VirtualBox

Ticket #20763: VBoxHardening.log

File VBoxHardening.log, 341.9 KB (added by anhoefler, 3 years ago)

VBoxHardening log related to the VBox.log that contains multiple lockup occurences

Line 
1681c.1d44: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa04a6200
2681c.1d44: \SystemRoot\System32\ntdll.dll:
3681c.1d44: CreationTime: 2022-01-26T09:09:57.785146600Z
4681c.1d44: LastWriteTime: 2022-01-26T09:09:57.843043300Z
5681c.1d44: ChangeTime: 2022-02-22T08:02:58.656111300Z
6681c.1d44: FileAttributes: 0x20
7681c.1d44: Size: 0x1eeb38
8681c.1d44: NT Headers: 0xe8
9681c.1d44: Timestamp: 0xe2f8ca76
10681c.1d44: Machine: 0x8664 - amd64
11681c.1d44: Timestamp: 0xe2f8ca76
12681c.1d44: Image Version: 10.0
13681c.1d44: SizeOfImage: 0x1f5000 (2052096)
14681c.1d44: Resource Dir: 0x184000 LB 0x6fe68
15681c.1d44: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16681c.1d44: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17681c.1d44: ProductName: Microsoft® Windows® Operating System
18681c.1d44: ProductVersion: 10.0.19041.1466
19681c.1d44: FileVersion: 10.0.19041.1466 (WinBuild.160101.0800)
20681c.1d44: FileDescription: NT Layer DLL
21681c.1d44: \SystemRoot\System32\kernel32.dll:
22681c.1d44: CreationTime: 2022-02-22T08:02:09.897289300Z
23681c.1d44: LastWriteTime: 2022-02-22T08:02:09.911885300Z
24681c.1d44: ChangeTime: 2022-02-22T08:08:15.845920600Z
25681c.1d44: FileAttributes: 0x20
26681c.1d44: Size: 0xbc058
27681c.1d44: NT Headers: 0xe8
28681c.1d44: Timestamp: 0x61b5977b
29681c.1d44: Machine: 0x8664 - amd64
30681c.1d44: Timestamp: 0x61b5977b
31681c.1d44: Image Version: 10.0
32681c.1d44: SizeOfImage: 0xbe000 (778240)
33681c.1d44: Resource Dir: 0xbc000 LB 0x520
34681c.1d44: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35681c.1d44: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36681c.1d44: ProductName: Microsoft® Windows® Operating System
37681c.1d44: ProductVersion: 10.0.19041.1503
38681c.1d44: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
39681c.1d44: FileDescription: Windows NT BASE API Client DLL
40681c.1d44: \SystemRoot\System32\KernelBase.dll:
41681c.1d44: CreationTime: 2022-02-22T08:02:22.000242700Z
42681c.1d44: LastWriteTime: 2022-02-22T08:02:22.056240900Z
43681c.1d44: ChangeTime: 2022-02-22T08:08:17.423888000Z
44681c.1d44: FileAttributes: 0x20
45681c.1d44: Size: 0x2c99a0
46681c.1d44: NT Headers: 0xf0
47681c.1d44: Timestamp: 0xb2acaea9
48681c.1d44: Machine: 0x8664 - amd64
49681c.1d44: Timestamp: 0xb2acaea9
50681c.1d44: Image Version: 10.0
51681c.1d44: SizeOfImage: 0x2c8000 (2916352)
52681c.1d44: Resource Dir: 0x29f000 LB 0x548
53681c.1d44: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54681c.1d44: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55681c.1d44: ProductName: Microsoft® Windows® Operating System
56681c.1d44: ProductVersion: 10.0.19041.1503
57681c.1d44: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
58681c.1d44: FileDescription: Windows NT BASE API Client DLL
59681c.1d44: \SystemRoot\System32\apisetschema.dll:
60681c.1d44: CreationTime: 2019-12-07T09:08:13.518339400Z
61681c.1d44: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62681c.1d44: ChangeTime: 2022-02-22T08:02:58.475446500Z
63681c.1d44: FileAttributes: 0x20
64681c.1d44: Size: 0x1f538
65681c.1d44: NT Headers: 0xd0
66681c.1d44: Timestamp: 0x31288ce0
67681c.1d44: Machine: 0x8664 - amd64
68681c.1d44: Timestamp: 0x31288ce0
69681c.1d44: Image Version: 10.0
70681c.1d44: SizeOfImage: 0x20000 (131072)
71681c.1d44: Resource Dir: 0x1f000 LB 0x408
72681c.1d44: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73681c.1d44: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74681c.1d44: ProductName: Microsoft® Windows® Operating System
75681c.1d44: ProductVersion: 10.0.19041.1
76681c.1d44: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77681c.1d44: FileDescription: ApiSet Schema DLL
78681c.1d44: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79681c.1d44: supR3HardenedWinFindAdversaries: 0x3
80681c.1d44: \SystemRoot\System32\drivers\SysPlant.sys:
81681c.1d44: CreationTime: 2020-12-15T12:49:15.665637400Z
82681c.1d44: LastWriteTime: 2021-09-28T06:28:41.689572500Z
83681c.1d44: ChangeTime: 2021-09-28T06:28:41.689572500Z
84681c.1d44: FileAttributes: 0x20
85681c.1d44: Size: 0x407f8
86681c.1d44: NT Headers: 0xe0
87681c.1d44: Timestamp: 0x607155cb
88681c.1d44: Machine: 0x8664 - amd64
89681c.1d44: Timestamp: 0x607155cb
90681c.1d44: Image Version: 5.0
91681c.1d44: SizeOfImage: 0x41000 (266240)
92681c.1d44: Resource Dir: 0x3f000 LB 0x3a8
93681c.1d44: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94681c.1d44: [Raw version resource data: 0x3f060 LB 0x348, codepage 0x0 (reserved 0x0)]
95681c.1d44: ProductName: Symantec CMC Firewall
96681c.1d44: ProductVersion: 14.3.4540.2000
97681c.1d44: FileVersion: 14.3.4540.2000
98681c.1d44: FileDescription: Symantec CMC Firewall SysPlant
99681c.1d44: \SystemRoot\System32\drivers\symevent64x86.sys:
100681c.1d44: CreationTime: 2022-01-26T08:37:29.518004800Z
101681c.1d44: LastWriteTime: 2022-01-26T08:37:29.490008200Z
102681c.1d44: ChangeTime: 2022-01-26T08:41:21.383014700Z
103681c.1d44: FileAttributes: 0x20
104681c.1d44: Size: 0x16bc0
105681c.1d44: NT Headers: 0xf0
106681c.1d44: Timestamp: 0x60921256
107681c.1d44: Machine: 0x8664 - amd64
108681c.1d44: Timestamp: 0x60921256
109681c.1d44: Image Version: 6.3
110681c.1d44: SizeOfImage: 0x21000 (135168)
111681c.1d44: Resource Dir: 0x1f000 LB 0x3cc
112681c.1d44: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
113681c.1d44: [Raw version resource data: 0x1f0b8 LB 0x314, codepage 0x4e4 (reserved 0x0)]
114681c.1d44: ProductName: SYMEVENT
115681c.1d44: ProductVersion: 14.0.7.121
116681c.1d44: FileVersion: 14.0.7.121
117681c.1d44: FileDescription: Symantec Event Library
118681c.1d44: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
119681c.1d44: Calling main()
120681c.1d44: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
121681c.1d44: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
122681c.1d44: SUPR3HardenedMain: Respawn #1
123681c.1d44: System32: \Device\HarddiskVolume4\Windows\System32
124681c.1d44: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
125681c.1d44: KnownDllPath: C:\WINDOWS\System32
126681c.1d44: supR3HardenedWinInit: Performing a limited self purification...
127681c.1d44: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
128681c.1d44: *0000000000000000-00000000003affff 0x0001/0x0000 0x0000000
129681c.1d44: *00000000003b0000-00000000003bffff 0x0004/0x0004 0x0040000
130681c.1d44: 00000000003c0000-00000000003cffff 0x0001/0x0000 0x0000000
131681c.1d44: *00000000003d0000-00000000003ecfff 0x0002/0x0002 0x0040000
132681c.1d44: 00000000003ed000-00000000003effff 0x0001/0x0000 0x0000000
133681c.1d44: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
134681c.1d44: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000
135681c.1d44: *0000000000400000-0000000000484fff 0x0000/0x0004 0x0020000
136681c.1d44: 0000000000485000-0000000000487fff 0x0004/0x0004 0x0020000
137681c.1d44: 0000000000488000-00000000005fffff 0x0000/0x0004 0x0020000
138681c.1d44: *0000000000600000-00000000006b0fff 0x0000/0x0004 0x0020000
139681c.1d44: 00000000006b1000-00000000006b3fff 0x0104/0x0004 0x0020000
140681c.1d44: 00000000006b4000-00000000006fffff 0x0004/0x0004 0x0020000
141681c.1d44: *0000000000700000-0000000000701fff 0x0004/0x0004 0x0020000
142681c.1d44: 0000000000702000-000000000070ffff 0x0001/0x0000 0x0000000
143681c.1d44: *0000000000710000-0000000000711fff 0x0004/0x0004 0x0020000
144681c.1d44: 0000000000712000-0000000000771fff 0x0000/0x0004 0x0020000
145681c.1d44: 0000000000772000-000000000077ffff 0x0001/0x0000 0x0000000
146681c.1d44: *0000000000780000-000000000078afff 0x0004/0x0004 0x0020000
147681c.1d44: 000000000078b000-000000000087ffff 0x0000/0x0004 0x0020000
148681c.1d44: *0000000000880000-0000000000948fff 0x0002/0x0002 0x0040000
149681c.1d44: 0000000000949000-00000000009dffff 0x0001/0x0000 0x0000000
150681c.1d44: *00000000009e0000-00000000009eefff 0x0004/0x0004 0x0020000
151681c.1d44: 00000000009ef000-00000000009effff 0x0000/0x0004 0x0020000
152681c.1d44: *00000000009f0000-00000000009f0fff 0x0000/0x0004 0x0020000
153681c.1d44: 00000000009f1000-0000000000be6fff 0x0004/0x0004 0x0020000
154681c.1d44: 0000000000be7000-0000000000be7fff 0x0000/0x0004 0x0020000
155681c.1d44: 0000000000be8000-0000000000beffff 0x0001/0x0000 0x0000000
156681c.1d44: *0000000000bf0000-0000000000c16fff 0x0004/0x0004 0x0020000
157681c.1d44: 0000000000c17000-0000000000ceffff 0x0000/0x0004 0x0020000
158681c.1d44: 0000000000cf0000-000000007ffdffff 0x0001/0x0000 0x0000000
159681c.1d44: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
160681c.1d44: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
161681c.1d44: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
162681c.1d44: 000000007ffe5000-00007ff415cbffff 0x0001/0x0000 0x0000000
163681c.1d44: *00007ff415cc0000-00007ff415cc4fff 0x0002/0x0002 0x0040000
164681c.1d44: 00007ff415cc5000-00007ff415dbffff 0x0000/0x0002 0x0040000
165681c.1d44: *00007ff415dc0000-00007ff515ddffff 0x0000/0x0004 0x0020000
166681c.1d44: *00007ff515de0000-00007ff517ddffff 0x0000/0x0004 0x0020000
167681c.1d44: 00007ff517de0000-00007ff517de0fff 0x0004/0x0004 0x0020000
168681c.1d44: 00007ff517de1000-00007ff517deffff 0x0001/0x0000 0x0000000
169681c.1d44: *00007ff517df0000-00007ff517df0fff 0x0002/0x0002 0x0040000
170681c.1d44: 00007ff517df1000-00007ff517dfffff 0x0001/0x0000 0x0000000
171681c.1d44: *00007ff517e00000-00007ff517e22fff 0x0002/0x0002 0x0040000
172681c.1d44: 00007ff517e23000-00007ff7d660ffff 0x0001/0x0000 0x0000000
173681c.1d44: *00007ff7d6610000-00007ff7d6610fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
174681c.1d44: 00007ff7d6611000-00007ff7d6686fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
175681c.1d44: 00007ff7d6687000-00007ff7d6687fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
176681c.1d44: 00007ff7d6688000-00007ff7d66d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
177681c.1d44: 00007ff7d66d1000-00007ff7d66d3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
178681c.1d44: 00007ff7d66d4000-00007ff7d66d6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
179681c.1d44: 00007ff7d66d7000-00007ff7d66d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
180681c.1d44: 00007ff7d66da000-00007ff7d66dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
181681c.1d44: 00007ff7d66db000-00007ff7d66dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
182681c.1d44: 00007ff7d66dd000-00007ff7d66ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
183681c.1d44: 00007ff7d66de000-00007ff7d6726fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
184681c.1d44: 00007ff7d6727000-00007ff7d672ffff 0x0001/0x0000 0x0000000
185681c.1d44: *00007ff7d6730000-00007ff7d6730fff 0x0004/0x0004 0x0020000
186681c.1d44: 00007ff7d6731000-00007ffa1a2fffff 0x0001/0x0000 0x0000000
187681c.1d44: *00007ffa1a300000-00007ffa1a300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
188681c.1d44: 00007ffa1a301000-00007ffa1a411fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
189681c.1d44: 00007ffa1a412000-00007ffa1a589fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
190681c.1d44: 00007ffa1a58a000-00007ffa1a58dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
191681c.1d44: 00007ffa1a58e000-00007ffa1a58efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
192681c.1d44: 00007ffa1a58f000-00007ffa1a5c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
193681c.1d44: 00007ffa1a5c8000-00007ffa1c70ffff 0x0001/0x0000 0x0000000
194681c.1d44: *00007ffa1c710000-00007ffa1c710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
195681c.1d44: 00007ffa1c711000-00007ffa1c78ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
196681c.1d44: 00007ffa1c790000-00007ffa1c7c2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
197681c.1d44: 00007ffa1c7c3000-00007ffa1c7c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
198681c.1d44: 00007ffa1c7c4000-00007ffa1c7c4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
199681c.1d44: 00007ffa1c7c5000-00007ffa1c7cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
200681c.1d44: 00007ffa1c7ce000-00007ffa1c80ffff 0x0001/0x0000 0x0000000
201681c.1d44: *00007ffa1c810000-00007ffa1c810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
202681c.1d44: 00007ffa1c811000-00007ffa1c92bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
203681c.1d44: 00007ffa1c92c000-00007ffa1c973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
204681c.1d44: 00007ffa1c974000-00007ffa1c974fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
205681c.1d44: 00007ffa1c975000-00007ffa1c976fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
206681c.1d44: 00007ffa1c977000-00007ffa1c97ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
207681c.1d44: 00007ffa1c980000-00007ffa1ca04fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
208681c.1d44: 00007ffa1ca05000-00007ffffffeffff 0x0001/0x0000 0x0000000
209681c.1d44: kernel32.dll: timestamp 0x61b5977b (rc=VINF_SUCCESS)
210681c.1d44: kernelbase.dll: timestamp 0xb2acaea9 (rc=VINF_SUCCESS)
211681c.1d44: VBoxHeadless.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
212681c.1d44: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
213681c.1d44: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
214681c.1d44: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
215681c.1d44: 00007ff7d6610172 / 0x0000172: 00 != 12
216681c.1d44: 00007ff7d6610174 / 0x0000174: 00 != 14
217681c.1d44: Restored 0x400 bytes of original file content at 00007ff7d6610000
218681c.1d44: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
219681c.1d44: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
220681c.1d44: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
221681c.1d44: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
222681c.1d44: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
223681c.1d44: supR3HardNtEnableThreadCreationEx:
224681c.1d44: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa1c884b00 pvNtTerminateThread=00007ffa1c8ad7c0
225681c.1d44: supR3HardenedWinDoReSpawn(1): New child 3eb8.4804 [kernel32].
226681c.1d44: supR3HardNtChildGatherData: PebBaseAddress=0000000000321000 cbPeb=0x388
227681c.1d44: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa1c810000 uNtDllChildAddr=00007ffa1c810000
228681c.1d44: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa1c884b00
229681c.1d44: supR3HardenedWinSetupChildInit: Initial context:
230 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7d6617740 rdx=0000000000321000
231 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
232 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
233 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
234 rip=00007ffa1c862630 rsp=000000000019fe78 rbp=0000000000000000 ctxflags=0010001b
235 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
236 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
237 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
238 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
239 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
240681c.1d44: supR3HardenedWinSetupChildInit: Start child.
241681c.1d44: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
242681c.1d44: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 32 sleeps
243681c.1d44: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
244681c.1d44: *0000000000000000-000000000005ffff 0x0001/0x0000 0x0000000
245681c.1d44: *0000000000060000-000000000007ffff 0x0004/0x0004 0x0020000
246681c.1d44: *0000000000080000-000000000009cfff 0x0002/0x0002 0x0040000
247681c.1d44: 000000000009d000-000000000009ffff 0x0001/0x0000 0x0000000
248681c.1d44: *00000000000a0000-000000000019afff 0x0000/0x0004 0x0020000
249681c.1d44: 000000000019b000-000000000019dfff 0x0104/0x0004 0x0020000
250681c.1d44: 000000000019e000-000000000019ffff 0x0004/0x0004 0x0020000
251681c.1d44: *00000000001a0000-00000000001a3fff 0x0002/0x0002 0x0040000
252681c.1d44: 00000000001a4000-00000000001affff 0x0001/0x0000 0x0000000
253681c.1d44: *00000000001b0000-00000000001b1fff 0x0004/0x0004 0x0020000
254681c.1d44: 00000000001b2000-00000000001fffff 0x0001/0x0000 0x0000000
255681c.1d44: *0000000000200000-0000000000320fff 0x0000/0x0004 0x0020000
256681c.1d44: 0000000000321000-0000000000323fff 0x0004/0x0004 0x0020000
257681c.1d44: 0000000000324000-00000000003fffff 0x0000/0x0004 0x0020000
258681c.1d44: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
259681c.1d44: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
260681c.1d44: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
261681c.1d44: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
262681c.1d44: 000000007ffe5000-00007ff52270ffff 0x0001/0x0000 0x0000000
263681c.1d44: *00007ff522710000-00007ff522710fff 0x0002/0x0002 0x0040000
264681c.1d44: 00007ff522711000-00007ff52271ffff 0x0001/0x0000 0x0000000
265681c.1d44: *00007ff522720000-00007ff522742fff 0x0002/0x0002 0x0040000
266681c.1d44: 00007ff522743000-00007ff7d660ffff 0x0001/0x0000 0x0000000
267681c.1d44: *00007ff7d6610000-00007ff7d6610fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
268681c.1d44: 00007ff7d6611000-00007ff7d6686fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
269681c.1d44: 00007ff7d6687000-00007ff7d6687fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
270681c.1d44: 00007ff7d6688000-00007ff7d66d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
271681c.1d44: 00007ff7d66d1000-00007ff7d66d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
272681c.1d44: 00007ff7d66d2000-00007ff7d66d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
273681c.1d44: 00007ff7d66d3000-00007ff7d66d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
274681c.1d44: 00007ff7d66d8000-00007ff7d66d8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
275681c.1d44: 00007ff7d66d9000-00007ff7d66d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
276681c.1d44: 00007ff7d66da000-00007ff7d66ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
277681c.1d44: 00007ff7d66de000-00007ff7d6726fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
278681c.1d44: 00007ff7d6727000-00007ff7d672ffff 0x0001/0x0000 0x0000000
279681c.1d44: *00007ff7d6730000-00007ff7d6730fff 0x0004/0x0004 0x0020000
280681c.1d44: 00007ff7d6731000-00007ffa1c80ffff 0x0001/0x0000 0x0000000
281681c.1d44: *00007ffa1c810000-00007ffa1c810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
282681c.1d44: 00007ffa1c811000-00007ffa1c92bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
283681c.1d44: 00007ffa1c92c000-00007ffa1c973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284681c.1d44: 00007ffa1c974000-00007ffa1c97ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
285681c.1d44: 00007ffa1c980000-00007ffa1c98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
286681c.1d44: 00007ffa1c98f000-00007ffa1c98ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
287681c.1d44: 00007ffa1c990000-00007ffa1c992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
288681c.1d44: 00007ffa1c993000-00007ffa1ca04fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
289681c.1d44: 00007ffa1ca05000-00007ffffffeffff 0x0001/0x0000 0x0000000
290681c.1d44: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
291681c.1d44: 00007ff7d6610172 / 0x0000172: 00 != 12
292681c.1d44: 00007ff7d6610174 / 0x0000174: 00 != 14
293681c.1d44: Restored 0x400 bytes of original file content at 00007ff7d6610000
294681c.1d44: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
295681c.1d44: supR3HardNtChildPurify: Startup delay kludge #1/1: 522 ms, 33 sleeps
296681c.1d44: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
297681c.1d44: *0000000000000000-000000000005ffff 0x0001/0x0000 0x0000000
298681c.1d44: *0000000000060000-000000000007ffff 0x0004/0x0004 0x0020000
299681c.1d44: *0000000000080000-000000000009cfff 0x0002/0x0002 0x0040000
300681c.1d44: 000000000009d000-000000000009ffff 0x0001/0x0000 0x0000000
301681c.1d44: *00000000000a0000-000000000019afff 0x0000/0x0004 0x0020000
302681c.1d44: 000000000019b000-000000000019dfff 0x0104/0x0004 0x0020000
303681c.1d44: 000000000019e000-000000000019ffff 0x0004/0x0004 0x0020000
304681c.1d44: *00000000001a0000-00000000001a3fff 0x0002/0x0002 0x0040000
305681c.1d44: 00000000001a4000-00000000001affff 0x0001/0x0000 0x0000000
306681c.1d44: *00000000001b0000-00000000001b1fff 0x0004/0x0004 0x0020000
307681c.1d44: 00000000001b2000-00000000001fffff 0x0001/0x0000 0x0000000
308681c.1d44: *0000000000200000-0000000000320fff 0x0000/0x0004 0x0020000
309681c.1d44: 0000000000321000-0000000000323fff 0x0004/0x0004 0x0020000
310681c.1d44: 0000000000324000-00000000003fffff 0x0000/0x0004 0x0020000
311681c.1d44: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
312681c.1d44: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
313681c.1d44: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
314681c.1d44: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
315681c.1d44: 000000007ffe5000-00007ff52270ffff 0x0001/0x0000 0x0000000
316681c.1d44: *00007ff522710000-00007ff522710fff 0x0002/0x0002 0x0040000
317681c.1d44: 00007ff522711000-00007ff52271ffff 0x0001/0x0000 0x0000000
318681c.1d44: *00007ff522720000-00007ff522742fff 0x0002/0x0002 0x0040000
319681c.1d44: 00007ff522743000-00007ff7d660ffff 0x0001/0x0000 0x0000000
320681c.1d44: *00007ff7d6610000-00007ff7d6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
321681c.1d44: 00007ff7d6611000-00007ff7d6686fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
322681c.1d44: 00007ff7d6687000-00007ff7d6687fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
323681c.1d44: 00007ff7d6688000-00007ff7d66d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
324681c.1d44: 00007ff7d66d1000-00007ff7d66ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
325681c.1d44: 00007ff7d66de000-00007ff7d6726fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
326681c.1d44: 00007ff7d6727000-00007ff7d672ffff 0x0001/0x0000 0x0000000
327681c.1d44: *00007ff7d6730000-00007ff7d6730fff 0x0004/0x0004 0x0020000
328681c.1d44: 00007ff7d6731000-00007ffa1c80ffff 0x0001/0x0000 0x0000000
329681c.1d44: *00007ffa1c810000-00007ffa1c810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
330681c.1d44: 00007ffa1c811000-00007ffa1c92bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
331681c.1d44: 00007ffa1c92c000-00007ffa1c973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
332681c.1d44: 00007ffa1c974000-00007ffa1c977fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
333681c.1d44: 00007ffa1c978000-00007ffa1c97ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
334681c.1d44: 00007ffa1c980000-00007ffa1c98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
335681c.1d44: 00007ffa1c98f000-00007ffa1c98ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
336681c.1d44: 00007ffa1c990000-00007ffa1c992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
337681c.1d44: 00007ffa1c993000-00007ffa1ca04fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
338681c.1d44: 00007ffa1ca05000-00007ffffffeffff 0x0001/0x0000 0x0000000
339681c.1d44: supR3HardNtChildPurify: Done after 1041 ms and 1 fixes (loop #1).
340681c.1d44: supR3HardNtEnableThreadCreationEx:
3413eb8.4804: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
3423eb8.4804: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa1c810000 g_uNtVerCombined=0xa04a6200 (stack ~000000000019f908)
3433eb8.4804: ntdll.dll: timestamp 0xe2f8ca76 (rc=VINF_SUCCESS)
3443eb8.4804: New simple heap: #1 0000000000500000 LB 0x400000 (for 2052096 allocation)
3453eb8.4804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3463eb8.4804: System32: \Device\HarddiskVolume4\Windows\System32
3473eb8.4804: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3483eb8.4804: KnownDllPath: C:\WINDOWS\System32
3493eb8.4804: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3503eb8.4804: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3513eb8.4804: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3523eb8.4804: Registered Dll notification callback with NTDLL.
3533eb8.4804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3543eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3553eb8.4804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3563eb8.4804: supR3HardenedDllNotificationCallback: load 00007ffa1a300000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3573eb8.4804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3583eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3593eb8.4804: supR3HardenedDllNotificationCallback: load 00007ffa1c710000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3603eb8.4804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3613eb8.4804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c710000 'C:\WINDOWS\System32\KERNEL32.DLL'
3623eb8.4804: supR3HardenedDllNotificationCallback: load 00007ff7d6610000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
3633eb8.4804: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
3643eb8.4804: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3653eb8.4804: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
3663eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3673eb8.4804: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa1c884b00 pvNtTerminateThread=00007ffa1c8ad7c0
368681c.1d44: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
3693eb8.4804: \SystemRoot\System32\ntdll.dll:
3703eb8.4804: CreationTime: 2022-01-26T09:09:57.785146600Z
3713eb8.4804: LastWriteTime: 2022-01-26T09:09:57.843043300Z
3723eb8.4804: ChangeTime: 2022-02-22T08:02:58.656111300Z
3733eb8.4804: FileAttributes: 0x20
3743eb8.4804: Size: 0x1eeb38
3753eb8.4804: NT Headers: 0xe8
3763eb8.4804: Timestamp: 0xe2f8ca76
3773eb8.4804: Machine: 0x8664 - amd64
3783eb8.4804: Timestamp: 0xe2f8ca76
3793eb8.4804: Image Version: 10.0
3803eb8.4804: SizeOfImage: 0x1f5000 (2052096)
3813eb8.4804: Resource Dir: 0x184000 LB 0x6fe68
3823eb8.4804: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3833eb8.4804: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3843eb8.4804: ProductName: Microsoft® Windows® Operating System
3853eb8.4804: ProductVersion: 10.0.19041.1466
3863eb8.4804: FileVersion: 10.0.19041.1466 (WinBuild.160101.0800)
3873eb8.4804: FileDescription: NT Layer DLL
3883eb8.4804: \SystemRoot\System32\kernel32.dll:
3893eb8.4804: CreationTime: 2022-02-22T08:02:09.897289300Z
3903eb8.4804: LastWriteTime: 2022-02-22T08:02:09.911885300Z
3913eb8.4804: ChangeTime: 2022-02-22T08:08:15.845920600Z
3923eb8.4804: FileAttributes: 0x20
3933eb8.4804: Size: 0xbc058
3943eb8.4804: NT Headers: 0xe8
3953eb8.4804: Timestamp: 0x61b5977b
3963eb8.4804: Machine: 0x8664 - amd64
3973eb8.4804: Timestamp: 0x61b5977b
3983eb8.4804: Image Version: 10.0
3993eb8.4804: SizeOfImage: 0xbe000 (778240)
4003eb8.4804: Resource Dir: 0xbc000 LB 0x520
4013eb8.4804: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4023eb8.4804: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4033eb8.4804: ProductName: Microsoft® Windows® Operating System
4043eb8.4804: ProductVersion: 10.0.19041.1503
4053eb8.4804: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
4063eb8.4804: FileDescription: Windows NT BASE API Client DLL
4073eb8.4804: \SystemRoot\System32\KernelBase.dll:
4083eb8.4804: CreationTime: 2022-02-22T08:02:22.000242700Z
4093eb8.4804: LastWriteTime: 2022-02-22T08:02:22.056240900Z
4103eb8.4804: ChangeTime: 2022-02-22T08:08:17.423888000Z
4113eb8.4804: FileAttributes: 0x20
4123eb8.4804: Size: 0x2c99a0
4133eb8.4804: NT Headers: 0xf0
4143eb8.4804: Timestamp: 0xb2acaea9
4153eb8.4804: Machine: 0x8664 - amd64
4163eb8.4804: Timestamp: 0xb2acaea9
4173eb8.4804: Image Version: 10.0
4183eb8.4804: SizeOfImage: 0x2c8000 (2916352)
4193eb8.4804: Resource Dir: 0x29f000 LB 0x548
4203eb8.4804: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4213eb8.4804: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4223eb8.4804: ProductName: Microsoft® Windows® Operating System
4233eb8.4804: ProductVersion: 10.0.19041.1503
4243eb8.4804: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
4253eb8.4804: FileDescription: Windows NT BASE API Client DLL
4263eb8.4804: \SystemRoot\System32\apisetschema.dll:
4273eb8.4804: CreationTime: 2019-12-07T09:08:13.518339400Z
4283eb8.4804: LastWriteTime: 2019-12-07T09:08:13.518339400Z
4293eb8.4804: ChangeTime: 2022-02-22T08:02:58.475446500Z
4303eb8.4804: FileAttributes: 0x20
4313eb8.4804: Size: 0x1f538
4323eb8.4804: NT Headers: 0xd0
4333eb8.4804: Timestamp: 0x31288ce0
4343eb8.4804: Machine: 0x8664 - amd64
4353eb8.4804: Timestamp: 0x31288ce0
4363eb8.4804: Image Version: 10.0
4373eb8.4804: SizeOfImage: 0x20000 (131072)
4383eb8.4804: Resource Dir: 0x1f000 LB 0x408
4393eb8.4804: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4403eb8.4804: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4413eb8.4804: ProductName: Microsoft® Windows® Operating System
4423eb8.4804: ProductVersion: 10.0.19041.1
4433eb8.4804: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
4443eb8.4804: FileDescription: ApiSet Schema DLL
4453eb8.4804: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4463eb8.4804: supR3HardenedWinFindAdversaries: 0x3
4473eb8.4804: \SystemRoot\System32\drivers\SysPlant.sys:
4483eb8.4804: CreationTime: 2020-12-15T12:49:15.665637400Z
4493eb8.4804: LastWriteTime: 2021-09-28T06:28:41.689572500Z
4503eb8.4804: ChangeTime: 2021-09-28T06:28:41.689572500Z
4513eb8.4804: FileAttributes: 0x20
4523eb8.4804: Size: 0x407f8
4533eb8.4804: NT Headers: 0xe0
4543eb8.4804: Timestamp: 0x607155cb
4553eb8.4804: Machine: 0x8664 - amd64
4563eb8.4804: Timestamp: 0x607155cb
4573eb8.4804: Image Version: 5.0
4583eb8.4804: SizeOfImage: 0x41000 (266240)
4593eb8.4804: Resource Dir: 0x3f000 LB 0x3a8
4603eb8.4804: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4613eb8.4804: [Raw version resource data: 0x3f060 LB 0x348, codepage 0x0 (reserved 0x0)]
4623eb8.4804: ProductName: Symantec CMC Firewall
4633eb8.4804: ProductVersion: 14.3.4540.2000
4643eb8.4804: FileVersion: 14.3.4540.2000
4653eb8.4804: FileDescription: Symantec CMC Firewall SysPlant
4663eb8.4804: \SystemRoot\System32\drivers\symevent64x86.sys:
4673eb8.4804: CreationTime: 2022-01-26T08:37:29.518004800Z
4683eb8.4804: LastWriteTime: 2022-01-26T08:37:29.490008200Z
4693eb8.4804: ChangeTime: 2022-01-26T08:41:21.383014700Z
4703eb8.4804: FileAttributes: 0x20
4713eb8.4804: Size: 0x16bc0
4723eb8.4804: NT Headers: 0xf0
4733eb8.4804: Timestamp: 0x60921256
4743eb8.4804: Machine: 0x8664 - amd64
4753eb8.4804: Timestamp: 0x60921256
4763eb8.4804: Image Version: 6.3
4773eb8.4804: SizeOfImage: 0x21000 (135168)
4783eb8.4804: Resource Dir: 0x1f000 LB 0x3cc
4793eb8.4804: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4803eb8.4804: [Raw version resource data: 0x1f0b8 LB 0x314, codepage 0x4e4 (reserved 0x0)]
4813eb8.4804: ProductName: SYMEVENT
4823eb8.4804: ProductVersion: 14.0.7.121
4833eb8.4804: FileVersion: 14.0.7.121
4843eb8.4804: FileDescription: Symantec Event Library
4853eb8.4804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4863eb8.4804: Calling main()
4873eb8.4804: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
4883eb8.4804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4893eb8.4804: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
4903eb8.4804: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4913eb8.4804: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
4923eb8.4804: SUPR3HardenedMain: Respawn #2
4933eb8.4804: supR3HardNtEnableThreadCreationEx:
4943eb8.4804: supR3HardenedDllNotificationCallback: load 00007ffa1b170000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4953eb8.4804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4963eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4973eb8.4804: supR3HardenedDllNotificationCallback: load 00007ffa1a970000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4983eb8.4804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4993eb8.4804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
5003eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
5013eb8.4804: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
5023eb8.4804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
5033eb8.4804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5043eb8.4804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5053eb8.4804: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5063eb8.4804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5073eb8.4804: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5083eb8.4804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c810000 'C:\WINDOWS\System32\ntdll.dll'
5093eb8.4804: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa1c884b00 pvNtTerminateThread=00007ffa1c8ad7c0
5103eb8.4804: supR3HardenedWinDoReSpawn(2): New child 6658.3820 [kernel32].
5113eb8.4804: supR3HardNtChildGatherData: PebBaseAddress=00000000007af000 cbPeb=0x388
5123eb8.4804: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa1c810000 uNtDllChildAddr=00007ffa1c810000
5133eb8.4804: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa1c884b00
5143eb8.4804: supR3HardenedWinSetupChildInit: Initial context:
515 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7d6617740 rdx=00000000007af000
516 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
517 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
518 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
519 rip=00007ffa1c862630 rsp=000000000057fbf8 rbp=0000000000000000 ctxflags=0010001b
520 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
521 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
522 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
523 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
524 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5253eb8.4804: kernel32.dll: timestamp 0x61b5977b (rc=VINF_SUCCESS)
5263eb8.4804: supR3HardenedWinSetupChildInit: Start child.
5273eb8.4804: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5283eb8.4804: supR3HardNtChildPurify: Startup delay kludge #1/0: 524 ms, 33 sleeps
5293eb8.4804: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5303eb8.4804: *0000000000000000-000000000043ffff 0x0001/0x0000 0x0000000
5313eb8.4804: *0000000000440000-000000000045ffff 0x0004/0x0004 0x0020000
5323eb8.4804: *0000000000460000-000000000047cfff 0x0002/0x0002 0x0040000
5333eb8.4804: 000000000047d000-000000000047ffff 0x0001/0x0000 0x0000000
5343eb8.4804: *0000000000480000-000000000057afff 0x0000/0x0004 0x0020000
5353eb8.4804: 000000000057b000-000000000057dfff 0x0104/0x0004 0x0020000
5363eb8.4804: 000000000057e000-000000000057ffff 0x0004/0x0004 0x0020000
5373eb8.4804: *0000000000580000-0000000000583fff 0x0002/0x0002 0x0040000
5383eb8.4804: 0000000000584000-000000000058ffff 0x0001/0x0000 0x0000000
5393eb8.4804: *0000000000590000-0000000000591fff 0x0004/0x0004 0x0020000
5403eb8.4804: 0000000000592000-00000000005fffff 0x0001/0x0000 0x0000000
5413eb8.4804: *0000000000600000-00000000007aefff 0x0000/0x0004 0x0020000
5423eb8.4804: 00000000007af000-00000000007b1fff 0x0004/0x0004 0x0020000
5433eb8.4804: 00000000007b2000-00000000007fffff 0x0000/0x0004 0x0020000
5443eb8.4804: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
5453eb8.4804: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5463eb8.4804: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
5473eb8.4804: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
5483eb8.4804: 000000007ffe5000-00007ff5f46effff 0x0001/0x0000 0x0000000
5493eb8.4804: *00007ff5f46f0000-00007ff5f46f0fff 0x0002/0x0002 0x0040000
5503eb8.4804: 00007ff5f46f1000-00007ff5f46fffff 0x0001/0x0000 0x0000000
5513eb8.4804: *00007ff5f4700000-00007ff5f4722fff 0x0002/0x0002 0x0040000
5523eb8.4804: 00007ff5f4723000-00007ff7d660ffff 0x0001/0x0000 0x0000000
5533eb8.4804: *00007ff7d6610000-00007ff7d6610fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5543eb8.4804: 00007ff7d6611000-00007ff7d6686fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5553eb8.4804: 00007ff7d6687000-00007ff7d6687fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5563eb8.4804: 00007ff7d6688000-00007ff7d66d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5573eb8.4804: 00007ff7d66d1000-00007ff7d66d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5583eb8.4804: 00007ff7d66d2000-00007ff7d66d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5593eb8.4804: 00007ff7d66d3000-00007ff7d66d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5603eb8.4804: 00007ff7d66d8000-00007ff7d66d8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5613eb8.4804: 00007ff7d66d9000-00007ff7d66d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5623eb8.4804: 00007ff7d66da000-00007ff7d66ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5633eb8.4804: 00007ff7d66de000-00007ff7d6726fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5643eb8.4804: 00007ff7d6727000-00007ff7d672ffff 0x0001/0x0000 0x0000000
5653eb8.4804: *00007ff7d6730000-00007ff7d6730fff 0x0004/0x0004 0x0020000
5663eb8.4804: 00007ff7d6731000-00007ffa1c80ffff 0x0001/0x0000 0x0000000
5673eb8.4804: *00007ffa1c810000-00007ffa1c810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5683eb8.4804: 00007ffa1c811000-00007ffa1c92bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5693eb8.4804: 00007ffa1c92c000-00007ffa1c973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5703eb8.4804: 00007ffa1c974000-00007ffa1c97ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5713eb8.4804: 00007ffa1c980000-00007ffa1c98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5723eb8.4804: 00007ffa1c98f000-00007ffa1c98ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5733eb8.4804: 00007ffa1c990000-00007ffa1c992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5743eb8.4804: 00007ffa1c993000-00007ffa1ca04fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5753eb8.4804: 00007ffa1ca05000-00007ffffffeffff 0x0001/0x0000 0x0000000
5763eb8.4804: VBoxHeadless.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
5773eb8.4804: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
5783eb8.4804: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5793eb8.4804: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
5803eb8.4804: 00007ff7d6610172 / 0x0000172: 00 != 12
5813eb8.4804: 00007ff7d6610174 / 0x0000174: 00 != 14
5823eb8.4804: Restored 0x400 bytes of original file content at 00007ff7d6610000
5833eb8.4804: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
5843eb8.4804: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
5853eb8.4804: supR3HardNtChildPurify: Startup delay kludge #1/1: 527 ms, 33 sleeps
5863eb8.4804: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5873eb8.4804: *0000000000000000-000000000043ffff 0x0001/0x0000 0x0000000
5883eb8.4804: *0000000000440000-000000000045ffff 0x0004/0x0004 0x0020000
5893eb8.4804: *0000000000460000-000000000047cfff 0x0002/0x0002 0x0040000
5903eb8.4804: 000000000047d000-000000000047ffff 0x0001/0x0000 0x0000000
5913eb8.4804: *0000000000480000-000000000057afff 0x0000/0x0004 0x0020000
5923eb8.4804: 000000000057b000-000000000057dfff 0x0104/0x0004 0x0020000
5933eb8.4804: 000000000057e000-000000000057ffff 0x0004/0x0004 0x0020000
5943eb8.4804: *0000000000580000-0000000000583fff 0x0002/0x0002 0x0040000
5953eb8.4804: 0000000000584000-000000000058ffff 0x0001/0x0000 0x0000000
5963eb8.4804: *0000000000590000-0000000000591fff 0x0004/0x0004 0x0020000
5973eb8.4804: 0000000000592000-00000000005fffff 0x0001/0x0000 0x0000000
5983eb8.4804: *0000000000600000-00000000007aefff 0x0000/0x0004 0x0020000
5993eb8.4804: 00000000007af000-00000000007b1fff 0x0004/0x0004 0x0020000
6003eb8.4804: 00000000007b2000-00000000007fffff 0x0000/0x0004 0x0020000
6013eb8.4804: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
6023eb8.4804: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6033eb8.4804: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
6043eb8.4804: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
6053eb8.4804: 000000007ffe5000-00007ff5f46effff 0x0001/0x0000 0x0000000
6063eb8.4804: *00007ff5f46f0000-00007ff5f46f0fff 0x0002/0x0002 0x0040000
6073eb8.4804: 00007ff5f46f1000-00007ff5f46fffff 0x0001/0x0000 0x0000000
6083eb8.4804: *00007ff5f4700000-00007ff5f4722fff 0x0002/0x0002 0x0040000
6093eb8.4804: 00007ff5f4723000-00007ff7d660ffff 0x0001/0x0000 0x0000000
6103eb8.4804: *00007ff7d6610000-00007ff7d6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6113eb8.4804: 00007ff7d6611000-00007ff7d6686fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6123eb8.4804: 00007ff7d6687000-00007ff7d6687fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6133eb8.4804: 00007ff7d6688000-00007ff7d66d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6143eb8.4804: 00007ff7d66d1000-00007ff7d66ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6153eb8.4804: 00007ff7d66de000-00007ff7d6726fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6163eb8.4804: 00007ff7d6727000-00007ff7d672ffff 0x0001/0x0000 0x0000000
6173eb8.4804: *00007ff7d6730000-00007ff7d6730fff 0x0004/0x0004 0x0020000
6183eb8.4804: 00007ff7d6731000-00007ffa1c80ffff 0x0001/0x0000 0x0000000
6193eb8.4804: *00007ffa1c810000-00007ffa1c810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6203eb8.4804: 00007ffa1c811000-00007ffa1c92bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6213eb8.4804: 00007ffa1c92c000-00007ffa1c973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6223eb8.4804: 00007ffa1c974000-00007ffa1c977fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6233eb8.4804: 00007ffa1c978000-00007ffa1c97ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6243eb8.4804: 00007ffa1c980000-00007ffa1c98efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6253eb8.4804: 00007ffa1c98f000-00007ffa1c98ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6263eb8.4804: 00007ffa1c990000-00007ffa1c992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6273eb8.4804: 00007ffa1c993000-00007ffa1ca04fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6283eb8.4804: 00007ffa1ca05000-00007ffffffeffff 0x0001/0x0000 0x0000000
6293eb8.4804: supR3HardNtChildPurify: Done after 1084 ms and 1 fixes (loop #1).
6303eb8.4804: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
6313eb8.4804: supR3HardNtEnableThreadCreationEx:
6326658.3820: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa04a6200
6336658.3820: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa1c810000 g_uNtVerCombined=0xa04a6200 (stack ~000000000057f688)
6346658.3820: ntdll.dll: timestamp 0xe2f8ca76 (rc=VINF_SUCCESS)
6356658.3820: New simple heap: #1 0000000000900000 LB 0x400000 (for 2052096 allocation)
6366658.3820: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6376658.3820: System32: \Device\HarddiskVolume4\Windows\System32
6386658.3820: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
6396658.3820: KnownDllPath: C:\WINDOWS\System32
6406658.3820: supR3HardenedVmProcessInit: Opening vboxdrv...
6416658.3820: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6426658.3820: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6436658.3820: Registered Dll notification callback with NTDLL.
6446658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
6456658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6466658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6476658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a300000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
6486658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
6496658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
6506658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c710000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
6516658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6526658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c710000 'C:\WINDOWS\System32\KERNEL32.DLL'
6536658.3820: supR3HardenedDllNotificationCallback: load 00007ff7d6610000 LB 0x00117000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
6546658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
6556658.3820: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
6566658.3820: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
6576658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
6586658.3820: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa1c884b00 pvNtTerminateThread=00007ffa1c8ad7c0
6593eb8.4804: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
6606658.3820: \SystemRoot\System32\ntdll.dll:
6616658.3820: CreationTime: 2022-01-26T09:09:57.785146600Z
6626658.3820: LastWriteTime: 2022-01-26T09:09:57.843043300Z
6636658.3820: ChangeTime: 2022-02-22T08:02:58.656111300Z
6646658.3820: FileAttributes: 0x20
6656658.3820: Size: 0x1eeb38
6666658.3820: NT Headers: 0xe8
6676658.3820: Timestamp: 0xe2f8ca76
6686658.3820: Machine: 0x8664 - amd64
6696658.3820: Timestamp: 0xe2f8ca76
6706658.3820: Image Version: 10.0
6716658.3820: SizeOfImage: 0x1f5000 (2052096)
6726658.3820: Resource Dir: 0x184000 LB 0x6fe68
6736658.3820: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6746658.3820: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6756658.3820: ProductName: Microsoft® Windows® Operating System
6766658.3820: ProductVersion: 10.0.19041.1466
6776658.3820: FileVersion: 10.0.19041.1466 (WinBuild.160101.0800)
6786658.3820: FileDescription: NT Layer DLL
6796658.3820: \SystemRoot\System32\kernel32.dll:
6806658.3820: CreationTime: 2022-02-22T08:02:09.897289300Z
6816658.3820: LastWriteTime: 2022-02-22T08:02:09.911885300Z
6826658.3820: ChangeTime: 2022-02-22T08:08:15.845920600Z
6836658.3820: FileAttributes: 0x20
6846658.3820: Size: 0xbc058
6856658.3820: NT Headers: 0xe8
6866658.3820: Timestamp: 0x61b5977b
6876658.3820: Machine: 0x8664 - amd64
6886658.3820: Timestamp: 0x61b5977b
6896658.3820: Image Version: 10.0
6906658.3820: SizeOfImage: 0xbe000 (778240)
6916658.3820: Resource Dir: 0xbc000 LB 0x520
6926658.3820: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6936658.3820: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6946658.3820: ProductName: Microsoft® Windows® Operating System
6956658.3820: ProductVersion: 10.0.19041.1503
6966658.3820: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
6976658.3820: FileDescription: Windows NT BASE API Client DLL
6986658.3820: \SystemRoot\System32\KernelBase.dll:
6996658.3820: CreationTime: 2022-02-22T08:02:22.000242700Z
7006658.3820: LastWriteTime: 2022-02-22T08:02:22.056240900Z
7016658.3820: ChangeTime: 2022-02-22T08:08:17.423888000Z
7026658.3820: FileAttributes: 0x20
7036658.3820: Size: 0x2c99a0
7046658.3820: NT Headers: 0xf0
7056658.3820: Timestamp: 0xb2acaea9
7066658.3820: Machine: 0x8664 - amd64
7076658.3820: Timestamp: 0xb2acaea9
7086658.3820: Image Version: 10.0
7096658.3820: SizeOfImage: 0x2c8000 (2916352)
7106658.3820: Resource Dir: 0x29f000 LB 0x548
7116658.3820: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7126658.3820: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7136658.3820: ProductName: Microsoft® Windows® Operating System
7146658.3820: ProductVersion: 10.0.19041.1503
7156658.3820: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
7166658.3820: FileDescription: Windows NT BASE API Client DLL
7176658.3820: \SystemRoot\System32\apisetschema.dll:
7186658.3820: CreationTime: 2019-12-07T09:08:13.518339400Z
7196658.3820: LastWriteTime: 2019-12-07T09:08:13.518339400Z
7206658.3820: ChangeTime: 2022-02-22T08:02:58.475446500Z
7216658.3820: FileAttributes: 0x20
7226658.3820: Size: 0x1f538
7236658.3820: NT Headers: 0xd0
7246658.3820: Timestamp: 0x31288ce0
7256658.3820: Machine: 0x8664 - amd64
7266658.3820: Timestamp: 0x31288ce0
7276658.3820: Image Version: 10.0
7286658.3820: SizeOfImage: 0x20000 (131072)
7296658.3820: Resource Dir: 0x1f000 LB 0x408
7306658.3820: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7316658.3820: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7326658.3820: ProductName: Microsoft® Windows® Operating System
7336658.3820: ProductVersion: 10.0.19041.1
7346658.3820: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7356658.3820: FileDescription: ApiSet Schema DLL
7366658.3820: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7376658.3820: supR3HardenedWinFindAdversaries: 0x3
7386658.3820: \SystemRoot\System32\drivers\SysPlant.sys:
7396658.3820: CreationTime: 2020-12-15T12:49:15.665637400Z
7406658.3820: LastWriteTime: 2021-09-28T06:28:41.689572500Z
7416658.3820: ChangeTime: 2021-09-28T06:28:41.689572500Z
7426658.3820: FileAttributes: 0x20
7436658.3820: Size: 0x407f8
7446658.3820: NT Headers: 0xe0
7456658.3820: Timestamp: 0x607155cb
7466658.3820: Machine: 0x8664 - amd64
7476658.3820: Timestamp: 0x607155cb
7486658.3820: Image Version: 5.0
7496658.3820: SizeOfImage: 0x41000 (266240)
7506658.3820: Resource Dir: 0x3f000 LB 0x3a8
7516658.3820: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7526658.3820: [Raw version resource data: 0x3f060 LB 0x348, codepage 0x0 (reserved 0x0)]
7536658.3820: ProductName: Symantec CMC Firewall
7546658.3820: ProductVersion: 14.3.4540.2000
7556658.3820: FileVersion: 14.3.4540.2000
7566658.3820: FileDescription: Symantec CMC Firewall SysPlant
7576658.3820: \SystemRoot\System32\drivers\symevent64x86.sys:
7586658.3820: CreationTime: 2022-01-26T08:37:29.518004800Z
7596658.3820: LastWriteTime: 2022-01-26T08:37:29.490008200Z
7606658.3820: ChangeTime: 2022-01-26T08:41:21.383014700Z
7616658.3820: FileAttributes: 0x20
7626658.3820: Size: 0x16bc0
7636658.3820: NT Headers: 0xf0
7646658.3820: Timestamp: 0x60921256
7656658.3820: Machine: 0x8664 - amd64
7666658.3820: Timestamp: 0x60921256
7676658.3820: Image Version: 6.3
7686658.3820: SizeOfImage: 0x21000 (135168)
7696658.3820: Resource Dir: 0x1f000 LB 0x3cc
7706658.3820: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7716658.3820: [Raw version resource data: 0x1f0b8 LB 0x314, codepage 0x4e4 (reserved 0x0)]
7726658.3820: ProductName: SYMEVENT
7736658.3820: ProductVersion: 14.0.7.121
7746658.3820: FileVersion: 14.0.7.121
7756658.3820: FileDescription: Symantec Event Library
7766658.3820: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7776658.3820: Calling main()
7786658.3820: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
7796658.3820: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7806658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202
7816658.3820: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7826658.3820: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7836658.3820: SUPR3HardenedMain: Final process, opening VBoxDrv...
7846658.3820: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
7856658.3820: supR3HardNtEnableThreadCreationEx:
7866658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
7876658.3820: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7886658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7896658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7906658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7916658.3820: supR3HardenedDllNotificationCallback: load 00007ff9e40a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7926658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7936658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7946658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7956658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e40a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7966658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7976658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7986658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e40a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7996658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e40a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8006658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8016658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
8026658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
8036658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
8046658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8056658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8066658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
8076658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8086658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8096658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8106658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
8116658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8126658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8136658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b590000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
8146658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8156658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b170000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
8166658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8176658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a160000 LB 0x00069000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
8186658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8196658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a200000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
8206658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
8216658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
8226658.3820: supR3HardenedDllNotificationCallback: load 00007ffa19f20000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
8236658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
8246658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
8256658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8266658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8276658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
8286658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8296658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8306658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
8316658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8326658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8336658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
8346658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8356658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8366658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
8376658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
8386658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8396658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-l1-2-1'
8406658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
8416658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
8426658.3820: supR3HardenedDllNotificationCallback: load 00007ffa19b00000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
8436658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8446658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a160000 'C:\WINDOWS\system32\Wintrust.dll'
8456658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
8466658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
8476658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8486658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a830000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
8496658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8506658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a830000 'C:\WINDOWS\system32\bcrypt.dll'
8516658.3820: bcrypt.dll loaded at 00007ffa1a830000, BCryptOpenAlgorithmProvider at 00007ffa1a8351e0, preloading providers:
8526658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
8536658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
8546658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8556658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a080000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
8566658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8576658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a080000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8586658.3820: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000d4eec0)
8596658.3820: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000d53a90)
8606658.3820: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000d53db0)
8616658.3820: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000d540d0)
8626658.3820: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000d543f0)
8636658.3820: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000d54710)
8646658.3820: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000d54a30)
8656658.3820: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000d54d50)
8666658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
8676658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
8686658.3820: supR3HardenedDllNotificationCallback: load 00007ffa198d0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
8696658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8706658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
8716658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
8726658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
8736658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8746658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8756658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8766658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8776658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8786658.3820: supR3HardenedDllNotificationCallback: load 00007ffa18e90000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
8796658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8806658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
8816658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
8826658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
8836658.3820: supR3HardenedDllNotificationCallback: load 00007ffa19800000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
8846658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8856658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8866658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8876658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c710000 'C:\WINDOWS\System32\kernel32.dll'
8886658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8896658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8906658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a160000 'C:\WINDOWS\System32\WINTRUST.DLL'
8916658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8926658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8936658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\CRYPT32.dll'
8946658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1bab0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
8956658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
8966658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
8976658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8986658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8996658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
9006658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a970000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
9016658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
9026658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
9036658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
9046658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9056658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9066658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
9076658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
9086658.3820: supR3HardenedDllNotificationCallback: load 00007ffa18650000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
9096658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9106658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
9116658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
9126658.3820: supR3HardenedDllNotificationCallback: load 00007ffa19e60000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
9136658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9146658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9156658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9166658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
9176658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
9186658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9196658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9206658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9216658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9226658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9236658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9246658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9256658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9266658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9276658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9286658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9296658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9306658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9316658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9326658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9336658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9346658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9356658.3820: supR3HardenedDllNotificationCallback: load 00007ffa11b50000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
9366658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9376658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9386658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9396658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9406658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9416658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9426658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9436658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9446658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9456658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9466658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9476658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9486658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9496658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9506658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9516658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9526658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9536658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9546658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9556658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9566658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9576658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9586658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9596658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9606658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9616658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9626658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9636658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9646658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9656658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\WINDOWS\System32\cryptnet.dll'
9666658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9676658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11b50000 'C:\Windows\System32\cryptnet.dll'
9686658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b4e0000 LB 0x000ae000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
9696658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9706658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
9716658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9726658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
9736658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
9746658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9756658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9766658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9776658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9786658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9796658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9806658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9816658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9826658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9836658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9846658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9856658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
9866658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9876658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
9896658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9906658.3820: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000de7c90
9916658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
9926658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B536A4313E5A80627DEC88A969CB7A5CA4A9D02
9936658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9946658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9956658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b170000 'C:\WINDOWS\System32\rpcrt4.dll'
9966658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9976658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9986658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
9996658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10006658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10016658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10026658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\SystemRoot\System32\ntdll.dll'
10036658.3820: g_pfnWinVerifyTrust=00007ffa1a162b80
10046658.3820: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10056658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10066658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10076658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10086658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10096658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10106658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10116658.3820: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
10126658.3820: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10136658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10146658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10156658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10166658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10176658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10186658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10196658.3820: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
10206658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10216658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10226658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10236658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10246658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10256658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10266658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
10276658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10286658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10296658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10306658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
10316658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10326658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10336658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10346658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
10356658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10366658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10376658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10386658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
10396658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10406658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10416658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10426658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
10436658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10446658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10456658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10466658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
10476658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10486658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10496658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10506658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
10516658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10526658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10536658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10546658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
10556658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
10566658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10576658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10586658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10596658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10606658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10616658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
10626658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10636658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10646658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
10656658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10666658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10676658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
10686658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10696658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10706658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
10716658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10726658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10736658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
10746658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10756658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10766658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
10776658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10786658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10796658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
10806658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10816658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10826658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10836658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
10846658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10856658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10866658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
10876658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
10886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
10896658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
10906658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\system32\crypt32.dll'
10916658.3820: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing256
10926658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10936658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xce714256d770f586 CN=ATGRZ4002948A.net.work
10946658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10956658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xb7f9b4eee083eb00 CN=WSUS Publishers Self-signed
10966658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10976658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xe590c1ccad2fd000 CN=Microsoft Intune Root Certification Authority
10986658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
10996658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
11006658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11016658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11026658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x3504749cd781a148 CN=ATGRZ4002948A.net.work
11036658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x4389c7ac0686d200 CN=WSUS Publishers Self-signed
11046658.3820: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing
11056658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11066658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
11076658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
11086658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11096658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11106658.3820: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=com, DC=kpmgconsulting, DC=corp, CN=BEissuing
11116658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
11126658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
11136658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11146658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
11156658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11166658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
11176658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11186658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11196658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11206658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
11216658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
11226658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11236658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11246658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11256658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11266658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11276658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11286658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11296658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11306658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
11316658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11326658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11336658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11346658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11356658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
11366658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11376658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11386658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11396658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11406658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
11416658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11426658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
11436658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11446658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11456658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11466658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
11476658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
11486658.3820: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
11496658.3820: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=55
11506658.3820: SUPR3HardenedMain: Load Runtime...
11516658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
11526658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
11536658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11546658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11556658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
11566658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11576658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11586658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11596658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11606658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11616658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
11626658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
11636658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11646658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
11656658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11666658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11676658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11686658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11696658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11706658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11716658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
11726658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11736658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11746658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11756658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
11766658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11776658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
11786658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11796658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11806658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11816658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
11826658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11836658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11846658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
11856658.3820: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11866658.3820: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
11876658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
11886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
11896658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
11906658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
11916658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11926658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11936658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11946658.3820: supR3HardenedDllNotificationCallback: load 0000000068e30000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
11956658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11966658.3820: supR3HardenedDllNotificationCallback: load 0000000068d90000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11976658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11986658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c410000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
11996658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
12006658.3820: supR3HardenedDllNotificationCallback: load 00007ff966770000 LB 0x005eb000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12016658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12026658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12036658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12046658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12056658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12066658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12076658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12086658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12096658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12106658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12116658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12126658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12136658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12146658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12156658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12166658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12176658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12186658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12196658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12206658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12216658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12226658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12236658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12246658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12256658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12266658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12276658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12286658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12296658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12306658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12316658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12326658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12336658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12346658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12356658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12366658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12376658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12386658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12396658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12406658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12416658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12426658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12436658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12446658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12456658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12466658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12476658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12486658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12496658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12506658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12516658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12526658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12536658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12546658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12556658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12566658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12576658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12586658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12596658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12606658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12616658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12626658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12636658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12646658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12656658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12666658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12676658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12686658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12696658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12706658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12716658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12726658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12736658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12746658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12756658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12766658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12776658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12786658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12796658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12806658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12816658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12826658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12836658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12846658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12856658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12866658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12876658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12896658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12906658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12916658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12926658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12936658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12946658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12956658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12966658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12976658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12986658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12996658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13006658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13016658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13026658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13036658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13046658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13056658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13066658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13076658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13086658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13096658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13106658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13116658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13126658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13136658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13146658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13156658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13166658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13176658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13186658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13196658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13206658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13216658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13226658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13236658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13246658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13256658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13266658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13276658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13286658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13296658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13306658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13316658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13326658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13336658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13346658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13356658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13366658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13376658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13386658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13396658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13406658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13416658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13426658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13436658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13446658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13456658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13466658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13476658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13486658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13496658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13506658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13516658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13526658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13536658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13546658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13556658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13566658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13576658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13586658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13596658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13606658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13616658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13626658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13636658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
13646658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13656658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13666658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13676658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13686658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13696658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13706658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13716658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13726658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13736658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13746658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13756658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13766658.3820: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13776658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
13786658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff966770000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13796658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
13806658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
13816658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
13826658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13836658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a160000 'C:\WINDOWS\system32\Wintrust.dll'
13846658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
13856658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13866658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
13876658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
13886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
13896658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
13906658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\system32\crypt32.dll'
13916658.3820: SUPR3HardenedMain: Load TrustedMain...
13926658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll: Signature #1/2: info status: 24202
13936658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
13946658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13956658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13966658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
13976658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
13986658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'.
13996658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
14006658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14016658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
14026658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
14036658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14046658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14056658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
14066658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14076658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14086658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
14096658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14106658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14116658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14126658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14136658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
14146658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
14156658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14166658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
14176658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
14186658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
14196658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
14206658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14216658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14226658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14236658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14246658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14256658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14266658.3820: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
14276658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14286658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
14296658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
14306658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14316658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14326658.3820: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
14336658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
14346658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
14356658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14366658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14376658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
14386658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
14396658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
14406658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
14416658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
14426658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
14436658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
14446658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
14456658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14466658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14476658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14486658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14496658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
14506658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14516658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14526658.3820: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
14536658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
14546658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
14556658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
14566658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
14576658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14586658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14596658.3820: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
14606658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
14616658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
14626658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
14636658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14646658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14656658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14666658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14676658.3820: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
14686658.3820: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
14696658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
14706658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
14716658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14726658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14736658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14746658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14756658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14766658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
14776658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
14786658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
14796658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14806658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
14816658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
14826658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
14836658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
14846658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14856658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14866658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14876658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14886658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14896658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14906658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
14916658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
14926658.3820: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
14936658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14946658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14956658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
14966658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
14976658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
14986658.3820: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
14996658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15006658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
15016658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a1d0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
15026658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
15036658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a6e0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
15046658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15056658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1a5d0000 LB 0x0010d000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
15066658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15076658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
15086658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
15096658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'win32u.dll'.
15106658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
15116658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
15126658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b2a0000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
15136658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
15146658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1bad0000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
15156658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
15166658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b630000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
15176658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15186658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c4e0000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
15196658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
15206658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c610000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15216658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15226658.3820: supR3HardenedDllNotificationCallback: load 00007ff9c5790000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
15236658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
15246658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15256658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15266658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15276658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15286658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15296658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15306658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15316658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15326658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
15336658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15346658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15356658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
15366658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15376658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15386658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
15396658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15406658.3820: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
15416658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15426658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15436658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
15446658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15456658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15466658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
15476658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15486658.3820: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
15496658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15506658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c710000 'C:\WINDOWS\System32\kernel32.dll'
15516658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15526658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15536658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15546658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15556658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15566658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15576658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15586658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15596658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15606658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15616658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15626658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15636658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15646658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15656658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15666658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15676658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
15686658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15696658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-string-l1-1-0'
15706658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15716658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15726658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15736658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15746658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15756658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15766658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15776658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15786658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15796658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15806658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15816658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15826658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15836658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15846658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15856658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15866658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
15876658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15886658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-datetime-l1-1-1'
15896658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15906658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15916658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15926658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
15936658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15946658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15956658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15966658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15976658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15986658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15996658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16006658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
16016658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
16026658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
16036658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16046658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
16056658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
16066658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16076658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-obsolete-l1-2-0'
16086658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
16096658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
16106658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16116658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
16126658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
16136658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
16146658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16156658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
16166658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
16176658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
16186658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16196658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
16206658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
16216658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
16226658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16236658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
16246658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16256658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
16266658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
16276658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
16286658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
16296658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16306658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16316658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
16326658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16336658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16346658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
16356658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16366658.3820: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
16376658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16386658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c6e0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16396658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16406658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c6e0000 'C:\WINDOWS\system32\IMM32.DLL'
16416658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16426658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
16436658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
16446658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
16456658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16466658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
16476658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
16486658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
16496658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16506658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
16516658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9c5790000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
16526658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16536658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16546658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
16556658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16566658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16576658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
16586658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16596658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16606658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
16616658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16626658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16636658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
16646658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16656658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16666658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
16676658.3820: SUPR3HardenedMain: Calling TrustedMain (00007ff9c57933d0)...
16686658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
16696658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
16706658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
16716658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
16726658.3820: supR3HardenedDllNotificationCallback: load 00007ffa189d0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
16736658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
16746658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1c360000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
16756658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16766658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
16776658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
16786658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
16796658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16806658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16816658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16826658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16836658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16846658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16856658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16866658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16876658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16886658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16896658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16906658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16916658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
16926658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16936658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
16946658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
16956658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
16966658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
16976658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16986658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16996658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17006658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17016658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17026658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17036658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17046658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17056658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17066658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17076658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17086658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17096658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17106658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17116658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17126658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17136658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17146658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17156658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17166658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17176658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17186658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17196658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17206658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17216658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17226658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17236658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17246658.3820: supR3HardenedDllNotificationCallback: load 00007ff98e940000 LB 0x003c2000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17256658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17266658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98e940000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17276658.3820: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
17286658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
17296658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17306658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17316658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17326658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17336658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17346658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17356658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17366658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
17376658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17386658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17396658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17406658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17416658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17426658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17436658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17446658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17456658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17466658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17476658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17486658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
17496658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
17506658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17516658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
17526658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
17536658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17546658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17556658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17566658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17576658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17586658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17596658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17606658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17616658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17626658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17636658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
17646658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17656658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17666658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1b9f0000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
17676658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
17686658.3820: supR3HardenedDllNotificationCallback: load 00007ff99c970000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
17696658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17706658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99c970000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
17716658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17726658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17736658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c610000 'C:\Windows\System32\oleaut32.dll'
17746658.31b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
17756658.31b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
17766658.31b4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
17776658.31b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
17786658.31b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17796658.31b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17806658.31b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
17816658.31b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17826658.31b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17836658.31b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17846658.31b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17856658.31b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17866658.31b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17876658.31b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17886658.31b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17896658.31b4: supR3HardenedDllNotificationCallback: load 00007ff9e3d00000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
17906658.31b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17916658.31b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e3d00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
17926658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17936658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17946658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c4e0000 'C:\WINDOWS\System32\ole32.dll'
17956658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17966658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17976658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c610000 'C:\WINDOWS\System32\OLEAUT32.dll'
17986658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007b8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
17996658.3820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
18006658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
18016658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5E9B4B8E891F6D9AAF89D119CB8AAE1934ED673
18026658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
18036658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
18046658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
18056658.3820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18066658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18076658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18086658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
18096658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
18106658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
18116658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
18126658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
18136658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007bc pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18146658.3820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
18156658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
18166658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3171C0A71232B61EEEB57057418104E9B8748536
18176658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
18186658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
18196658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
18206658.3820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18216658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18226658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
18236658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18246658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18256658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18266658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
18276658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18286658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18296658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18306658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18316658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18326658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18336658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
18346658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18356658.3820: supR3HardenedDllNotificationCallback: load 00007ffa13610000 LB 0x00092000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
18366658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18376658.3820: supR3HardenedDllNotificationCallback: load 00007ffa11cf0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
18386658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
18396658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
18406658.3820: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18416658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
18426658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11cf0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
18436658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18446658.3820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
18456658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
18466658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CA332CD27CD01F33F85EB4BED516FAA617B555A
18476658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
18486658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
18496658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
18506658.3820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18516658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18526658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
18536658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
18546658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18556658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18566658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18576658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18586658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18596658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18606658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18616658.3820: supR3HardenedDllNotificationCallback: load 00007ffa11910000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
18626658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18636658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa11910000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
18646658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
18656658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18666658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-l1-2-0.dll'
18676658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
18686658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18696658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
18706658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000824 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18716658.3820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
18726658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
18736658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
18746658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
18756658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
18766658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
18776658.3820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18786658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18796658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
18806658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
18816658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18826658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
18836658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
18846658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18856658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18866658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18876658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18886658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18896658.3820: supR3HardenedDllNotificationCallback: load 00007ffa117f0000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
18906658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18916658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa117f0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
18926658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000840 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
18936658.3820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
18946658.3820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
18956658.3820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
18966658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
18976658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
18986658.3820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
18996658.3820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19006658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19016658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
19026658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
19036658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
19046658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19056658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19066658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
19076658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19086658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19096658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19106658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
19116658.3820: supR3HardenedDllNotificationCallback: load 00007ffa10bb0000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
19126658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
19136658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa10bb0000 'C:\WINDOWS\System32\amsi.dll'
19146658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
19156658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)
19166658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
19176658.3820: supR3HardenedDllNotificationCallback: load 00007ffa19e20000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
19186658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
19196658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19206658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19216658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
19226658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
19236658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll'
19246658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
19256658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
19266658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'oleaut32.dll'.
19276658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
19286658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
19296658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Windows Defender\MpOAV.dll) WinVerifyTrust
19306658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Windows Defender\MpOAV.dll
19316658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19326658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19336658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19346658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19356658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19366658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19376658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19386658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19396658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19406658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Windows Defender\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19416658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Windows Defender\MpOAV.dll
19426658.3820: supR3HardenedDllNotificationCallback: load 00007ffa10b60000 LB 0x00044000 C:\Program Files\Windows Defender\MpOav.dll [fFlags=0x0]
19436658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Windows Defender\MpOAV.dll
19446658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
19456658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19466658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
19476658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
19486658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19496658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
19506658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
19516658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19526658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
19536658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
19546658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19556658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
19566658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
19576658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19586658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-l1-2-1'
19596658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
19606658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19616658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
19626658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
19636658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19646658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19656658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19666658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
19676658.3820: supR3HardenedDllNotificationCallback: load 00007ffa181f0000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
19686658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
19696658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa181f0000 'C:\WINDOWS\system32\version.dll'
19706658.3820: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
19716658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
19726658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa10b60000 'C:\Program Files\Windows Defender\MpOav.dll'
19736658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
19746658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
19756658.3820: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
19766658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
19776658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
19786658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wintrust.dll'.
19796658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'crypt32.dll'.
19806658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
19816658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
19826658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
19836658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
19846658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
19856658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'.
19866658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shell32.dll'.
19876658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
19886658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\Bin64\symamsi.dll) WinVerifyTrust
19896658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\Bin64\symamsi.dll
19906658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19916658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19926658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19936658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19946658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19956658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
19966658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
19976658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
19986658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
19996658.3820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
20006658.3820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
20016658.3820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
20026658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
20036658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
20046658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
20056658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20066658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20076658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
20086658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20096658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20106658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20116658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20126658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20136658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20146658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20156658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20166658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20176658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20186658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20196658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
20206658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
20216658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'...
20226658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume4\Windows\System32\wintrust.dll' [rcNtRedir=0xc0150008]
20236658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
20246658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20256658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20266658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
20276658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20286658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20296658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20306658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20316658.3820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20326658.3820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
20336658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\bin64\symamsi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20346658.3820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\Bin64\symamsi.dll
20356658.3820: supR3HardenedDllNotificationCallback: load 00007ffa1aa10000 LB 0x00744000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
20366658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20376658.3820: supR3HardenedDllNotificationCallback: load 00007ffa10830000 LB 0x000e4000 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\bin64\symamsi.dll [fFlags=0x0]
20386658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\Bin64\symamsi.dll
20396658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
20406658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20416658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
20426658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
20436658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20446658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
20456658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
20466658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20476658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-synch-l1-2-0'
20486658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
20496658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20506658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-fibers-l1-1-1'
20516658.3820: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
20526658.3820: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20536658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1a300000 'api-ms-win-core-localization-l1-2-1'
20546658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa10830000 'C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5427.3000.105\bin64\symamsi.dll'
20556658.3820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20566658.3820: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20576658.3820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1b4e0000 'C:\WINDOWS\System32\ADVAPI32.dll'
20586658.7d8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
20596658.7d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
20606658.7d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20616658.7d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20626658.7d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
20636658.7d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20646658.7d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20656658.7d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20666658.7d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20676658.7d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20686658.7d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
20696658.7d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20706658.7d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20716658.7d8: supR3HardenedDllNotificationCallback: load 00007ff992210000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
20726658.7d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20736658.7d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff992210000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
20746658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20756658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20766658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c4e0000 'C:\WINDOWS\system32\ole32.dll'
20776658.32e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20786658.32e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20796658.32e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c4e0000 'C:\WINDOWS\system32\ole32.dll'
20806658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
20816658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20826658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
20836658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000948 pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
20846658.3198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
20856658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
20866658.3198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAC8C290E6A586220883FAD5DCDC734D078E5A36
20876658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
20886658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
20896658.3198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
20906658.3198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20916658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20926658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
20936658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
20946658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
20956658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
20966658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
20976658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
20986658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
20996658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
21006658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
21016658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume4\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
21026658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000954 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
21036658.3198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
21046658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
21056658.3198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6C23BF3B67A596620B7EED4DB030740A61FEE94C
21066658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21076658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21086658.3198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
21096658.3198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21106658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll) WinVerifyTrust
21116658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
21126658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21136658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21146658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21156658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21166658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21176658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
21186658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
21196658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'bcrypt.dll'.
21206658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
21216658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21226658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
21236658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
21246658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21256658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21266658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
21276658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21286658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21296658.3198: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21306658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
21316658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
21326658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21336658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21346658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21356658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21366658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21376658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21386658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21396658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
21406658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
21416658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
21426658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21436658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21446658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
21456658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21466658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21476658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
21486658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21496658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21506658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21516658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21526658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
21536658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21546658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21556658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21566658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21576658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21586658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
21596658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
21606658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll
21616658.3198: supR3HardenedDllNotificationCallback: load 00007ffa1a110000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
21626658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
21636658.3198: supR3HardenedDllNotificationCallback: load 00007ffa12eb0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
21646658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
21656658.3198: supR3HardenedDllNotificationCallback: load 00007ffa1bed0000 LB 0x00472000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
21666658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21676658.3198: supR3HardenedDllNotificationCallback: load 00007ffa10e10000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
21686658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll
21696658.3198: supR3HardenedDllNotificationCallback: load 00007ffa09300000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
21706658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
21716658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa09300000 'C:\Windows\System32\NetSetupShim.dll'
21726658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21736658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21746658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
21756658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21766658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21776658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21786658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
21796658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
21806658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
21816658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
21826658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
21836658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
21846658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
21856658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
21866658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
21876658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
21886658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
21896658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll) WinVerifyTrust
21906658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
21916658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
21926658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
21936658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
21946658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
21956658.3198: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
21966658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
21976658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
21986658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21996658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22006658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
22016658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
22026658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll) WinVerifyTrust
22036658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22046658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22056658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22066658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22076658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
22086658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22096658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
22106658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
22116658.3198: supR3HardenedDllNotificationCallback: load 00007ffa1b160000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
22126658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
22136658.3198: supR3HardenedDllNotificationCallback: load 00007ffa15da0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
22146658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
22156658.3198: supR3HardenedDllNotificationCallback: load 00007ff9e79a0000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
22166658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
22176658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e79a0000 'C:\Windows\System32\NetSetupEngine.dll'
22186658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
22196658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
22206658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
22216658.3198: supR3HardenedDllNotificationCallback: Unload 00007ff9e79a0000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
22226658.3198: supR3HardenedDllNotificationCallback: Unload 00007ffa15da0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
22236658.3198: supR3HardenedDllNotificationCallback: Unload 00007ffa1b160000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
22246658.e14: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
22256658.e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
22266658.e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22276658.e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22286658.e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
22296658.e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
22306658.e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
22316658.e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22326658.e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22336658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22346658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22356658.e14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
22366658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22376658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22386658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22396658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22406658.e14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22416658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22426658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22436658.e14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22446658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22456658.e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22466658.e14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22476658.e14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22486658.e14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22496658.e14: supR3HardenedDllNotificationCallback: load 00007ff9e3910000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22506658.e14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22516658.e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e3910000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22526658.6620: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
22536658.6620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
22546658.6620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22556658.6620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22566658.6620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22576658.6620: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22586658.6620: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22596658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22606658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22616658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22626658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22636658.6620: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22646658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22656658.6620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22666658.6620: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22676658.6620: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22686658.6620: supR3HardenedDllNotificationCallback: load 00007ff9e3800000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22696658.6620: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22706658.6620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e3800000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22716658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22726658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22736658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1aa10000 'C:\WINDOWS\system32\Shell32.dll'
22746658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'combase.dll'.
22756658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msvcp_win.dll'.
22766658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'wldp.dll'.
22776658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
22786658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
22796658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22806658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wldp.dll)
22816658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wldp.dll
22826658.3198: supR3HardenedDllNotificationCallback: load 00007ffa19890000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
22836658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
22846658.3198: supR3HardenedDllNotificationCallback: load 00007ffa17810000 LB 0x00794000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
22856658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
22866658.3198: supR3HardenedDllNotificationCallback: load 00007ffa1be20000 LB 0x000ad000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
22876658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22886658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
22896658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
22906658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
22916658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22926658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22936658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
22946658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22956658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22966658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22976658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22986658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
22996658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
23006658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [lacks WinVerifyTrust]
23016658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23026658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23036658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
23046658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23056658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23066658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
23076658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23086658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23096658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
23106658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23116658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
23126658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23136658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23146658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wldp.dll'
23156658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23166658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23176658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
23186658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23196658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23206658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff992210000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
23216658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
23226658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23236658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23246658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23256658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23266658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
23276658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23286658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
23296658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23306658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23316658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23326658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23336658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23346658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23356658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23366658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
23376658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23386658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23396658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23406658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23416658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23426658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23436658.3198: supR3HardenedDllNotificationCallback: load 00007ff9e1b90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
23446658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
23456658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e1b90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
23466658.3198: supR3HardenedDllNotificationCallback: Unload 00007ff9e1b90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
23476658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
23486658.3198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
23496658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
23506658.3198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4C882F4212D993AB8CD1218452ADE578B4E8723
23516658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23526658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23536658.3198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll'
23546658.3198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23556658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
23566658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
23576658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
23586658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
23596658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume4\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
23606658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23616658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23626658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vid.dll) WinVerifyTrust
23636658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\vid.dll
23646658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23656658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
23666658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
23676658.3198: supR3HardenedDllNotificationCallback: load 00007ffa130d0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
23686658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
23696658.3198: supR3HardenedDllNotificationCallback: load 00007ff9e2700000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
23706658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
23716658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e2700000 'C:\WINDOWS\system32\WinHvPlatform.dll'
23726658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
23736658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23746658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa130d0000 'C:\WINDOWS\system32\vid.dll'
23756658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23766658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
23776658.3198: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
23786658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
23796658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23806658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23816658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa1c810000 'C:\WINDOWS\system32\NTDLL.DLL'
23826658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23836658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
23846658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
23856658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23866658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23876658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23886658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
23896658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23906658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23916658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23926658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23936658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23946658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23956658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23966658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23976658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23986658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23996658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24006658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
24016658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
24026658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
24036658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24046658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24056658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24066658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24076658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
24086658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24096658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24106658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
24116658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24126658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24136658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
24146658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24156658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24166658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
24176658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24186658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24196658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24206658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
24216658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24226658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
24236658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
24246658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
24256658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24266658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24276658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24286658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24296658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24306658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24316658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24326658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24336658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24346658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24356658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24366658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24376658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24386658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24396658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24406658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24416658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24426658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24436658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24446658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24456658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24466658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24476658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24486658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24496658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
24506658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24516658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24526658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24536658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24546658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24556658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24566658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24576658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
24586658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24596658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24606658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
24616658.3198: supR3HardenedDllNotificationCallback: load 00007ff9b64b0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
24626658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24636658.3198: supR3HardenedDllNotificationCallback: load 00007ff965500000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
24646658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24656658.3198: supR3HardenedDllNotificationCallback: load 00007ffa19330000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
24666658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
24676658.3198: supR3HardenedDllNotificationCallback: load 00007ff965d60000 LB 0x00a03000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
24686658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
24696658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965d60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
24706658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24716658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24726658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24736658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24746658.3198: supR3HardenedDllNotificationCallback: load 00007ff9e1b90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24756658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24766658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e1b90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24776658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24786658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
24796658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24806658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98e940000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
24816658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24826658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24836658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24846658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965500000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
24856658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24866658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
24876658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
24886658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24896658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24906658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
24916658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24926658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24936658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24946658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24956658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24966658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24976658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24986658.3198: supR3HardenedDllNotificationCallback: load 00007ff9df1a0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
24996658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25006658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9df1a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
25016658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25026658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
25036658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25046658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25056658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25066658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
25076658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25086658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25096658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25106658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25116658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25126658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25136658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25146658.3198: supR3HardenedDllNotificationCallback: load 00007ff9dcee0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
25156658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25166658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9dcee0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
25176658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25186658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
25196658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25206658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25216658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25226658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
25236658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25246658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25256658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25266658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25276658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25286658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
25296658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25306658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25316658.3198: supR3HardenedDllNotificationCallback: load 00007ff9dcb70000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
25326658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25336658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9dcb70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
25346658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25356658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
25366658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25376658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25386658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25396658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
25406658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25416658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25426658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25436658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25446658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25456658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25466658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25476658.3198: supR3HardenedDllNotificationCallback: load 00007ff9dcb50000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
25486658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25496658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9dcb50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
25506658.4b60: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
25516658.4b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25526658.4b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25536658.4b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25546658.4b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25556658.4b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
25566658.4b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25576658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25586658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25596658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25606658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25616658.4b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25626658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25636658.4b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25646658.4b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25656658.4b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25666658.4b60: supR3HardenedDllNotificationCallback: load 00007ff9d78c0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
25676658.4b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25686658.4b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9d78c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
25696658.6694: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
25706658.6694: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25716658.6694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25726658.6694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25736658.6694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
25746658.6694: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
25756658.6694: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
25766658.6694: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25776658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25786658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25796658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25806658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25816658.6694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25826658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25836658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25846658.6694: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
25856658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25866658.6694: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25876658.6694: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25886658.6694: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25896658.6694: supR3HardenedDllNotificationCallback: load 00007ff9e35a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
25906658.6694: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25916658.6694: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e35a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
25926658.61ac: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
25936658.61ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
25946658.61ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25956658.61ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25966658.61ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25976658.61ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
25986658.61ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25996658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26006658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26016658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26026658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26036658.61ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
26046658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26056658.61ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26066658.61ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26076658.61ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26086658.61ac: supR3HardenedDllNotificationCallback: load 00007ff9e2d70000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26096658.61ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26106658.61ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e2d70000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26116658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26126658.3198: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
26136658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26146658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26156658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26166658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
26176658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26186658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26196658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26206658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26216658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26226658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26236658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26246658.3198: supR3HardenedDllNotificationCallback: load 00007ff9f0ef0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
26256658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26266658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0ef0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
26276658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
26286658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26296658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19330000 'C:\WINDOWS\system32\Iphlpapi.dll'
26306658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
26316658.3198: supR3HardenedDllNotificationCallback: load 00007ffa1b160000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
26326658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
26336658.3198: supR3HardenedDllNotificationCallback: load 00007ffa15da0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26346658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
26356658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26366658.3198: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
26376658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
26386658.3198: supR3HardenedDllNotificationCallback: load 00007ffa15a10000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
26396658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
26406658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26416658.3198: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
26426658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
26436658.3198: supR3HardenedDllNotificationCallback: load 00007ffa159f0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
26446658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
26456658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
26466658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
26476658.3198: supR3HardenedDllNotificationCallback: load 00007ffa19380000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
26486658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
26496658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26506658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26516658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26526658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26536658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26546658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
26556658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
26566658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d04 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
26576658.3198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
26586658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
26596658.3198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
26606658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26616658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
26626658.3198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
26636658.3198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26646658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
26656658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d08 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
26666658.3198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
26676658.3198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
26686658.3198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
26696658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26706658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
26716658.3198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
26726658.3198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26736658.3198: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
26746658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26756658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
26766658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
26776658.3198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
26786658.3198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
26796658.3198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
26806658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26816658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26826658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26836658.3198: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26846658.3198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
26856658.3198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26866658.3198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
26876658.3198: supR3HardenedDllNotificationCallback: load 00007ffa19670000 LB 0x0006a000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
26886658.3198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
26896658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19670000 'C:\WINDOWS\system32\mswsock.dll'
26906658.3198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26916658.6140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000808 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
26926658.6140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000de7c90
26936658.6140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000de7c90
26946658.6140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D52B5B313F26D198724C9A8532CECB1A8130856B
26956658.6140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18e90000 'C:\WINDOWS\system32\rsaenh.dll'
26966658.6140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa19f20000 'C:\WINDOWS\System32\crypt32.dll'
26976658.6140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0519~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
26986658.6140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26996658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27006658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
27016658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
27026658.6140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
27036658.6140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27046658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27056658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27066658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27076658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27086658.6140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
27096658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27106658.6140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27116658.6140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27126658.6140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27136658.6140: supR3HardenedDllNotificationCallback: load 00007ffa16fa0000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
27146658.6140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27156658.6140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16fa0000 'C:\WINDOWS\system32\uxtheme.dll'
27166658.6140: supR3HardenedDllNotificationCallback: load 00007ffa1b3b0000 LB 0x00116000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
27176658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27186658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
27196658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
27206658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
27216658.6140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
27226658.6140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
27236658.6140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
27246658.50a0: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
27256658.50a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
27266658.50a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
27276658.50a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ee4 (hFile=0000000000000ebc) with 0xc0000022 -> STATUS_TRUST_FAILURE
27286658.50a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
27296658.50a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ebc (hFile=0000000000000ee4) with 0xc0000022 -> STATUS_TRUST_FAILURE
27306440.1e40: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
27316440.1e40: \SystemRoot\System32\ntdll.dll:
27326440.1e40: CreationTime: 2022-01-26T09:09:57.785146600Z
27336440.1e40: LastWriteTime: 2022-01-26T09:09:57.843043300Z
27346440.1e40: ChangeTime: 2022-02-22T08:02:58.656111300Z
27356440.1e40: FileAttributes: 0x20
27366440.1e40: Size: 0x1eeb38
27376440.1e40: NT Headers: 0xe8
27386440.1e40: Timestamp: 0xe2f8ca76
27396440.1e40: Machine: 0x8664 - amd64
27406440.1e40: Timestamp: 0xe2f8ca76
27416440.1e40: Image Version: 10.0
27426440.1e40: SizeOfImage: 0x1f5000 (2052096)
27436440.1e40: Resource Dir: 0x184000 LB 0x6fe68
27446440.1e40: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
27456440.1e40: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
27466440.1e40: ProductName: Microsoft® Windows® Operating System
27476440.1e40: ProductVersion: 10.0.19041.1466
27486440.1e40: FileVersion: 10.0.19041.1466 (WinBuild.160101.0800)
27496440.1e40: FileDescription: NT Layer DLL
27506440.1e40: \SystemRoot\System32\kernel32.dll:
27516440.1e40: CreationTime: 2022-02-22T08:02:09.897289300Z
27526440.1e40: LastWriteTime: 2022-02-22T08:02:09.911885300Z
27536440.1e40: ChangeTime: 2022-02-22T08:08:15.845920600Z
27546440.1e40: FileAttributes: 0x20
27556440.1e40: Size: 0xbc058
27566440.1e40: NT Headers: 0xe8
27576440.1e40: Timestamp: 0x61b5977b
27586440.1e40: Machine: 0x8664 - amd64
27596440.1e40: Timestamp: 0x61b5977b
27606440.1e40: Image Version: 10.0
27616440.1e40: SizeOfImage: 0xbe000 (778240)
27626440.1e40: Resource Dir: 0xbc000 LB 0x520
27636440.1e40: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
27646440.1e40: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
27656440.1e40: ProductName: Microsoft® Windows® Operating System
27666440.1e40: ProductVersion: 10.0.19041.1503
27676440.1e40: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
27686440.1e40: FileDescription: Windows NT BASE API Client DLL
27696440.1e40: \SystemRoot\System32\KernelBase.dll:
27706440.1e40: CreationTime: 2022-02-22T08:02:22.000242700Z
27716440.1e40: LastWriteTime: 2022-02-22T08:02:22.056240900Z
27726440.1e40: ChangeTime: 2022-02-22T08:08:17.423888000Z
27736440.1e40: FileAttributes: 0x20
27746440.1e40: Size: 0x2c99a0
27756440.1e40: NT Headers: 0xf0
27766440.1e40: Timestamp: 0xb2acaea9
27776440.1e40: Machine: 0x8664 - amd64
27786440.1e40: Timestamp: 0xb2acaea9
27796440.1e40: Image Version: 10.0
27806440.1e40: SizeOfImage: 0x2c8000 (2916352)
27816440.1e40: Resource Dir: 0x29f000 LB 0x548
27826440.1e40: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
27836440.1e40: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
27846440.1e40: ProductName: Microsoft® Windows® Operating System
27856440.1e40: ProductVersion: 10.0.19041.1503
27866440.1e40: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
27876440.1e40: FileDescription: Windows NT BASE API Client DLL
27886440.1e40: \SystemRoot\System32\apisetschema.dll:
27896440.1e40: CreationTime: 2019-12-07T09:08:13.518339400Z
27906440.1e40: LastWriteTime: 2019-12-07T09:08:13.518339400Z
27916440.1e40: ChangeTime: 2022-02-22T08:02:58.475446500Z
27926440.1e40: FileAttributes: 0x20
27936440.1e40: Size: 0x1f538
27946440.1e40: NT Headers: 0xd0
27956440.1e40: Timestamp: 0x31288ce0
27966440.1e40: Machine: 0x8664 - amd64
27976440.1e40: Timestamp: 0x31288ce0
27986440.1e40: Image Version: 10.0
27996440.1e40: SizeOfImage: 0x20000 (131072)
28006440.1e40: Resource Dir: 0x1f000 LB 0x408
28016440.1e40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
28026440.1e40: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
28036440.1e40: ProductName: Microsoft® Windows® Operating System
28046440.1e40: ProductVersion: 10.0.19041.1
28056440.1e40: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
28066440.1e40: FileDescription: ApiSet Schema DLL
28076440.1e40: NtOpenDirectoryObject failed on \Driver: 0xc0000022
28086440.1e40: supR3HardenedWinFindAdversaries: 0x3
28096440.1e40: \SystemRoot\System32\drivers\SysPlant.sys:
28106440.1e40: CreationTime: 2020-12-15T12:49:15.665637400Z
28116440.1e40: LastWriteTime: 2021-09-28T06:28:41.689572500Z
28126440.1e40: ChangeTime: 2021-09-28T06:28:41.689572500Z
28136440.1e40: FileAttributes: 0x20
28146440.1e40: Size: 0x407f8
28156440.1e40: NT Headers: 0xe0
28166440.1e40: Timestamp: 0x607155cb
28176440.1e40: Machine: 0x8664 - amd64
28186440.1e40: Timestamp: 0x607155cb
28196440.1e40: Image Version: 5.0
28206440.1e40: SizeOfImage: 0x41000 (266240)
28216440.1e40: Resource Dir: 0x3f000 LB 0x3a8
28226440.1e40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
28236440.1e40: [Raw version resource data: 0x3f060 LB 0x348, codepage 0x0 (reserved 0x0)]
28246440.1e40: ProductName: Symantec CMC Firewall
28256440.1e40: ProductVersion: 14.3.4540.2000
28266440.1e40: FileVersion: 14.3.4540.2000
28276440.1e40: FileDescription: Symantec CMC Firewall SysPlant
28286440.1e40: \SystemRoot\System32\drivers\symevent64x86.sys:
28296440.1e40: CreationTime: 2022-01-26T08:37:29.518004800Z
28306440.1e40: LastWriteTime: 2022-01-26T08:37:29.490008200Z
28316440.1e40: ChangeTime: 2022-01-26T08:41:21.383014700Z
28326440.1e40: FileAttributes: 0x20
28336440.1e40: Size: 0x16bc0
28346440.1e40: NT Headers: 0xf0
28356440.1e40: Timestamp: 0x60921256
28366440.1e40: Machine: 0x8664 - amd64
28376440.1e40: Timestamp: 0x60921256
28386440.1e40: Image Version: 6.3
28396440.1e40: SizeOfImage: 0x21000 (135168)
28406440.1e40: Resource Dir: 0x1f000 LB 0x3cc
28416440.1e40: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
28426440.1e40: [Raw version resource data: 0x1f0b8 LB 0x314, codepage 0x4e4 (reserved 0x0)]
28436440.1e40: ProductName: SYMEVENT
28446440.1e40: ProductVersion: 14.0.7.121
28456440.1e40: FileVersion: 14.0.7.121
28466440.1e40: FileDescription: Symantec Event Library
28476440.1e40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
28486440.1e40: Calling main()
28496440.1e40: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
28506440.1e40: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
28516440.1e40: System32: \Device\HarddiskVolume4\Windows\System32
28526440.1e40: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
28536440.1e40: KnownDllPath: C:\WINDOWS\System32
28546440.1e40: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
28556440.1e40: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
28566440.1e40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
28576440.1e40: supR3HardNtEnableThreadCreationEx:
28586440.1e40: bcrypt.dll loaded at 00007ffa1a830000, BCryptOpenAlgorithmProvider at 00007ffa1a8351e0, preloading providers:
28596440.1e40: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000012a6d40)
28606440.1e40: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000012a40c0)
28616440.1e40: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000012a9080)
28626440.1e40: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000012a93a0)
28636440.1e40: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000012a96c0)
28646440.1e40: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000012a99e0)
28656440.1e40: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000012a9d00)
28666440.1e40: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000012aa020)
28676440.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
28686440.1e40: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001338d60
28696440.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001338d60
28706440.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B536A4313E5A80627DEC88A969CB7A5CA4A9D02
28716440.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\SystemRoot\System32\ntdll.dll'
28726440.1e40: g_pfnWinVerifyTrust=00007ffa1a162b80
28736440.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
28746440.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
28756440.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28766440.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
28776440.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
28786440.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
28796440.1e40: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing256
28806440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
28816440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xce714256d770f586 CN=ATGRZ4002948A.net.work
28826440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
28836440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xb7f9b4eee083eb00 CN=WSUS Publishers Self-signed
28846440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
28856440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xe590c1ccad2fd000 CN=Microsoft Intune Root Certification Authority
28866440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
28876440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
28886440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
28896440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
28906440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3504749cd781a148 CN=ATGRZ4002948A.net.work
28916440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x4389c7ac0686d200 CN=WSUS Publishers Self-signed
28926440.1e40: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing
28936440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
28946440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
28956440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
28966440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
28976440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
28986440.1e40: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=com, DC=kpmgconsulting, DC=corp, CN=BEissuing
28996440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
29006440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
29016440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
29026440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
29036440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
29046440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
29056440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
29066440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
29076440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
29086440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
29096440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
29106440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
29116440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
29126440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
29136440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
29146440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
29156440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
29166440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
29176440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
29186440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
29196440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
29206440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
29216440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
29226440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
29236440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
29246440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
29256440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
29266440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
29276440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
29286440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
29296440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
29306440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
29316440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
29326440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
29336440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
29346440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
29356440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
29366440.1e40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
29376440.1e40: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=55
29386440.1e40: SUPR3HardenedMain: Load Runtime...
29396440.1e40: SUPR3HardenedMain: Load TrustedMain...
29406440.1e40: SUPR3HardenedMain: Calling TrustedMain (00007ff99b2a16c0)...
29416440.1e40: Terminating the normal way: rcExit=0
2942334.3150: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
2943334.3150: \SystemRoot\System32\ntdll.dll:
2944334.3150: CreationTime: 2022-01-26T09:09:57.785146600Z
2945334.3150: LastWriteTime: 2022-01-26T09:09:57.843043300Z
2946334.3150: ChangeTime: 2022-02-22T08:02:58.656111300Z
2947334.3150: FileAttributes: 0x20
2948334.3150: Size: 0x1eeb38
2949334.3150: NT Headers: 0xe8
2950334.3150: Timestamp: 0xe2f8ca76
2951334.3150: Machine: 0x8664 - amd64
2952334.3150: Timestamp: 0xe2f8ca76
2953334.3150: Image Version: 10.0
2954334.3150: SizeOfImage: 0x1f5000 (2052096)
2955334.3150: Resource Dir: 0x184000 LB 0x6fe68
2956334.3150: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2957334.3150: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2958334.3150: ProductName: Microsoft® Windows® Operating System
2959334.3150: ProductVersion: 10.0.19041.1466
2960334.3150: FileVersion: 10.0.19041.1466 (WinBuild.160101.0800)
2961334.3150: FileDescription: NT Layer DLL
2962334.3150: \SystemRoot\System32\kernel32.dll:
2963334.3150: CreationTime: 2022-02-22T08:02:09.897289300Z
2964334.3150: LastWriteTime: 2022-02-22T08:02:09.911885300Z
2965334.3150: ChangeTime: 2022-02-22T08:08:15.845920600Z
2966334.3150: FileAttributes: 0x20
2967334.3150: Size: 0xbc058
2968334.3150: NT Headers: 0xe8
2969334.3150: Timestamp: 0x61b5977b
2970334.3150: Machine: 0x8664 - amd64
2971334.3150: Timestamp: 0x61b5977b
2972334.3150: Image Version: 10.0
2973334.3150: SizeOfImage: 0xbe000 (778240)
2974334.3150: Resource Dir: 0xbc000 LB 0x520
2975334.3150: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2976334.3150: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2977334.3150: ProductName: Microsoft® Windows® Operating System
2978334.3150: ProductVersion: 10.0.19041.1503
2979334.3150: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
2980334.3150: FileDescription: Windows NT BASE API Client DLL
2981334.3150: \SystemRoot\System32\KernelBase.dll:
2982334.3150: CreationTime: 2022-02-22T08:02:22.000242700Z
2983334.3150: LastWriteTime: 2022-02-22T08:02:22.056240900Z
2984334.3150: ChangeTime: 2022-02-22T08:08:17.423888000Z
2985334.3150: FileAttributes: 0x20
2986334.3150: Size: 0x2c99a0
2987334.3150: NT Headers: 0xf0
2988334.3150: Timestamp: 0xb2acaea9
2989334.3150: Machine: 0x8664 - amd64
2990334.3150: Timestamp: 0xb2acaea9
2991334.3150: Image Version: 10.0
2992334.3150: SizeOfImage: 0x2c8000 (2916352)
2993334.3150: Resource Dir: 0x29f000 LB 0x548
2994334.3150: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2995334.3150: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2996334.3150: ProductName: Microsoft® Windows® Operating System
2997334.3150: ProductVersion: 10.0.19041.1503
2998334.3150: FileVersion: 10.0.19041.1503 (WinBuild.160101.0800)
2999334.3150: FileDescription: Windows NT BASE API Client DLL
3000334.3150: \SystemRoot\System32\apisetschema.dll:
3001334.3150: CreationTime: 2019-12-07T09:08:13.518339400Z
3002334.3150: LastWriteTime: 2019-12-07T09:08:13.518339400Z
3003334.3150: ChangeTime: 2022-02-22T08:02:58.475446500Z
3004334.3150: FileAttributes: 0x20
3005334.3150: Size: 0x1f538
3006334.3150: NT Headers: 0xd0
3007334.3150: Timestamp: 0x31288ce0
3008334.3150: Machine: 0x8664 - amd64
3009334.3150: Timestamp: 0x31288ce0
3010334.3150: Image Version: 10.0
3011334.3150: SizeOfImage: 0x20000 (131072)
3012334.3150: Resource Dir: 0x1f000 LB 0x408
3013334.3150: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3014334.3150: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3015334.3150: ProductName: Microsoft® Windows® Operating System
3016334.3150: ProductVersion: 10.0.19041.1
3017334.3150: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3018334.3150: FileDescription: ApiSet Schema DLL
3019334.3150: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3020334.3150: supR3HardenedWinFindAdversaries: 0x3
3021334.3150: \SystemRoot\System32\drivers\SysPlant.sys:
3022334.3150: CreationTime: 2020-12-15T12:49:15.665637400Z
3023334.3150: LastWriteTime: 2021-09-28T06:28:41.689572500Z
3024334.3150: ChangeTime: 2021-09-28T06:28:41.689572500Z
3025334.3150: FileAttributes: 0x20
3026334.3150: Size: 0x407f8
3027334.3150: NT Headers: 0xe0
3028334.3150: Timestamp: 0x607155cb
3029334.3150: Machine: 0x8664 - amd64
3030334.3150: Timestamp: 0x607155cb
3031334.3150: Image Version: 5.0
3032334.3150: SizeOfImage: 0x41000 (266240)
3033334.3150: Resource Dir: 0x3f000 LB 0x3a8
3034334.3150: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3035334.3150: [Raw version resource data: 0x3f060 LB 0x348, codepage 0x0 (reserved 0x0)]
3036334.3150: ProductName: Symantec CMC Firewall
3037334.3150: ProductVersion: 14.3.4540.2000
3038334.3150: FileVersion: 14.3.4540.2000
3039334.3150: FileDescription: Symantec CMC Firewall SysPlant
3040334.3150: \SystemRoot\System32\drivers\symevent64x86.sys:
3041334.3150: CreationTime: 2022-01-26T08:37:29.518004800Z
3042334.3150: LastWriteTime: 2022-01-26T08:37:29.490008200Z
3043334.3150: ChangeTime: 2022-01-26T08:41:21.383014700Z
3044334.3150: FileAttributes: 0x20
3045334.3150: Size: 0x16bc0
3046334.3150: NT Headers: 0xf0
3047334.3150: Timestamp: 0x60921256
3048334.3150: Machine: 0x8664 - amd64
3049334.3150: Timestamp: 0x60921256
3050334.3150: Image Version: 6.3
3051334.3150: SizeOfImage: 0x21000 (135168)
3052334.3150: Resource Dir: 0x1f000 LB 0x3cc
3053334.3150: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3054334.3150: [Raw version resource data: 0x1f0b8 LB 0x314, codepage 0x4e4 (reserved 0x0)]
3055334.3150: ProductName: SYMEVENT
3056334.3150: ProductVersion: 14.0.7.121
3057334.3150: FileVersion: 14.0.7.121
3058334.3150: FileDescription: Symantec Event Library
3059334.3150: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3060334.3150: Calling main()
3061334.3150: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
3062334.3150: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3063334.3150: System32: \Device\HarddiskVolume4\Windows\System32
3064334.3150: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3065334.3150: KnownDllPath: C:\WINDOWS\System32
3066334.3150: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3067334.3150: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3068334.3150: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3069334.3150: supR3HardNtEnableThreadCreationEx:
3070334.3150: bcrypt.dll loaded at 00007ffa1a830000, BCryptOpenAlgorithmProvider at 00007ffa1a8351e0, preloading providers:
3071334.3150: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000dc2df0)
3072334.3150: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000dc6fe0)
3073334.3150: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000dc7300)
3074334.3150: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000dc7620)
3075334.3150: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000dc7940)
3076334.3150: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000dc7c60)
3077334.3150: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000dc7f80)
3078334.3150: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000dc82a0)
3079334.3150: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
3080334.3150: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000dea1b0
3081334.3150: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000dea1b0
3082334.3150: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B536A4313E5A80627DEC88A969CB7A5CA4A9D02
3083334.3150: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1469.cat'; file='\SystemRoot\System32\ntdll.dll'
3084334.3150: g_pfnWinVerifyTrust=00007ffa1a162b80
3085334.3150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
3086334.3150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
3087334.3150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3088334.3150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
3089334.3150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
3090334.3150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
3091334.3150: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing256
3092334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
3093334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xce714256d770f586 CN=ATGRZ4002948A.net.work
3094334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
3095334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xb7f9b4eee083eb00 CN=WSUS Publishers Self-signed
3096334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
3097334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xe590c1ccad2fd000 CN=Microsoft Intune Root Certification Authority
3098334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
3099334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
3100334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
3101334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
3102334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x3504749cd781a148 CN=ATGRZ4002948A.net.work
3103334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x4389c7ac0686d200 CN=WSUS Publishers Self-signed
3104334.3150: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=work, DC=net, CN=WORKIssuing
3105334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
3106334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
3107334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
3108334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
3109334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
3110334.3150: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=com, DC=kpmgconsulting, DC=corp, CN=BEissuing
3111334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
3112334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
3113334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
3114334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
3115334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
3116334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
3117334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
3118334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
3119334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
3120334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
3121334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
3122334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
3123334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
3124334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
3125334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
3126334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
3127334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
3128334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
3129334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
3130334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
3131334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
3132334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
3133334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
3134334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
3135334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
3136334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
3137334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
3138334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
3139334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
3140334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
3141334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
3142334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
3143334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
3144334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
3145334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
3146334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x8aea25897b6edf00 CN=BERoot256
3147334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
3148334.3150: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad2349eaefc9100 DC=com, DC=kpmgconsulting, DC=corp, CN=BEroot
3149334.3150: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=55
3150334.3150: SUPR3HardenedMain: Load Runtime...
3151334.3150: SUPR3HardenedMain: Load TrustedMain...
3152334.3150: SUPR3HardenedMain: Calling TrustedMain (00007ff99b2a16c0)...
3153334.3150: Terminating the normal way: rcExit=0

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy