bc.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
228928bc.dd4: supR3HardenedDllNotificationCallback: load 00007fffe2280000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
229028bc.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
229128bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe2280000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
229228bc.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
229328bc.dac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000870 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
229428bc.dac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f10b70
229528bc.dac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f10b70
229628bc.dac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8FA14805F0B9C3D46589914BC2CC7221B90A6A7
229728bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
229828bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
229928bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
230028bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
230128bc.dac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
230228bc.dac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
230328bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
230428bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
230528bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
230628bc.dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
230728bc.dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
230828bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
230928bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
231028bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
231128bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
231228bc.dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
231328bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231428bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231528bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
231628bc.dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
231728bc.dac: supR3HardenedDllNotificationCallback: load 00007fffeaa80000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
231828bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
231928bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffeaa80000 'C:\WINDOWS\system32\uxtheme.dll'
232028bc.dac: supR3HardenedDllNotificationCallback: load 00007fffeecc0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
232128bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
232228bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
232328bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
232428bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
232528bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
232628bc.dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
232728bc.dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
232828bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
232928bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
233028bc.dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
233128bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
233228bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
233328bc.dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
233428bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
233528bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
233628bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
233728bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
233828bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
233928bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
234028bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
234128bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
234228bc.dac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
234328bc.dac: \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
234428bc.dac: \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll: Signature #1/1: info status: 24202
234528bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
234628bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
234728bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
234828bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
234928bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
235028bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
235128bc.dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
235228bc.dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
235328bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
235428bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
235528bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
235628bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
235728bc.dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
235828bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
235928bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
236028bc.dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
236128bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
236228bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
236328bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
236428bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
236528bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
236628bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
236728bc.dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
236828bc.dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
236928bc.dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
237028bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
237128bc.dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
237228bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
237328bc.dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
237428bc.dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
237528bc.dac: supR3HardenedDllNotificationCallback: load 00007fffe7f30000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
237628bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
237728bc.dac: supR3HardenedDllNotificationCallback: load 00007fffc9390000 LB 0x0008b000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
237828bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
237928bc.dac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
238028bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
238128bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
238228bc.dac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
238328bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
238428bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
238528bc.dac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
238628bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
238728bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
238828bc.dac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
238928bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
239028bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
239128bc.dac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
239228bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
239328bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-l1-2-1'
239428bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
239528bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
239628bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
239728bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc9390000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
239828bc.dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
239928bc.dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240028bc.dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef490000 'C:\WINDOWS\system32\advapi32.dll'
2401780.a1c: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
2402780.a1c: \SystemRoot\System32\ntdll.dll:
2403780.a1c: CreationTime: 2021-09-10T13:40:09.725917600Z
2404780.a1c: LastWriteTime: 2021-09-10T13:40:09.764957200Z
2405780.a1c: ChangeTime: 2021-09-15T06:55:02.151797400Z
2406780.a1c: FileAttributes: 0x20
2407780.a1c: Size: 0x1ee518
2408780.a1c: NT Headers: 0xe8
2409780.a1c: Timestamp: 0x4f115fac
2410780.a1c: Machine: 0x8664 - amd64
2411780.a1c: Timestamp: 0x4f115fac
2412780.a1c: Image Version: 10.0
2413780.a1c: SizeOfImage: 0x1f5000 (2052096)
2414780.a1c: Resource Dir: 0x184000 LB 0x6fdc8
2415780.a1c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2416780.a1c: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2417780.a1c: ProductName: Microsoft® Windows® Operating System
2418780.a1c: ProductVersion: 10.0.19041.1202
2419780.a1c: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
2420780.a1c: FileDescription: NT Layer DLL
2421780.a1c: \SystemRoot\System32\kernel32.dll:
2422780.a1c: CreationTime: 2021-09-10T13:39:58.429708600Z
2423780.a1c: LastWriteTime: 2021-09-10T13:39:58.464844700Z
2424780.a1c: ChangeTime: 2021-09-15T06:55:02.017108500Z
2425780.a1c: FileAttributes: 0x20
2426780.a1c: Size: 0xbc060
2427780.a1c: NT Headers: 0xe8
2428780.a1c: Timestamp: 0x871fae9
2429780.a1c: Machine: 0x8664 - amd64
2430780.a1c: Timestamp: 0x871fae9
2431780.a1c: Image Version: 10.0
2432780.a1c: SizeOfImage: 0xbe000 (778240)
2433780.a1c: Resource Dir: 0xbc000 LB 0x520
2434780.a1c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2435780.a1c: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2436780.a1c: ProductName: Microsoft® Windows® Operating System
2437780.a1c: ProductVersion: 10.0.19041.1202
2438780.a1c: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
2439780.a1c: FileDescription: Windows NT BASE API Client DLL
2440780.a1c: \SystemRoot\System32\KernelBase.dll:
2441780.a1c: CreationTime: 2021-09-10T13:40:10.475488000Z
2442780.a1c: LastWriteTime: 2021-09-10T13:40:10.535998700Z
2443780.a1c: ChangeTime: 2021-09-15T06:55:02.366516300Z
2444780.a1c: FileAttributes: 0x20
2445780.a1c: Size: 0x2c9da8
2446780.a1c: NT Headers: 0xf0
2447780.a1c: Timestamp: 0xc9db1934
2448780.a1c: Machine: 0x8664 - amd64
2449780.a1c: Timestamp: 0xc9db1934
2450780.a1c: Image Version: 10.0
2451780.a1c: SizeOfImage: 0x2c9000 (2920448)
2452780.a1c: Resource Dir: 0x2a0000 LB 0x548
2453780.a1c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2454780.a1c: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2455780.a1c: ProductName: Microsoft® Windows® Operating System
2456780.a1c: ProductVersion: 10.0.19041.1202
2457780.a1c: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
2458780.a1c: FileDescription: Windows NT BASE API Client DLL
2459780.a1c: \SystemRoot\System32\apisetschema.dll:
2460780.a1c: CreationTime: 2019-12-07T09:08:13.518339400Z
2461780.a1c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
2462780.a1c: ChangeTime: 2021-09-15T06:55:01.995636600Z
2463780.a1c: FileAttributes: 0x20
2464780.a1c: Size: 0x1f538
2465780.a1c: NT Headers: 0xd0
2466780.a1c: Timestamp: 0x31288ce0
2467780.a1c: Machine: 0x8664 - amd64
2468780.a1c: Timestamp: 0x31288ce0
2469780.a1c: Image Version: 10.0
2470780.a1c: SizeOfImage: 0x20000 (131072)
2471780.a1c: Resource Dir: 0x1f000 LB 0x408
2472780.a1c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2473780.a1c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2474780.a1c: ProductName: Microsoft® Windows® Operating System
2475780.a1c: ProductVersion: 10.0.19041.1
2476780.a1c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
2477780.a1c: FileDescription: ApiSet Schema DLL
2478780.a1c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2479780.a1c: supR3HardenedWinFindAdversaries: 0x0
2480780.a1c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2481780.a1c: Calling main()
2482780.a1c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
2483780.a1c: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2484780.a1c: System32: \Device\HarddiskVolume4\Windows\System32
2485780.a1c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2486780.a1c: KnownDllPath: C:\WINDOWS\System32
2487780.a1c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2488780.a1c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2489780.a1c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2490780.a1c: supR3HardNtEnableThreadCreationEx:
2491780.a1c: bcrypt.dll loaded at 00007fffed3d0000, BCryptOpenAlgorithmProvider at 00007fffed3d51e0, preloading providers:
2492780.a1c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a105e0)
2493780.a1c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a11a40)
2494780.a1c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a11d60)
2495780.a1c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a12080)
2496780.a1c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a123a0)
2497780.a1c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a126c0)
2498780.a1c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a129e0)
2499780.a1c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a12d00)
2500780.a1c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
2501780.a1c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a1c080
2502780.a1c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a1c080
2503780.a1c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=459E91D5F37CCB35AB26461A509CE3D00E44A669
2504780.a1c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1237.cat'; file='\SystemRoot\System32\ntdll.dll'
2505780.a1c: g_pfnWinVerifyTrust=00007fffed261da0
2506780.a1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
2507780.a1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2508780.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2509780.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2510780.a1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
2511780.a1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
2512780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
2513780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
2514780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
2515780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
2516780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
2517780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
2518780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
2519780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
2520780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xae9fa2382e1bb400 CN=ESET SSL Filter CA, O=ESET, spol. s r. o., C=SK
2521780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
2522780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
2523780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
2524780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
2525780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
2526780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
2527780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
2528780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
2529780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
2530780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
2531780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
2532780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
2533780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
2534780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
2535780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
2536780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
2537780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
2538780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
2539780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
2540780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
2541780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
2542780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
2543780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
2544780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
2545780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
2546780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
2547780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2548780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
2549780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
2550780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
2551780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
2552780.a1c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
2553780.a1c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
2554780.a1c: SUPR3HardenedMain: Load Runtime...
2555780.a1c: SUPR3HardenedMain: Load TrustedMain...
2556780.a1c: SUPR3HardenedMain: Calling TrustedMain (00007fff7a0b16c0)...
2557780.a1c: Terminating the normal way: rcExit=0
255828bc.9a8: supR3HardenedDllNotificationCallback: Unload 00007fffbfc80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
255928bc.a38: supR3HardenedDllNotificationCallback: Unload 00007fffc9490000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
256028bc.93c: supR3HardenedDllNotificationCallback: Unload 00007fff9f030000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
256128bc.c64: supR3HardenedDllNotificationCallback: Unload 00007fffcadd0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
256228bc.1b7c: supR3HardenedDllNotificationCallback: Unload 00007fffcade0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
256328bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fff9f050000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
256428bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffab8f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
256528bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffae960000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
256628bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffbd0f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
256728bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffb0ae0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
256828bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fff9dd90000 LB 0x00a03000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
256928bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffab910000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
257028bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fff9d530000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
257128bc.dd4: supR3HardenedDllNotificationCallback: Unload 00007fffec560000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
257228bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcadf0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
257328bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffceec0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
257428bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcef50000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
257528bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fff9f440000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
257628bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcfa10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
257728bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcf8f0000 LB 0x00092000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
257828bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fff9f070000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
257928bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcba40000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
258028bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcb930000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
258128bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffedd10000 LB 0x00472000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
258228bc.6c0: supR3HardenedDllNotificationCallback: Unload 00007fffcb960000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
258328bc.6c0: Terminating the normal way: rcExit=0
25841300.1440: Log file opened: 6.1.26r145957 g_hStartupLog=000000000000008c g_uNtVerCombined=0xa04a6200
25851300.1440: \SystemRoot\System32\ntdll.dll:
25861300.1440: CreationTime: 2021-09-10T13:40:09.725917600Z
25871300.1440: LastWriteTime: 2021-09-10T13:40:09.764957200Z
25881300.1440: ChangeTime: 2021-09-15T06:55:02.151797400Z
25891300.1440: FileAttributes: 0x20
25901300.1440: Size: 0x1ee518
25911300.1440: NT Headers: 0xe8
25921300.1440: Timestamp: 0x4f115fac
25931300.1440: Machine: 0x8664 - amd64
25941300.1440: Timestamp: 0x4f115fac
25951300.1440: Image Version: 10.0
25961300.1440: SizeOfImage: 0x1f5000 (2052096)
25971300.1440: Resource Dir: 0x184000 LB 0x6fdc8
25981300.1440: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
25991300.1440: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
26001300.1440: ProductName: Microsoft® Windows® Operating System
26011300.1440: ProductVersion: 10.0.19041.1202
26021300.1440: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
26031300.1440: FileDescription: NT Layer DLL
26041300.1440: \SystemRoot\System32\kernel32.dll:
26051300.1440: CreationTime: 2021-09-10T13:39:58.429708600Z
26061300.1440: LastWriteTime: 2021-09-10T13:39:58.464844700Z
26071300.1440: ChangeTime: 2021-09-15T06:55:02.017108500Z
26081300.1440: FileAttributes: 0x20
26091300.1440: Size: 0xbc060
26101300.1440: NT Headers: 0xe8
26111300.1440: Timestamp: 0x871fae9
26121300.1440: Machine: 0x8664 - amd64
26131300.1440: Timestamp: 0x871fae9
26141300.1440: Image Version: 10.0
26151300.1440: SizeOfImage: 0xbe000 (778240)
26161300.1440: Resource Dir: 0xbc000 LB 0x520
26171300.1440: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
26181300.1440: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
26191300.1440: ProductName: Microsoft® Windows® Operating System
26201300.1440: ProductVersion: 10.0.19041.1202
26211300.1440: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
26221300.1440: FileDescription: Windows NT BASE API Client DLL
26231300.1440: \SystemRoot\System32\KernelBase.dll:
26241300.1440: CreationTime: 2021-09-10T13:40:10.475488000Z
26251300.1440: LastWriteTime: 2021-09-10T13:40:10.535998700Z
26261300.1440: ChangeTime: 2021-09-15T06:55:02.366516300Z
26271300.1440: FileAttributes: 0x20
26281300.1440: Size: 0x2c9da8
26291300.1440: NT Headers: 0xf0
26301300.1440: Timestamp: 0xc9db1934
26311300.1440: Machine: 0x8664 - amd64
26321300.1440: Timestamp: 0xc9db1934
26331300.1440: Image Version: 10.0
26341300.1440: SizeOfImage: 0x2c9000 (2920448)
26351300.1440: Resource Dir: 0x2a0000 LB 0x548
26361300.1440: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
26371300.1440: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
26381300.1440: ProductName: Microsoft® Windows® Operating System
26391300.1440: ProductVersion: 10.0.19041.1202
26401300.1440: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
26411300.1440: FileDescription: Windows NT BASE API Client DLL
26421300.1440: \SystemRoot\System32\apisetschema.dll:
26431300.1440: CreationTime: 2019-12-07T09:08:13.518339400Z
26441300.1440: LastWriteTime: 2019-12-07T09:08:13.518339400Z
26451300.1440: ChangeTime: 2021-09-15T06:55:01.995636600Z
26461300.1440: FileAttributes: 0x20
26471300.1440: Size: 0x1f538
26481300.1440: NT Headers: 0xd0
26491300.1440: Timestamp: 0x31288ce0
26501300.1440: Machine: 0x8664 - amd64
26511300.1440: Timestamp: 0x31288ce0
26521300.1440: Image Version: 10.0
26531300.1440: SizeOfImage: 0x20000 (131072)
26541300.1440: Resource Dir: 0x1f000 LB 0x408
26551300.1440: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
26561300.1440: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
26571300.1440: ProductName: Microsoft® Windows® Operating System
26581300.1440: ProductVersion: 10.0.19041.1
26591300.1440: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
26601300.1440: FileDescription: ApiSet Schema DLL
26611300.1440: NtOpenDirectoryObject failed on \Driver: 0xc0000022
26621300.1440: supR3HardenedWinFindAdversaries: 0x0
26631300.1440: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
26641300.1440: Calling main()
26651300.1440: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
26661300.1440: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
26671300.1440: SUPR3HardenedMain: Respawn #1
26681300.1440: System32: \Device\HarddiskVolume4\Windows\System32
26691300.1440: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
26701300.1440: KnownDllPath: C:\WINDOWS\System32
26711300.1440: supR3HardenedWinInit: Performing a limited self purification...
26721300.1440: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
26731300.1440: *0000000000000000-0000000000edffff 0x0001/0x0000 0x0000000
26741300.1440: *0000000000ee0000-0000000000eeffff 0x0004/0x0004 0x0040000
26751300.1440: 0000000000ef0000-0000000000efffff 0x0001/0x0000 0x0000000
26761300.1440: *0000000000f00000-0000000000f1cfff 0x0002/0x0002 0x0040000
26771300.1440: 0000000000f1d000-0000000000f1ffff 0x0001/0x0000 0x0000000
26781300.1440: *0000000000f20000-0000000000f23fff 0x0002/0x0002 0x0040000
26791300.1440: 0000000000f24000-0000000000f2ffff 0x0001/0x0000 0x0000000
26801300.1440: *0000000000f30000-0000000000f31fff 0x0004/0x0004 0x0020000
26811300.1440: 0000000000f32000-0000000000f3ffff 0x0001/0x0000 0x0000000
26821300.1440: *0000000000f40000-0000000000f41fff 0x0004/0x0004 0x0020000
26831300.1440: 0000000000f42000-0000000000f71fff 0x0000/0x0004 0x0020000
26841300.1440: 0000000000f72000-0000000000f8ffff 0x0001/0x0000 0x0000000
26851300.1440: *0000000000f90000-0000000000f9efff 0x0004/0x0004 0x0020000
26861300.1440: 0000000000f9f000-0000000000f9ffff 0x0000/0x0004 0x0020000
26871300.1440: 0000000000fa0000-0000000000ffffff 0x0001/0x0000 0x0000000
26881300.1440: *0000000001000000-000000000108afff 0x0000/0x0004 0x0020000
26891300.1440: 000000000108b000-000000000108dfff 0x0004/0x0004 0x0020000
26901300.1440: 000000000108e000-00000000011fffff 0x0000/0x0004 0x0020000
26911300.1440: *0000000001200000-00000000012b8fff 0x0000/0x0004 0x0020000
26921300.1440: 00000000012b9000-00000000012bbfff 0x0104/0x0004 0x0020000
26931300.1440: 00000000012bc000-00000000012fffff 0x0004/0x0004 0x0020000
26941300.1440: *0000000001300000-00000000013c8fff 0x0002/0x0002 0x0040000
26951300.1440: 00000000013c9000-000000000144ffff 0x0001/0x0000 0x0000000
26961300.1440: *0000000001450000-0000000001456fff 0x0004/0x0004 0x0020000
26971300.1440: 0000000001457000-000000000154ffff 0x0000/0x0004 0x0020000
26981300.1440: *0000000001550000-000000000155afff 0x0000/0x0004 0x0020000
26991300.1440: 000000000155b000-0000000001750fff 0x0004/0x0004 0x0020000
27001300.1440: 0000000001751000-0000000001751fff 0x0000/0x0004 0x0020000
27011300.1440: 0000000001752000-000000000175ffff 0x0001/0x0000 0x0000000
27021300.1440: *0000000001760000-0000000001784fff 0x0004/0x0004 0x0020000
27031300.1440: 0000000001785000-000000000185ffff 0x0000/0x0004 0x0020000
27041300.1440: 0000000001860000-000000007ffdffff 0x0001/0x0000 0x0000000
27051300.1440: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
27061300.1440: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
27071300.1440: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
27081300.1440: 000000007ffec000-00007ff49492ffff 0x0001/0x0000 0x0000000
27091300.1440: *00007ff494930000-00007ff494934fff 0x0002/0x0002 0x0040000
27101300.1440: 00007ff494935000-00007ff494a2ffff 0x0000/0x0002 0x0040000
27111300.1440: *00007ff494a30000-00007ff594a4ffff 0x0000/0x0004 0x0020000
27121300.1440: *00007ff594a50000-00007ff596a4ffff 0x0000/0x0004 0x0020000
27131300.1440: 00007ff596a50000-00007ff596a50fff 0x0004/0x0004 0x0020000
27141300.1440: 00007ff596a51000-00007ff596a5ffff 0x0001/0x0000 0x0000000
27151300.1440: *00007ff596a60000-00007ff596a60fff 0x0002/0x0002 0x0040000
27161300.1440: 00007ff596a61000-00007ff596a6ffff 0x0001/0x0000 0x0000000
27171300.1440: *00007ff596a70000-00007ff596a92fff 0x0002/0x0002 0x0040000
27181300.1440: 00007ff596a93000-00007ff7854fffff 0x0001/0x0000 0x0000000
27191300.1440: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27201300.1440: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27211300.1440: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27221300.1440: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27231300.1440: 00007ff7855c1000-00007ff7855c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27241300.1440: 00007ff7855c4000-00007ff7855c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27251300.1440: 00007ff7855c7000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27261300.1440: 00007ff7855ca000-00007ff7855cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27271300.1440: 00007ff7855cb000-00007ff7855ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27281300.1440: 00007ff7855cd000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27291300.1440: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
27301300.1440: 00007ff785617000-00007fffed4affff 0x0001/0x0000 0x0000000
27311300.1440: *00007fffed4b0000-00007fffed4b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27321300.1440: 00007fffed4b1000-00007fffed5c2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27331300.1440: 00007fffed5c3000-00007fffed73afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27341300.1440: 00007fffed73b000-00007fffed73efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27351300.1440: 00007fffed73f000-00007fffed73ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27361300.1440: 00007fffed740000-00007fffed778fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
27371300.1440: 00007fffed779000-00007fffef0effff 0x0001/0x0000 0x0000000
27381300.1440: *00007fffef0f0000-00007fffef0f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27391300.1440: 00007fffef0f1000-00007fffef16ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27401300.1440: 00007fffef170000-00007fffef1a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27411300.1440: 00007fffef1a3000-00007fffef1a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27421300.1440: 00007fffef1a4000-00007fffef1a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27431300.1440: 00007fffef1a5000-00007fffef1adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27441300.1440: 00007fffef1ae000-00007fffef9effff 0x0001/0x0000 0x0000000
27451300.1440: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27461300.1440: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27471300.1440: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27481300.1440: 00007fffefb54000-00007fffefb54fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27491300.1440: 00007fffefb55000-00007fffefb56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27501300.1440: 00007fffefb57000-00007fffefb5ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27511300.1440: 00007fffefb60000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27521300.1440: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
27531300.1440: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
27541300.1440: kernelbase.dll: timestamp 0xc9db1934 (rc=VINF_SUCCESS)
27551300.1440: VBoxHeadless.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
27561300.1440: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
27571300.1440: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
27581300.1440: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
27591300.1440: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
27601300.1440: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
27611300.1440: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
27621300.1440: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
27631300.1440: supR3HardNtEnableThreadCreationEx:
27641300.1440: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
27651300.1440: supR3HardenedWinDoReSpawn(1): New child 1e34.2f80 [kernel32].
27661300.1440: supR3HardNtChildGatherData: PebBaseAddress=00000000003c7000 cbPeb=0x388
27671300.1440: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffef9f0000 uNtDllChildAddr=00007fffef9f0000
27681300.1440: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffefa64b00
27691300.1440: supR3HardenedWinSetupChildInit: Initial context:
2770 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff785507740 rdx=00000000003c7000
2771 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
2772 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
2773 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
2774 rip=00007fffefa42630 rsp=000000000051f808 rbp=0000000000000000 ctxflags=0010001b
2775 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
2776 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
2777 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
2778 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
2779 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
27801300.1440: supR3HardenedWinSetupChildInit: Start child.
27811300.1440: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
27821300.1440: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 30 sleeps
27831300.1440: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
27841300.1440: *0000000000000000-00000000001dffff 0x0001/0x0000 0x0000000
27851300.1440: *00000000001e0000-00000000001fffff 0x0004/0x0004 0x0020000
27861300.1440: *0000000000200000-00000000003c6fff 0x0000/0x0004 0x0020000
27871300.1440: 00000000003c7000-00000000003c9fff 0x0004/0x0004 0x0020000
27881300.1440: 00000000003ca000-00000000003fffff 0x0000/0x0004 0x0020000
27891300.1440: *0000000000400000-000000000041cfff 0x0002/0x0002 0x0040000
27901300.1440: 000000000041d000-000000000041ffff 0x0001/0x0000 0x0000000
27911300.1440: *0000000000420000-000000000051afff 0x0000/0x0004 0x0020000
27921300.1440: 000000000051b000-000000000051dfff 0x0104/0x0004 0x0020000
27931300.1440: 000000000051e000-000000000051ffff 0x0004/0x0004 0x0020000
27941300.1440: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
27951300.1440: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
27961300.1440: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000
27971300.1440: 0000000000532000-000000007ffdffff 0x0001/0x0000 0x0000000
27981300.1440: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
27991300.1440: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
28001300.1440: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
28011300.1440: 000000007ffec000-00007ff566f4ffff 0x0001/0x0000 0x0000000
28021300.1440: *00007ff566f50000-00007ff566f50fff 0x0002/0x0002 0x0040000
28031300.1440: 00007ff566f51000-00007ff566f5ffff 0x0001/0x0000 0x0000000
28041300.1440: *00007ff566f60000-00007ff566f82fff 0x0002/0x0002 0x0040000
28051300.1440: 00007ff566f83000-00007ff7854fffff 0x0001/0x0000 0x0000000
28061300.1440: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28071300.1440: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28081300.1440: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28091300.1440: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28101300.1440: 00007ff7855c1000-00007ff7855c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28111300.1440: 00007ff7855c2000-00007ff7855c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28121300.1440: 00007ff7855c3000-00007ff7855c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28131300.1440: 00007ff7855c8000-00007ff7855c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28141300.1440: 00007ff7855c9000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28151300.1440: 00007ff7855ca000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28161300.1440: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28171300.1440: 00007ff785617000-00007fffef9effff 0x0001/0x0000 0x0000000
28181300.1440: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28191300.1440: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28201300.1440: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28211300.1440: 00007fffefb54000-00007fffefb5ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28221300.1440: 00007fffefb60000-00007fffefb6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28231300.1440: 00007fffefb6f000-00007fffefb6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28241300.1440: 00007fffefb70000-00007fffefb72fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28251300.1440: 00007fffefb73000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28261300.1440: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
28271300.1440: supR3HardNtChildPurify: Done after 266 ms and 0 fixes (loop #0).
28281e34.2f80: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
28291e34.2f80: supR3HardenedVmProcessInit: uNtDllAddr=00007fffef9f0000 g_uNtVerCombined=0xa04a6200 (stack ~000000000051f298)
28301e34.2f80: ntdll.dll: timestamp 0x4f115fac (rc=VINF_SUCCESS)
28311e34.2f80: New simple heap: #1 0000000000640000 LB 0x400000 (for 2052096 allocation)
28321300.1440: supR3HardNtEnableThreadCreationEx:
28331e34.2f80: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
28341e34.2f80: System32: \Device\HarddiskVolume4\Windows\System32
28351e34.2f80: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
28361e34.2f80: KnownDllPath: C:\WINDOWS\System32
28371e34.2f80: supR3HardenedVmProcessInit: Opening vboxdrv stub...
28381e34.2f80: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
28391e34.2f80: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
28401e34.2f80: Registered Dll notification callback with NTDLL.
28411e34.2f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
28421e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
28431e34.2f80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
28441e34.2f80: supR3HardenedDllNotificationCallback: load 00007fffed4b0000 LB 0x002c9000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
28451e34.2f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
28461e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
28471e34.2f80: supR3HardenedDllNotificationCallback: load 00007fffef0f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
28481e34.2f80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28491e34.2f80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
28501e34.2f80: supR3HardenedDllNotificationCallback: load 00007ff785500000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
28511e34.2f80: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
28521e34.2f80: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
28531e34.2f80: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
28541e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
28551e34.2f80: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
28561300.1440: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
28571e34.2f80: \SystemRoot\System32\ntdll.dll:
28581e34.2f80: CreationTime: 2021-09-10T13:40:09.725917600Z
28591e34.2f80: LastWriteTime: 2021-09-10T13:40:09.764957200Z
28601e34.2f80: ChangeTime: 2021-09-15T06:55:02.151797400Z
28611e34.2f80: FileAttributes: 0x20
28621e34.2f80: Size: 0x1ee518
28631e34.2f80: NT Headers: 0xe8
28641e34.2f80: Timestamp: 0x4f115fac
28651e34.2f80: Machine: 0x8664 - amd64
28661e34.2f80: Timestamp: 0x4f115fac
28671e34.2f80: Image Version: 10.0
28681e34.2f80: SizeOfImage: 0x1f5000 (2052096)
28691e34.2f80: Resource Dir: 0x184000 LB 0x6fdc8
28701e34.2f80: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
28711e34.2f80: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
28721e34.2f80: ProductName: Microsoft® Windows® Operating System
28731e34.2f80: ProductVersion: 10.0.19041.1202
28741e34.2f80: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
28751e34.2f80: FileDescription: NT Layer DLL
28761e34.2f80: \SystemRoot\System32\kernel32.dll:
28771e34.2f80: CreationTime: 2021-09-10T13:39:58.429708600Z
28781e34.2f80: LastWriteTime: 2021-09-10T13:39:58.464844700Z
28791e34.2f80: ChangeTime: 2021-09-15T06:55:02.017108500Z
28801e34.2f80: FileAttributes: 0x20
28811e34.2f80: Size: 0xbc060
28821e34.2f80: NT Headers: 0xe8
28831e34.2f80: Timestamp: 0x871fae9
28841e34.2f80: Machine: 0x8664 - amd64
28851e34.2f80: Timestamp: 0x871fae9
28861e34.2f80: Image Version: 10.0
28871e34.2f80: SizeOfImage: 0xbe000 (778240)
28881e34.2f80: Resource Dir: 0xbc000 LB 0x520
28891e34.2f80: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
28901e34.2f80: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
28911e34.2f80: ProductName: Microsoft® Windows® Operating System
28921e34.2f80: ProductVersion: 10.0.19041.1202
28931e34.2f80: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
28941e34.2f80: FileDescription: Windows NT BASE API Client DLL
28951e34.2f80: \SystemRoot\System32\KernelBase.dll:
28961e34.2f80: CreationTime: 2021-09-10T13:40:10.475488000Z
28971e34.2f80: LastWriteTime: 2021-09-10T13:40:10.535998700Z
28981e34.2f80: ChangeTime: 2021-09-15T06:55:02.366516300Z
28991e34.2f80: FileAttributes: 0x20
29001e34.2f80: Size: 0x2c9da8
29011e34.2f80: NT Headers: 0xf0
29021e34.2f80: Timestamp: 0xc9db1934
29031e34.2f80: Machine: 0x8664 - amd64
29041e34.2f80: Timestamp: 0xc9db1934
29051e34.2f80: Image Version: 10.0
29061e34.2f80: SizeOfImage: 0x2c9000 (2920448)
29071e34.2f80: Resource Dir: 0x2a0000 LB 0x548
29081e34.2f80: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
29091e34.2f80: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
29101e34.2f80: ProductName: Microsoft® Windows® Operating System
29111e34.2f80: ProductVersion: 10.0.19041.1202
29121e34.2f80: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
29131e34.2f80: FileDescription: Windows NT BASE API Client DLL
29141e34.2f80: \SystemRoot\System32\apisetschema.dll:
29151e34.2f80: CreationTime: 2019-12-07T09:08:13.518339400Z
29161e34.2f80: LastWriteTime: 2019-12-07T09:08:13.518339400Z
29171e34.2f80: ChangeTime: 2021-09-15T06:55:01.995636600Z
29181e34.2f80: FileAttributes: 0x20
29191e34.2f80: Size: 0x1f538
29201e34.2f80: NT Headers: 0xd0
29211e34.2f80: Timestamp: 0x31288ce0
29221e34.2f80: Machine: 0x8664 - amd64
29231e34.2f80: Timestamp: 0x31288ce0
29241e34.2f80: Image Version: 10.0
29251e34.2f80: SizeOfImage: 0x20000 (131072)
29261e34.2f80: Resource Dir: 0x1f000 LB 0x408
29271e34.2f80: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
29281e34.2f80: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
29291e34.2f80: ProductName: Microsoft® Windows® Operating System
29301e34.2f80: ProductVersion: 10.0.19041.1
29311e34.2f80: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
29321e34.2f80: FileDescription: ApiSet Schema DLL
29331e34.2f80: NtOpenDirectoryObject failed on \Driver: 0xc0000022
29341e34.2f80: supR3HardenedWinFindAdversaries: 0x0
29351e34.2f80: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
29361e34.2f80: Calling main()
29371e34.2f80: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
29381e34.2f80: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
29391e34.2f80: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
29401e34.2f80: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
29411e34.2f80: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
29421e34.2f80: SUPR3HardenedMain: Respawn #2
29431e34.2f80: supR3HardNtEnableThreadCreationEx:
29441e34.2f80: supR3HardenedDllNotificationCallback: load 00007fffedaf0000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
29451e34.2f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
29461e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
29471e34.2f80: supR3HardenedDllNotificationCallback: load 00007fffef910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
29481e34.2f80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
29491e34.2f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
29501e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
29511e34.2f80: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
29521e34.2f80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
29531e34.2f80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
29541e34.2f80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29551e34.2f80: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29561e34.2f80: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
29571e34.2f80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29581e34.2f80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef9f0000 'C:\WINDOWS\System32\ntdll.dll'
29591e34.2f80: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
29601e34.2f80: supR3HardenedWinDoReSpawn(2): New child 2f9c.2d14 [kernel32].
29611e34.2f80: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
29621e34.2f80: supR3HardNtChildGatherData: PebBaseAddress=00000000003aa000 cbPeb=0x388
29631e34.2f80: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffef9f0000 uNtDllChildAddr=00007fffef9f0000
29641e34.2f80: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffefa64b00
29651e34.2f80: supR3HardenedWinSetupChildInit: Initial context:
2966 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff785507740 rdx=00000000003aa000
2967 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
2968 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
2969 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
2970 rip=00007fffefa42630 rsp=00000000004ffdc8 rbp=0000000000000000 ctxflags=0010001b
2971 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
2972 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
2973 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
2974 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
2975 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
29761e34.2f80: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
29771e34.2f80: supR3HardenedWinSetupChildInit: Start child.
29781e34.2f80: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
29791e34.2f80: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 30 sleeps
29801e34.2f80: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
29811e34.2f80: *0000000000000000-000000000017ffff 0x0001/0x0000 0x0000000
29821e34.2f80: *0000000000180000-000000000019ffff 0x0004/0x0004 0x0020000
29831e34.2f80: *00000000001a0000-00000000001bcfff 0x0002/0x0002 0x0040000
29841e34.2f80: 00000000001bd000-00000000001bffff 0x0001/0x0000 0x0000000
29851e34.2f80: *00000000001c0000-00000000001c3fff 0x0002/0x0002 0x0040000
29861e34.2f80: 00000000001c4000-00000000001cffff 0x0001/0x0000 0x0000000
29871e34.2f80: *00000000001d0000-00000000001d1fff 0x0004/0x0004 0x0020000
29881e34.2f80: 00000000001d2000-00000000001fffff 0x0001/0x0000 0x0000000
29891e34.2f80: *0000000000200000-00000000003a9fff 0x0000/0x0004 0x0020000
29901e34.2f80: 00000000003aa000-00000000003acfff 0x0004/0x0004 0x0020000
29911e34.2f80: 00000000003ad000-00000000003fffff 0x0000/0x0004 0x0020000
29921e34.2f80: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
29931e34.2f80: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
29941e34.2f80: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
29951e34.2f80: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
29961e34.2f80: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
29971e34.2f80: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
29981e34.2f80: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
29991e34.2f80: 000000007ffec000-00007ff5efb5ffff 0x0001/0x0000 0x0000000
30001e34.2f80: *00007ff5efb60000-00007ff5efb60fff 0x0002/0x0002 0x0040000
30011e34.2f80: 00007ff5efb61000-00007ff5efb6ffff 0x0001/0x0000 0x0000000
30021e34.2f80: *00007ff5efb70000-00007ff5efb92fff 0x0002/0x0002 0x0040000
30031e34.2f80: 00007ff5efb93000-00007ff7854fffff 0x0001/0x0000 0x0000000
30041e34.2f80: *00007ff785500000-00007ff785500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30051e34.2f80: 00007ff785501000-00007ff785576fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30061e34.2f80: 00007ff785577000-00007ff785577fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30071e34.2f80: 00007ff785578000-00007ff7855c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30081e34.2f80: 00007ff7855c1000-00007ff7855c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30091e34.2f80: 00007ff7855c2000-00007ff7855c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30101e34.2f80: 00007ff7855c3000-00007ff7855c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30111e34.2f80: 00007ff7855c8000-00007ff7855c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30121e34.2f80: 00007ff7855c9000-00007ff7855c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30131e34.2f80: 00007ff7855ca000-00007ff7855cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30141e34.2f80: 00007ff7855ce000-00007ff785616fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30151e34.2f80: 00007ff785617000-00007fffef9effff 0x0001/0x0000 0x0000000
30161e34.2f80: *00007fffef9f0000-00007fffef9f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30171e34.2f80: 00007fffef9f1000-00007fffefb0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30181e34.2f80: 00007fffefb0c000-00007fffefb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30191e34.2f80: 00007fffefb54000-00007fffefb5ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30201e34.2f80: 00007fffefb60000-00007fffefb6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30211e34.2f80: 00007fffefb6f000-00007fffefb6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30221e34.2f80: 00007fffefb70000-00007fffefb72fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30231e34.2f80: 00007fffefb73000-00007fffefbe4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30241e34.2f80: 00007fffefbe5000-00007ffffffeffff 0x0001/0x0000 0x0000000
30251e34.2f80: VBoxHeadless.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
30261e34.2f80: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
30271e34.2f80: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
30281e34.2f80: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
30291e34.2f80: supR3HardNtChildPurify: Done after 296 ms and 0 fixes (loop #0).
30302f9c.2d14: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
30312f9c.2d14: supR3HardenedVmProcessInit: uNtDllAddr=00007fffef9f0000 g_uNtVerCombined=0xa04a6200 (stack ~00000000004ff858)
30321e34.2f80: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000640000 LB 0x400000)
30332f9c.2d14: ntdll.dll: timestamp 0x4f115fac (rc=VINF_SUCCESS)
30342f9c.2d14: New simple heap: #1 0000000000600000 LB 0x400000 (for 2052096 allocation)
30351e34.2f80: supR3HardNtEnableThreadCreationEx:
30362f9c.2d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
30372f9c.2d14: System32: \Device\HarddiskVolume4\Windows\System32
30382f9c.2d14: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
30392f9c.2d14: KnownDllPath: C:\WINDOWS\System32
30402f9c.2d14: supR3HardenedVmProcessInit: Opening vboxdrv...
30412f9c.2d14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
30422f9c.2d14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
30432f9c.2d14: Registered Dll notification callback with NTDLL.
30442f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
30452f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
30462f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
30472f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed4b0000 LB 0x002c9000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
30482f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
30492f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
30502f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef0f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
30512f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
30522f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
30532f9c.2d14: supR3HardenedDllNotificationCallback: load 00007ff785500000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
30542f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
30552f9c.2d14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
30562f9c.2d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
30572f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
30582f9c.2d14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffefa64b00 pvNtTerminateThread=00007fffefa8d7c0
30591e34.2f80: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms.
30602f9c.2d14: \SystemRoot\System32\ntdll.dll:
30612f9c.2d14: CreationTime: 2021-09-10T13:40:09.725917600Z
30622f9c.2d14: LastWriteTime: 2021-09-10T13:40:09.764957200Z
30632f9c.2d14: ChangeTime: 2021-09-15T06:55:02.151797400Z
30642f9c.2d14: FileAttributes: 0x20
30652f9c.2d14: Size: 0x1ee518
30662f9c.2d14: NT Headers: 0xe8
30672f9c.2d14: Timestamp: 0x4f115fac
30682f9c.2d14: Machine: 0x8664 - amd64
30692f9c.2d14: Timestamp: 0x4f115fac
30702f9c.2d14: Image Version: 10.0
30712f9c.2d14: SizeOfImage: 0x1f5000 (2052096)
30722f9c.2d14: Resource Dir: 0x184000 LB 0x6fdc8
30732f9c.2d14: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
30742f9c.2d14: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
30752f9c.2d14: ProductName: Microsoft® Windows® Operating System
30762f9c.2d14: ProductVersion: 10.0.19041.1202
30772f9c.2d14: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
30782f9c.2d14: FileDescription: NT Layer DLL
30792f9c.2d14: \SystemRoot\System32\kernel32.dll:
30802f9c.2d14: CreationTime: 2021-09-10T13:39:58.429708600Z
30812f9c.2d14: LastWriteTime: 2021-09-10T13:39:58.464844700Z
30822f9c.2d14: ChangeTime: 2021-09-15T06:55:02.017108500Z
30832f9c.2d14: FileAttributes: 0x20
30842f9c.2d14: Size: 0xbc060
30852f9c.2d14: NT Headers: 0xe8
30862f9c.2d14: Timestamp: 0x871fae9
30872f9c.2d14: Machine: 0x8664 - amd64
30882f9c.2d14: Timestamp: 0x871fae9
30892f9c.2d14: Image Version: 10.0
30902f9c.2d14: SizeOfImage: 0xbe000 (778240)
30912f9c.2d14: Resource Dir: 0xbc000 LB 0x520
30922f9c.2d14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
30932f9c.2d14: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
30942f9c.2d14: ProductName: Microsoft® Windows® Operating System
30952f9c.2d14: ProductVersion: 10.0.19041.1202
30962f9c.2d14: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
30972f9c.2d14: FileDescription: Windows NT BASE API Client DLL
30982f9c.2d14: \SystemRoot\System32\KernelBase.dll:
30992f9c.2d14: CreationTime: 2021-09-10T13:40:10.475488000Z
31002f9c.2d14: LastWriteTime: 2021-09-10T13:40:10.535998700Z
31012f9c.2d14: ChangeTime: 2021-09-15T06:55:02.366516300Z
31022f9c.2d14: FileAttributes: 0x20
31032f9c.2d14: Size: 0x2c9da8
31042f9c.2d14: NT Headers: 0xf0
31052f9c.2d14: Timestamp: 0xc9db1934
31062f9c.2d14: Machine: 0x8664 - amd64
31072f9c.2d14: Timestamp: 0xc9db1934
31082f9c.2d14: Image Version: 10.0
31092f9c.2d14: SizeOfImage: 0x2c9000 (2920448)
31102f9c.2d14: Resource Dir: 0x2a0000 LB 0x548
31112f9c.2d14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
31122f9c.2d14: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
31132f9c.2d14: ProductName: Microsoft® Windows® Operating System
31142f9c.2d14: ProductVersion: 10.0.19041.1202
31152f9c.2d14: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
31162f9c.2d14: FileDescription: Windows NT BASE API Client DLL
31172f9c.2d14: \SystemRoot\System32\apisetschema.dll:
31182f9c.2d14: CreationTime: 2019-12-07T09:08:13.518339400Z
31192f9c.2d14: LastWriteTime: 2019-12-07T09:08:13.518339400Z
31202f9c.2d14: ChangeTime: 2021-09-15T06:55:01.995636600Z
31212f9c.2d14: FileAttributes: 0x20
31222f9c.2d14: Size: 0x1f538
31232f9c.2d14: NT Headers: 0xd0
31242f9c.2d14: Timestamp: 0x31288ce0
31252f9c.2d14: Machine: 0x8664 - amd64
31262f9c.2d14: Timestamp: 0x31288ce0
31272f9c.2d14: Image Version: 10.0
31282f9c.2d14: SizeOfImage: 0x20000 (131072)
31292f9c.2d14: Resource Dir: 0x1f000 LB 0x408
31302f9c.2d14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
31312f9c.2d14: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
31322f9c.2d14: ProductName: Microsoft® Windows® Operating System
31332f9c.2d14: ProductVersion: 10.0.19041.1
31342f9c.2d14: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
31352f9c.2d14: FileDescription: ApiSet Schema DLL
31362f9c.2d14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
31372f9c.2d14: supR3HardenedWinFindAdversaries: 0x0
31382f9c.2d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
31392f9c.2d14: Calling main()
31402f9c.2d14: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
31412f9c.2d14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
31422f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
31432f9c.2d14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
31442f9c.2d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
31452f9c.2d14: SUPR3HardenedMain: Final process, opening VBoxDrv...
31462f9c.2d14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
31472f9c.2d14: supR3HardNtEnableThreadCreationEx:
31482f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
31492f9c.2d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
31502f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
31512f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31522f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
31532f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffcb6f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
31542f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
31552f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
31562f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31572f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
31582f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
31592f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31602f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
31612f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcb6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
31622f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31632f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
31642f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
31652f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
31662f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31672f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31682f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
31692f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
31702f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31712f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31722f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
31732f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
31742f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31752f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef050000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
31762f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
31772f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffedaf0000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
31782f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
31792f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed260000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
31802f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
31812f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed160000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
31822f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
31832f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
31842f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed8b0000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
31852f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
31862f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
31872f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
31882f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31892f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
31902f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
31912f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31922f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
31932f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
31942f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31952f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-fibers-l1-1-1'
31962f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
31972f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31982f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-synch-l1-2-0'
31992f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
32002f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32012f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-l1-2-1'
32022f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
32032f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
32042f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeccf0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
32052f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
32062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\system32\Wintrust.dll'
32072f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
32082f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
32092f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32102f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed3d0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
32112f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
32122f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed3d0000 'C:\WINDOWS\system32\bcrypt.dll'
32132f9c.2d14: bcrypt.dll loaded at 00007fffed3d0000, BCryptOpenAlgorithmProvider at 00007fffed3d51e0, preloading providers:
32142f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
32152f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
32162f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32172f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed820000 LB 0x00083000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
32182f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
32192f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed820000 'C:\WINDOWS\system32\bcryptprimitives.dll'
32202f9c.2d14: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a5cd10)
32212f9c.2d14: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a60190)
32222f9c.2d14: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a604b0)
32232f9c.2d14: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a607d0)
32242f9c.2d14: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a60af0)
32252f9c.2d14: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a60e10)
32262f9c.2d14: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a61130)
32272f9c.2d14: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a61450)
32282f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
32292f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
32302f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffecac0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
32312f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
32322f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
32332f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
32342f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
32352f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
32362f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
32372f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
32382f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32392f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
32402f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffec1d0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
32412f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
32422f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
32432f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
32442f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
32452f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffecab0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
32462f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
32472f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
32482f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32492f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
32502f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
32512f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32522f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\System32\WINTRUST.DLL'
32532f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
32542f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
32552f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\CRYPT32.dll'
32562f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeda40000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
32572f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
32582f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
32592f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
32602f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32612f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
32622f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
32632f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
32642f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
32652f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
32662f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32672f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
32682f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
32692f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
32702f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeb9d0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
32712f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
32722f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
32732f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
32742f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed050000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
32752f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
32762f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32772f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
32782f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
32792f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
32802f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
32812f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
32822f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
32832f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32842f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32852f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
32862f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32872f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32882f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
32892f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32902f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32912f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
32922f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32932f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32942f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
32952f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32962f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
32972f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffc1b90000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
32982f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
32992f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33002f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33012f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33022f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33032f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33042f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33052f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33072f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33082f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33092f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33102f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33112f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33122f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33132f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33142f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33152f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
33162f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33172f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33182f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33192f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33202f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33212f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33222f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33232f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33242f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33252f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33262f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33272f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\System32\cryptnet.dll'
33282f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
33292f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\Windows\System32\cryptnet.dll'
33302f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef490000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
33312f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33322f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
33332f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
33342f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
33352f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
33362f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33372f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33382f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33392f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
33402f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
33412f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
33422f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
33432f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33442f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33452f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
33462f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33472f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33482f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
33492f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33502f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33512f9c.2d14: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
33522f9c.2d14: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ae0550
33532f9c.2d14: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ae0550
33542f9c.2d14: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=459E91D5F37CCB35AB26461A509CE3D00E44A669
33552f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
33562f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33572f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffedaf0000 'C:\WINDOWS\System32\rpcrt4.dll'
33582f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33592f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33602f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33612f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
33622f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33632f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33642f9c.2d14: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1237.cat'; file='\SystemRoot\System32\ntdll.dll'
33652f9c.2d14: g_pfnWinVerifyTrust=00007fffed261da0
33662f9c.2d14: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
33672f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33682f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33692f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33702f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
33712f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33722f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33732f9c.2d14: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
33742f9c.2d14: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
33752f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33762f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33772f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33782f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
33792f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33802f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33812f9c.2d14: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
33822f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33832f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33842f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33852f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
33862f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33872f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33882f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
33892f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33902f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33912f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33922f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
33932f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33942f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33952f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
33962f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
33972f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
33982f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
33992f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34002f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
34012f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
34022f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34032f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34042f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
34052f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
34062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34072f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34082f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
34092f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
34102f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34112f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34122f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
34132f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
34142f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34152f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34162f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
34172f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
34182f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34192f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34202f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
34212f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34222f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34232f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
34242f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34252f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34262f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
34272f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34282f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34292f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
34302f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34312f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34322f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
34332f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34342f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34352f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
34362f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34372f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34382f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
34392f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34402f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34412f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
34422f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34432f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
34442f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34452f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
34462f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34472f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34482f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
34492f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34502f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
34512f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
34522f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\system32\crypt32.dll'
34532f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
34542f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
34552f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
34562f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
34572f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
34582f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
34592f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
34602f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
34612f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xae9fa2382e1bb400 CN=ESET SSL Filter CA, O=ESET, spol. s r. o., C=SK
34622f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
34632f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
34642f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
34652f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
34662f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
34672f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
34682f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
34692f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
34702f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
34712f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
34722f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
34732f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
34742f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
34752f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
34762f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
34772f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
34782f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
34792f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
34802f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
34812f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
34822f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
34832f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
34842f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
34852f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
34862f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
34872f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
34882f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
34892f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
34902f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
34912f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
34922f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
34932f9c.2d14: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
34942f9c.2d14: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
34952f9c.2d14: SUPR3HardenedMain: Load Runtime...
34962f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
34972f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
34982f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34992f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
35002f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
35012f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
35022f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
35032f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35042f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
35052f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
35062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
35072f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
35082f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
35092f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
35102f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
35112f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35122f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35132f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
35142f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
35152f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
35162f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
35172f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35182f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35192f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
35202f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
35212f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35222f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
35232f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
35242f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35252f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35262f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
35272f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35282f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35292f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
35302f9c.2d14: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35312f9c.2d14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
35322f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
35332f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
35342f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
35352f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
35362f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35372f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
35382f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
35392f9c.2d14: supR3HardenedDllNotificationCallback: load 000000005c320000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
35402f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
35412f9c.2d14: supR3HardenedDllNotificationCallback: load 000000005c400000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
35422f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
35432f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeefd0000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
35442f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
35452f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fff9f530000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
35462f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35472f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35482f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35492f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35502f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35512f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35522f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35532f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35542f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35552f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35562f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35572f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35582f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35592f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35602f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35612f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35622f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35632f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35642f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35652f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35662f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35672f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35682f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35692f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35702f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35712f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35722f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35732f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35742f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35752f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35762f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35772f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35782f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35792f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35802f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35812f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35822f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35832f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35842f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
35852f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35862f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35872f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35882f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35892f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35902f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35912f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35922f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35932f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35942f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35952f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35962f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
35972f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
35982f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
35992f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36002f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36012f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36022f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36032f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36042f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36052f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36072f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36082f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36092f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36102f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36112f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36122f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36132f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36142f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36152f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36162f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36172f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36182f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36192f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36202f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36212f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36222f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36232f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36242f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36252f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36262f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
36272f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36282f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36292f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36302f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36312f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36322f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36332f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36342f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36352f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36362f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36372f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36382f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36392f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36402f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36412f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36422f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36432f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36442f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36452f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36462f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36472f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36482f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36492f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36502f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36512f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36522f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36532f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36542f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36552f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36562f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36572f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36582f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36592f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36602f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36612f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36622f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36632f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36642f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36652f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36662f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36672f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36682f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36692f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36702f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36712f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36722f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36732f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36742f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36752f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36762f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36772f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36782f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36792f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36802f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36812f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36822f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36832f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36842f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36852f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36862f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36872f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36882f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36892f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36902f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36912f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36922f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36932f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36942f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36952f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36962f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
36972f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
36982f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
36992f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37002f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37012f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37022f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37032f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
37042f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37052f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37062f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37072f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37082f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
37092f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37102f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
37112f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37122f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37132f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37142f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37152f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
37162f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37172f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37182f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37192f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37202f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
37212f9c.2d14: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
37222f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
37232f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f530000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
37242f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37252f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
37262f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
37272f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
37282f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed260000 'C:\WINDOWS\system32\Wintrust.dll'
37292f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
37302f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37312f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37322f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
37332f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37342f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
37352f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\system32\crypt32.dll'
37362f9c.2d14: SUPR3HardenedMain: Load TrustedMain...
37372f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll: Signature #1/2: info status: 24202
37382f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37392f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37402f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
37412f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
37422f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
37432f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'.
37442f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
37452f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
37462f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
37472f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
37482f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37492f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37502f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
37512f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
37522f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
37532f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
37542f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37552f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37562f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
37572f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
37582f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37592f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
37602f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
37612f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
37622f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
37632f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
37642f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
37652f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
37662f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
37672f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37682f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37692f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
37702f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
37712f9c.2d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
37722f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
37732f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
37742f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
37752f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
37762f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
37772f9c.2d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
37782f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
37792f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
37802f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37812f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37822f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
37832f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
37842f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
37852f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
37862f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
37872f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
37882f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
37892f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
37902f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
37912f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
37922f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
37932f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
37942f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
37952f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
37962f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
37972f9c.2d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
37982f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
37992f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
38002f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
38012f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
38022f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
38032f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
38042f9c.2d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
38052f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
38062f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
38072f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
38082f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38092f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38102f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
38112f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
38122f9c.2d14: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
38132f9c.2d14: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
38142f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
38152f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
38162f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
38172f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
38182f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
38192f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
38202f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
38212f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
38222f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
38232f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
38242f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38252f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
38262f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
38272f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
38282f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
38292f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
38302f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
38312f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
38322f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
38332f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
38342f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
38352f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
38362f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
38372f9c.2d14: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
38382f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
38392f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
38402f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
38412f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
38422f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
38432f9c.2d14: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
38442f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
38452f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
38462f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeda10000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
38472f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
38482f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed780000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
38492f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
38502f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffed2c0000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
38512f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
38522f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
38532f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
38542f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
38552f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
38562f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
38572f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffedac0000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
38582f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
38592f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef1b0000 LB 0x001a1000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
38602f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
38612f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffee960000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
38622f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
38632f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef360000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
38642f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
38652f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef790000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
38662f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
38672f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffb0b30000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
38682f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
38692f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
38702f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
38712f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
38722f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
38732f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
38742f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
38752f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
38762f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
38772f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
38782f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
38792f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
38802f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
38812f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
38822f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
38832f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
38842f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
38852f9c.2d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
38862f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
38872f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
38882f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
38892f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
38902f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
38912f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
38922f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
38932f9c.2d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
38942f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
38952f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef0f0000 'C:\WINDOWS\System32\kernel32.dll'
38962f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
38972f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
38982f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
38992f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39002f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39012f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39022f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39032f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39042f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39052f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39062f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39072f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39082f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39092f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39102f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39112f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39122f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
39132f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
39142f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-string-l1-1-0'
39152f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39162f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39172f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39182f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39192f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39202f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39212f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39222f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39232f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39242f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39252f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39262f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39272f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39282f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39292f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39302f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39312f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
39322f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
39332f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-datetime-l1-1-1'
39342f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39352f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39362f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39372f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39382f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39392f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39402f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39412f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39422f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39432f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39442f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39452f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39462f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39472f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39482f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39492f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39502f9c.2d14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
39512f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
39522f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed4b0000 'api-ms-win-core-localization-obsolete-l1-2-0'
39532f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39542f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39552f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39562f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39572f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39582f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39592f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39602f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39612f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39622f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39632f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39642f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39652f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39662f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39672f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39682f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39692f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
39702f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
39712f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
39722f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
39732f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
39742f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
39752f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
39762f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
39772f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
39782f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
39792f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
39802f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39812f9c.2d14: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
39822f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
39832f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeef90000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
39842f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
39852f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffeef90000 'C:\WINDOWS\system32\IMM32.DLL'
39862f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
39872f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
39882f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
39892f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
39902f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
39912f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
39922f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
39932f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
39942f9c.2d14: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
39952f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
39962f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0b30000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
39972f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
39982f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
39992f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
40002f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40012f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40022f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
40032f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40042f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40052f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
40062f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40072f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40082f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
40092f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40102f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40112f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
40122f9c.2d14: SUPR3HardenedMain: Calling TrustedMain (00007fffb0b33420)...
40132f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
40142f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
40152f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
40162f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
40172f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeb030000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
40182f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
40192f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffef860000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
40202f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
40212f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
40222f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
40232f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
40242f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40252f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
40262f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
40272f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
40282f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
40292f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40302f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
40312f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
40322f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
40332f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
40342f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40352f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40362f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
40372f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40382f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40392f9c.2d14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
40402f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
40412f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40422f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40432f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
40442f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
40452f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
40462f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
40472f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
40482f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
40492f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
40502f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
40512f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
40522f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
40532f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
40542f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
40552f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
40562f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40572f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
40582f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
40592f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40602f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40612f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
40622f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
40632f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
40642f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40652f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40662f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
40672f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
40682f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
40692f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fff9f070000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
40702f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
40712f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
40722f9c.2d14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
40732f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40742f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40752f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
40762f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
40772f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
40782f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
40792f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
40802f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
40812f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
40822f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
40832f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40842f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
40852f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
40862f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
40872f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
40882f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
40892f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
40902f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
40912f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
40922f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
40932f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
40942f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffed8b0000 'C:\WINDOWS\System32\crypt32.dll'
40952f9c.2d14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
40962f9c.2d14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
40972f9c.2d14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
40982f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40992f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
41002f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
41012f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
41022f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
41032f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
41042f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
41052f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
41062f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41072f9c.2d14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41082f9c.2d14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
41092f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
41102f9c.2d14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
41112f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fffeda60000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
41122f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
41132f9c.2d14: supR3HardenedDllNotificationCallback: load 00007fff9f440000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
41142f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
41152f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9f440000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
41162f9c.2d14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
41172f9c.2d14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
41182f9c.2d14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffef790000 'C:\Windows\System32\oleaut32.dll'
41192f9c.21b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
41202f9c.21b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
41212f9c.21b0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
41222f9c.21b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffec1d0000 'C:\WINDOWS\system32\rsaenh.dll'
41232f9c.21b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
41242f9c.21b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
41252f9c.21b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
41262f9c.21b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
41272f9c.21b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
41282f9c.21b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
41292f9c.21b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
41302f9c.21b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
41312f9c.21b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
41322f9c.21b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41332f9c.21b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
41342f9c.21b0: supR3HardenedDllNotificationCallback: load 00007fffea960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
41352f9c.21b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
41362f9c.21b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffea960000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
41372f9c.2d14: supR3HardenedDllNotificationCallback: Unload 00007fffea960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
41382f9c.2d14: supR3HardenedDllNotificationCallback: Unload 00007fff9f440000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
41392f9c.2d14: supR3HardenedDllNotificationCallback: Unload 00007fffeda60000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [flags=0x0]
41402f9c.2d14: supR3HardenedDllNotificationCallback: Unload 00007fff9f070000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
41412f9c.2d14: Terminating the normal way: rcExit=0
41421e34.2f80: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 20847 ms, the end);
41431300.1440: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 21284 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy