VirtualBox

Ticket #19324: Windows Server 2008 R2-2020-02-24-11-01-27 (VBoxHardening - from crash).2.log

File Windows Server 2008 R2-2020-02-24-11-01-27 (VBoxHardening - from crash).2.log, 453.0 KB (added by Mark Cranness, 5 years ago)

This one just after a crash

Line 
14390.2f04: Log file opened: 6.1.2r135662 g_hStartupLog=0000000000000094 g_uNtVerCombined=0xa047ba00
24390.2f04: \SystemRoot\System32\ntdll.dll:
34390.2f04: CreationTime: 2020-02-12T07:19:30.132238800Z
44390.2f04: LastWriteTime: 2020-02-12T07:19:30.162494800Z
54390.2f04: ChangeTime: 2020-02-12T07:26:33.159262200Z
64390.2f04: FileAttributes: 0x20
74390.2f04: Size: 0x1e8458
84390.2f04: NT Headers: 0xd8
94390.2f04: Timestamp: 0x64d10ee0
104390.2f04: Machine: 0x8664 - amd64
114390.2f04: Timestamp: 0x64d10ee0
124390.2f04: Image Version: 10.0
134390.2f04: SizeOfImage: 0x1f0000 (2031616)
144390.2f04: Resource Dir: 0x17f000 LB 0x6f310
154390.2f04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164390.2f04: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174390.2f04: ProductName: Microsoft® Windows® Operating System
184390.2f04: ProductVersion: 10.0.18362.657
194390.2f04: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
204390.2f04: FileDescription: NT Layer DLL
214390.2f04: \SystemRoot\System32\kernel32.dll:
224390.2f04: CreationTime: 2019-09-10T22:39:29.514755700Z
234390.2f04: LastWriteTime: 2019-09-10T22:39:29.527443800Z
244390.2f04: ChangeTime: 2020-02-12T07:19:59.588854400Z
254390.2f04: FileAttributes: 0x20
264390.2f04: Size: 0xb0570
274390.2f04: NT Headers: 0xe8
284390.2f04: Timestamp: 0xd0cecc10
294390.2f04: Machine: 0x8664 - amd64
304390.2f04: Timestamp: 0xd0cecc10
314390.2f04: Image Version: 10.0
324390.2f04: SizeOfImage: 0xb2000 (729088)
334390.2f04: Resource Dir: 0xb0000 LB 0x520
344390.2f04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354390.2f04: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364390.2f04: ProductName: Microsoft® Windows® Operating System
374390.2f04: ProductVersion: 10.0.18362.329
384390.2f04: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
394390.2f04: FileDescription: Windows NT BASE API Client DLL
404390.2f04: \SystemRoot\System32\KernelBase.dll:
414390.2f04: CreationTime: 2020-02-12T07:19:30.527518200Z
424390.2f04: LastWriteTime: 2020-02-12T07:19:30.574366200Z
434390.2f04: ChangeTime: 2020-02-12T07:26:32.300090000Z
444390.2f04: FileAttributes: 0x20
454390.2f04: Size: 0x2a3508
464390.2f04: NT Headers: 0xf0
474390.2f04: Timestamp: 0xf96f12ee
484390.2f04: Machine: 0x8664 - amd64
494390.2f04: Timestamp: 0xf96f12ee
504390.2f04: Image Version: 10.0
514390.2f04: SizeOfImage: 0x2a3000 (2764800)
524390.2f04: Resource Dir: 0x27d000 LB 0x548
534390.2f04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544390.2f04: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554390.2f04: ProductName: Microsoft® Windows® Operating System
564390.2f04: ProductVersion: 10.0.18362.628
574390.2f04: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
584390.2f04: FileDescription: Windows NT BASE API Client DLL
594390.2f04: \SystemRoot\System32\apisetschema.dll:
604390.2f04: CreationTime: 2019-03-19T04:43:54.837151500Z
614390.2f04: LastWriteTime: 2019-03-19T04:43:54.837151500Z
624390.2f04: ChangeTime: 2020-02-12T07:19:59.582022500Z
634390.2f04: FileAttributes: 0x20
644390.2f04: Size: 0x1d028
654390.2f04: NT Headers: 0xc8
664390.2f04: Timestamp: 0xd6ced080
674390.2f04: Machine: 0x8664 - amd64
684390.2f04: Timestamp: 0xd6ced080
694390.2f04: Image Version: 10.0
704390.2f04: SizeOfImage: 0x1e000 (122880)
714390.2f04: Resource Dir: 0x1d000 LB 0x408
724390.2f04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734390.2f04: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744390.2f04: ProductName: Microsoft® Windows® Operating System
754390.2f04: ProductVersion: 10.0.18362.1
764390.2f04: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
774390.2f04: FileDescription: ApiSet Schema DLL
784390.2f04: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794390.2f04: supR3HardenedWinFindAdversaries: 0x80
804390.2f04: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
814390.2f04: CreationTime: 2018-09-06T04:58:57.414771000Z
824390.2f04: LastWriteTime: 2018-09-27T21:40:37.008033600Z
834390.2f04: ChangeTime: 2019-08-11T01:35:40.506356200Z
844390.2f04: FileAttributes: 0x20
854390.2f04: Size: 0x3f520
864390.2f04: NT Headers: 0xf8
874390.2f04: Timestamp: 0x5b568210
884390.2f04: Machine: 0x8664 - amd64
894390.2f04: Timestamp: 0x5b568210
904390.2f04: Image Version: 10.0
914390.2f04: SizeOfImage: 0x41000 (266240)
924390.2f04: Resource Dir: 0x3f000 LB 0x3b8
934390.2f04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
944390.2f04: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
954390.2f04: ProductName: Malwarebytes SwissArmy
964390.2f04: ProductVersion: 4.3.0.161
974390.2f04: FileVersion: 4.3.0.161
984390.2f04: FileDescription: Malwarebytes SwissArmy
994390.2f04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1004390.2f04: Calling main()
1014390.2f04: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1024390.2f04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1034390.2f04: SUPR3HardenedMain: Respawn #1
1044390.2f04: System32: \Device\HarddiskVolume4\Windows\System32
1054390.2f04: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1064390.2f04: KnownDllPath: C:\WINDOWS\System32
1074390.2f04: supR3HardenedWinInit: Performing a limited self purification...
1084390.2f04: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1094390.2f04: *0000000000000000-0000000000d0ffff 0x0001/0x0000 0x0000000
1104390.2f04: *0000000000d10000-0000000000d1ffff 0x0004/0x0004 0x0040000
1114390.2f04: 0000000000d20000-0000000000d2ffff 0x0001/0x0000 0x0000000
1124390.2f04: *0000000000d30000-0000000000d4afff 0x0002/0x0002 0x0040000
1134390.2f04: 0000000000d4b000-0000000000d4ffff 0x0001/0x0000 0x0000000
1144390.2f04: *0000000000d50000-0000000000d53fff 0x0002/0x0002 0x0040000
1154390.2f04: 0000000000d54000-0000000000d5ffff 0x0001/0x0000 0x0000000
1164390.2f04: *0000000000d60000-0000000000d61fff 0x0004/0x0004 0x0020000
1174390.2f04: 0000000000d62000-0000000000d6ffff 0x0001/0x0000 0x0000000
1184390.2f04: *0000000000d70000-0000000000d70fff 0x0004/0x0004 0x0020000
1194390.2f04: 0000000000d71000-0000000000da1fff 0x0000/0x0004 0x0020000
1204390.2f04: 0000000000da2000-0000000000dbffff 0x0001/0x0000 0x0000000
1214390.2f04: *0000000000dc0000-0000000000dcefff 0x0004/0x0004 0x0020000
1224390.2f04: 0000000000dcf000-0000000000dcffff 0x0000/0x0004 0x0020000
1234390.2f04: 0000000000dd0000-0000000000dfffff 0x0001/0x0000 0x0000000
1244390.2f04: *0000000000e00000-0000000000e78fff 0x0000/0x0004 0x0020000
1254390.2f04: 0000000000e79000-0000000000e7bfff 0x0004/0x0004 0x0020000
1264390.2f04: 0000000000e7c000-0000000000ffffff 0x0000/0x0004 0x0020000
1274390.2f04: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
1284390.2f04: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
1294390.2f04: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
1304390.2f04: *0000000001100000-00000000011c6fff 0x0002/0x0002 0x0040000
1314390.2f04: 00000000011c7000-00000000011cffff 0x0001/0x0000 0x0000000
1324390.2f04: *00000000011d0000-00000000011d1fff 0x0004/0x0004 0x0020000
1334390.2f04: 00000000011d2000-0000000001201fff 0x0000/0x0004 0x0020000
1344390.2f04: 0000000001202000-00000000012bffff 0x0001/0x0000 0x0000000
1354390.2f04: *00000000012c0000-00000000012d0fff 0x0004/0x0004 0x0020000
1364390.2f04: 00000000012d1000-00000000013bffff 0x0000/0x0004 0x0020000
1374390.2f04: *00000000013c0000-00000000013c1fff 0x0000/0x0004 0x0020000
1384390.2f04: 00000000013c2000-00000000015b2fff 0x0004/0x0004 0x0020000
1394390.2f04: 00000000015b3000-00000000015b3fff 0x0000/0x0004 0x0020000
1404390.2f04: 00000000015b4000-00000000015bffff 0x0001/0x0000 0x0000000
1414390.2f04: *00000000015c0000-00000000015dcfff 0x0004/0x0004 0x0020000
1424390.2f04: 00000000015dd000-00000000016bffff 0x0000/0x0004 0x0020000
1434390.2f04: 00000000016c0000-000000007ffdffff 0x0001/0x0000 0x0000000
1444390.2f04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1454390.2f04: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
1464390.2f04: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
1474390.2f04: 000000007ffeb000-00007ff49f00ffff 0x0001/0x0000 0x0000000
1484390.2f04: *00007ff49f010000-00007ff49f014fff 0x0002/0x0002 0x0040000
1494390.2f04: 00007ff49f015000-00007ff49f10ffff 0x0000/0x0002 0x0040000
1504390.2f04: *00007ff49f110000-00007ff59f12ffff 0x0000/0x0004 0x0020000
1514390.2f04: *00007ff59f130000-00007ff5a112ffff 0x0000/0x0004 0x0020000
1524390.2f04: 00007ff5a1130000-00007ff5a1130fff 0x0004/0x0004 0x0020000
1534390.2f04: 00007ff5a1131000-00007ff5a113ffff 0x0001/0x0000 0x0000000
1544390.2f04: *00007ff5a1140000-00007ff5a1140fff 0x0002/0x0002 0x0040000
1554390.2f04: 00007ff5a1141000-00007ff5a114ffff 0x0001/0x0000 0x0000000
1564390.2f04: *00007ff5a1150000-00007ff5a1172fff 0x0002/0x0002 0x0040000
1574390.2f04: 00007ff5a1173000-00007ff65fc2ffff 0x0001/0x0000 0x0000000
1584390.2f04: *00007ff65fc30000-00007ff65fc30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1594390.2f04: 00007ff65fc31000-00007ff65fca6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1604390.2f04: 00007ff65fca7000-00007ff65fca7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1614390.2f04: 00007ff65fca8000-00007ff65fceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1624390.2f04: 00007ff65fcf0000-00007ff65fcf2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1634390.2f04: 00007ff65fcf3000-00007ff65fcf5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1644390.2f04: 00007ff65fcf6000-00007ff65fcf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1654390.2f04: 00007ff65fcf9000-00007ff65fcf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1664390.2f04: 00007ff65fcfa000-00007ff65fcfbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1674390.2f04: 00007ff65fcfc000-00007ff65fcfcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1684390.2f04: 00007ff65fcfd000-00007ff65fd45fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1694390.2f04: 00007ff65fd46000-00007ffde239ffff 0x0001/0x0000 0x0000000
1704390.2f04: *00007ffde23a0000-00007ffde23a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1714390.2f04: 00007ffde23a1000-00007ffde23edfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1724390.2f04: 00007ffde23ee000-00007ffde240ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1734390.2f04: 00007ffde2410000-00007ffde2412fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1744390.2f04: 00007ffde2413000-00007ffde242efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1754390.2f04: 00007ffde242f000-00007ffde43dffff 0x0001/0x0000 0x0000000
1764390.2f04: *00007ffde43e0000-00007ffde43e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1774390.2f04: 00007ffde43e1000-00007ffde44e5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1784390.2f04: 00007ffde44e6000-00007ffde4647fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1794390.2f04: 00007ffde4648000-00007ffde464bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1804390.2f04: 00007ffde464c000-00007ffde464cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1814390.2f04: 00007ffde464d000-00007ffde4682fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1824390.2f04: 00007ffde4683000-00007ffde54dffff 0x0001/0x0000 0x0000000
1834390.2f04: *00007ffde54e0000-00007ffde54e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1844390.2f04: 00007ffde54e1000-00007ffde5555fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1854390.2f04: 00007ffde5556000-00007ffde5587fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1864390.2f04: 00007ffde5588000-00007ffde5588fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1874390.2f04: 00007ffde5589000-00007ffde5589fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1884390.2f04: 00007ffde558a000-00007ffde5591fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1894390.2f04: 00007ffde5592000-00007ffde729ffff 0x0001/0x0000 0x0000000
1904390.2f04: *00007ffde72a0000-00007ffde72a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1914390.2f04: 00007ffde72a1000-00007ffde73b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1924390.2f04: 00007ffde73b8000-00007ffde73fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1934390.2f04: 00007ffde73ff000-00007ffde73fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1944390.2f04: 00007ffde7400000-00007ffde7401fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1954390.2f04: 00007ffde7402000-00007ffde740afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1964390.2f04: 00007ffde740b000-00007ffde748ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1974390.2f04: 00007ffde7490000-00007ffffffeffff 0x0001/0x0000 0x0000000
1984390.2f04: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
1994390.2f04: kernelbase.dll: timestamp 0xf96f12ee (rc=VINF_SUCCESS)
2004390.2f04: apphelp.dll: timestamp 0xff74693c (rc=VINF_SUCCESS)
2014390.2f04: VirtualBoxVM.exe: timestamp 0x5e1f1d0f (rc=VINF_SUCCESS)
2024390.2f04: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2034390.2f04: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2044390.2f04: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
2054390.2f04: 00007ffde23efe98 / 0x004fe98: 90 != e0
2064390.2f04: 00007ffde23efe99 / 0x004fe99: e1 != ed
2074390.2f04: 00007ffde23efe9a / 0x004fe9a: 45 != 4f
2084390.2f04: 00007ffde23efe9b / 0x004fe9b: e4 != e5
2094390.2f04: 00007ffde23efea0 / 0x004fea0: 00 != 50
2104390.2f04: 00007ffde23efea1 / 0x004fea1: 0a != 5e
2114390.2f04: 00007ffde23efea2 / 0x004fea2: 43 != 4f
2124390.2f04: 00007ffde23efea3 / 0x004fea3: e4 != e5
2134390.2f04: 00007ffde23efea8 / 0x004fea8: 00 != b0
2144390.2f04: 00007ffde23efea9 / 0x004fea9: 48 != 1d
2154390.2f04: 00007ffde23efeaa / 0x004feaa: 44 != 50
2164390.2f04: 00007ffde23efeab / 0x004feab: e4 != e5
2174390.2f04: 00007ffde23efeb1 / 0x004feb1: a7 != b7
2184390.2f04: 00007ffde23efeb2 / 0x004feb2: 44 != 4f
2194390.2f04: 00007ffde23efeb3 / 0x004feb3: e4 != e5
2204390.2f04: 00007ffde23efeb9 / 0x004feb9: 22 != 1d
2214390.2f04: 00007ffde23efeba / 0x004feba: 44 != 50
2224390.2f04: 00007ffde23efebb / 0x004febb: e4 != e5
2234390.2f04: 00007ffde23efec0 / 0x004fec0: 90 != 40
2244390.2f04: 00007ffde23efec1 / 0x004fec1: bc != be
2254390.2f04: 00007ffde23efec2 / 0x004fec2: 43 != 4f
2264390.2f04: 00007ffde23efec3 / 0x004fec3: e4 != e5
2274390.2f04: 00007ffde23efec8 / 0x004fec8: b0 != 60
2284390.2f04: 00007ffde23efec9 / 0x004fec9: 66 != a1
2294390.2f04: 00007ffde23efeca / 0x004feca: 44 != 4f
2304390.2f04: 00007ffde23efecb / 0x004fecb: e4 != e5
2314390.2f04: 00007ffde23efed8 / 0x004fed8: c0 != a0
2324390.2f04: 00007ffde23efed9 / 0x004fed9: 72 != a1
2334390.2f04: 00007ffde23efeda / 0x004feda: 40 != 4f
2344390.2f04: 00007ffde23efedb / 0x004fedb: e4 != e5
2354390.2f04: Restored 0x2000 bytes of original file content at 00007ffde23ee000
2364390.2f04: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
2374390.2f04: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2384390.2f04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2394390.2f04: supR3HardNtEnableThreadCreationEx:
2404390.2f04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffde73117f0 pvNtTerminateThread=00007ffde733cb10
2414390.2f04: supR3HardenedWinDoReSpawn(1): New child 5250.40f0 [kernel32].
2424390.2f04: supR3HardNtChildGatherData: PebBaseAddress=0000000000e37000 cbPeb=0x388
2434390.2f04: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffde72a0000 uNtDllChildAddr=00007ffde72a0000
2444390.2f04: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffde73117f0
2454390.2f04: supR3HardenedWinSetupChildInit: Initial context:
246 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65fc37900 rdx=0000000000e37000
247 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
248 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
249 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
250 rip=00007ffde730ceb0 rsp=00000000010ff878 rbp=0000000000000000 ctxflags=0010001b
251 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
252 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
253 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
254 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
255 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2564390.2f04: supR3HardenedWinSetupChildInit: Start child.
2574390.2f04: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2584390.2f04: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
2594390.2f04: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2604390.2f04: *0000000000000000-0000000000d9ffff 0x0001/0x0000 0x0000000
2614390.2f04: *0000000000da0000-0000000000dbffff 0x0004/0x0004 0x0020000
2624390.2f04: *0000000000dc0000-0000000000ddafff 0x0002/0x0002 0x0040000
2634390.2f04: 0000000000ddb000-0000000000ddffff 0x0001/0x0000 0x0000000
2644390.2f04: *0000000000de0000-0000000000de3fff 0x0002/0x0002 0x0040000
2654390.2f04: 0000000000de4000-0000000000deffff 0x0001/0x0000 0x0000000
2664390.2f04: *0000000000df0000-0000000000df1fff 0x0004/0x0004 0x0020000
2674390.2f04: 0000000000df2000-0000000000dfffff 0x0001/0x0000 0x0000000
2684390.2f04: *0000000000e00000-0000000000e36fff 0x0000/0x0004 0x0020000
2694390.2f04: 0000000000e37000-0000000000e39fff 0x0004/0x0004 0x0020000
2704390.2f04: 0000000000e3a000-0000000000ffffff 0x0000/0x0004 0x0020000
2714390.2f04: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
2724390.2f04: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
2734390.2f04: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
2744390.2f04: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
2754390.2f04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2764390.2f04: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
2774390.2f04: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
2784390.2f04: 000000007ffeb000-00007ff55237ffff 0x0001/0x0000 0x0000000
2794390.2f04: *00007ff552380000-00007ff552380fff 0x0002/0x0002 0x0040000
2804390.2f04: 00007ff552381000-00007ff55238ffff 0x0001/0x0000 0x0000000
2814390.2f04: *00007ff552390000-00007ff5523b2fff 0x0002/0x0002 0x0040000
2824390.2f04: 00007ff5523b3000-00007ff65fc2ffff 0x0001/0x0000 0x0000000
2834390.2f04: *00007ff65fc30000-00007ff65fc30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2844390.2f04: 00007ff65fc31000-00007ff65fca6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2854390.2f04: 00007ff65fca7000-00007ff65fca7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2864390.2f04: 00007ff65fca8000-00007ff65fceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2874390.2f04: 00007ff65fcf0000-00007ff65fcf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2884390.2f04: 00007ff65fcf1000-00007ff65fcf1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2894390.2f04: 00007ff65fcf2000-00007ff65fcf6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2904390.2f04: 00007ff65fcf7000-00007ff65fcf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2914390.2f04: 00007ff65fcf8000-00007ff65fcf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2924390.2f04: 00007ff65fcf9000-00007ff65fcfcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2934390.2f04: 00007ff65fcfd000-00007ff65fd45fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2944390.2f04: 00007ff65fd46000-00007ffde729ffff 0x0001/0x0000 0x0000000
2954390.2f04: *00007ffde72a0000-00007ffde72a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2964390.2f04: 00007ffde72a1000-00007ffde73b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2974390.2f04: 00007ffde73b8000-00007ffde73fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2984390.2f04: 00007ffde73ff000-00007ffde740afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2994390.2f04: 00007ffde740b000-00007ffde7419fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3004390.2f04: 00007ffde741a000-00007ffde741afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3014390.2f04: 00007ffde741b000-00007ffde741dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3024390.2f04: 00007ffde741e000-00007ffde748ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3034390.2f04: 00007ffde7490000-00007ffffffeffff 0x0001/0x0000 0x0000000
3044390.2f04: supR3HardNtChildPurify: Done after 533 ms and 0 fixes (loop #0).
3055250.40f0: Log file opened: 6.1.2r135662 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
3065250.40f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffde72a0000 g_uNtVerCombined=0xa047ba00 (stack ~00000000010ff308)
3075250.40f0: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
3085250.40f0: New simple heap: #1 0000000001200000 LB 0x400000 (for 2031616 allocation)
3095250.40f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3104390.2f04: supR3HardNtEnableThreadCreationEx:
3115250.40f0: System32: \Device\HarddiskVolume4\Windows\System32
3125250.40f0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3135250.40f0: KnownDllPath: C:\WINDOWS\System32
3145250.40f0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3155250.40f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3165250.40f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3175250.40f0: Registered Dll notification callback with NTDLL.
3185250.40f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3195250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3205250.40f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3215250.40f0: supR3HardenedDllNotificationCallback: load 00007ffde43e0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3225250.40f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3235250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3245250.40f0: supR3HardenedDllNotificationCallback: load 00007ffde54e0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3255250.40f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3265250.40f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
3275250.40f0: supR3HardenedDllNotificationCallback: load 00007ff65fc30000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3285250.40f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3295250.40f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3305250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3315250.40f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffde73117f0 pvNtTerminateThread=00007ffde733cb10
3324390.2f04: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 72 ms.
3335250.40f0: \SystemRoot\System32\ntdll.dll:
3345250.40f0: CreationTime: 2020-02-12T07:19:30.132238800Z
3355250.40f0: LastWriteTime: 2020-02-12T07:19:30.162494800Z
3365250.40f0: ChangeTime: 2020-02-12T07:26:33.159262200Z
3375250.40f0: FileAttributes: 0x20
3385250.40f0: Size: 0x1e8458
3395250.40f0: NT Headers: 0xd8
3405250.40f0: Timestamp: 0x64d10ee0
3415250.40f0: Machine: 0x8664 - amd64
3425250.40f0: Timestamp: 0x64d10ee0
3435250.40f0: Image Version: 10.0
3445250.40f0: SizeOfImage: 0x1f0000 (2031616)
3455250.40f0: Resource Dir: 0x17f000 LB 0x6f310
3465250.40f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3475250.40f0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3485250.40f0: ProductName: Microsoft® Windows® Operating System
3495250.40f0: ProductVersion: 10.0.18362.657
3505250.40f0: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
3515250.40f0: FileDescription: NT Layer DLL
3525250.40f0: \SystemRoot\System32\kernel32.dll:
3535250.40f0: CreationTime: 2019-09-10T22:39:29.514755700Z
3545250.40f0: LastWriteTime: 2019-09-10T22:39:29.527443800Z
3555250.40f0: ChangeTime: 2020-02-12T07:19:59.588854400Z
3565250.40f0: FileAttributes: 0x20
3575250.40f0: Size: 0xb0570
3585250.40f0: NT Headers: 0xe8
3595250.40f0: Timestamp: 0xd0cecc10
3605250.40f0: Machine: 0x8664 - amd64
3615250.40f0: Timestamp: 0xd0cecc10
3625250.40f0: Image Version: 10.0
3635250.40f0: SizeOfImage: 0xb2000 (729088)
3645250.40f0: Resource Dir: 0xb0000 LB 0x520
3655250.40f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3665250.40f0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3675250.40f0: ProductName: Microsoft® Windows® Operating System
3685250.40f0: ProductVersion: 10.0.18362.329
3695250.40f0: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
3705250.40f0: FileDescription: Windows NT BASE API Client DLL
3715250.40f0: \SystemRoot\System32\KernelBase.dll:
3725250.40f0: CreationTime: 2020-02-12T07:19:30.527518200Z
3735250.40f0: LastWriteTime: 2020-02-12T07:19:30.574366200Z
3745250.40f0: ChangeTime: 2020-02-12T07:26:32.300090000Z
3755250.40f0: FileAttributes: 0x20
3765250.40f0: Size: 0x2a3508
3775250.40f0: NT Headers: 0xf0
3785250.40f0: Timestamp: 0xf96f12ee
3795250.40f0: Machine: 0x8664 - amd64
3805250.40f0: Timestamp: 0xf96f12ee
3815250.40f0: Image Version: 10.0
3825250.40f0: SizeOfImage: 0x2a3000 (2764800)
3835250.40f0: Resource Dir: 0x27d000 LB 0x548
3845250.40f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3855250.40f0: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3865250.40f0: ProductName: Microsoft® Windows® Operating System
3875250.40f0: ProductVersion: 10.0.18362.628
3885250.40f0: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
3895250.40f0: FileDescription: Windows NT BASE API Client DLL
3905250.40f0: \SystemRoot\System32\apisetschema.dll:
3915250.40f0: CreationTime: 2019-03-19T04:43:54.837151500Z
3925250.40f0: LastWriteTime: 2019-03-19T04:43:54.837151500Z
3935250.40f0: ChangeTime: 2020-02-12T07:19:59.582022500Z
3945250.40f0: FileAttributes: 0x20
3955250.40f0: Size: 0x1d028
3965250.40f0: NT Headers: 0xc8
3975250.40f0: Timestamp: 0xd6ced080
3985250.40f0: Machine: 0x8664 - amd64
3995250.40f0: Timestamp: 0xd6ced080
4005250.40f0: Image Version: 10.0
4015250.40f0: SizeOfImage: 0x1e000 (122880)
4025250.40f0: Resource Dir: 0x1d000 LB 0x408
4035250.40f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4045250.40f0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4055250.40f0: ProductName: Microsoft® Windows® Operating System
4065250.40f0: ProductVersion: 10.0.18362.1
4075250.40f0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
4085250.40f0: FileDescription: ApiSet Schema DLL
4095250.40f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4105250.40f0: supR3HardenedWinFindAdversaries: 0x80
4115250.40f0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
4125250.40f0: CreationTime: 2018-09-06T04:58:57.414771000Z
4135250.40f0: LastWriteTime: 2018-09-27T21:40:37.008033600Z
4145250.40f0: ChangeTime: 2019-08-11T01:35:40.506356200Z
4155250.40f0: FileAttributes: 0x20
4165250.40f0: Size: 0x3f520
4175250.40f0: NT Headers: 0xf8
4185250.40f0: Timestamp: 0x5b568210
4195250.40f0: Machine: 0x8664 - amd64
4205250.40f0: Timestamp: 0x5b568210
4215250.40f0: Image Version: 10.0
4225250.40f0: SizeOfImage: 0x41000 (266240)
4235250.40f0: Resource Dir: 0x3f000 LB 0x3b8
4245250.40f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4255250.40f0: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
4265250.40f0: ProductName: Malwarebytes SwissArmy
4275250.40f0: ProductVersion: 4.3.0.161
4285250.40f0: FileVersion: 4.3.0.161
4295250.40f0: FileDescription: Malwarebytes SwissArmy
4305250.40f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4315250.40f0: Calling main()
4325250.40f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4335250.40f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4345250.40f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4355250.40f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4365250.40f0: SUPR3HardenedMain: Respawn #2
4375250.40f0: supR3HardNtEnableThreadCreationEx:
4385250.40f0: supR3HardenedDllNotificationCallback: load 00007ffde6df0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4395250.40f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4405250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4415250.40f0: supR3HardenedDllNotificationCallback: load 00007ffde71c0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4425250.40f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4435250.40f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
4445250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
4455250.40f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4465250.40f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
4475250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4485250.40f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4495250.40f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4505250.40f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4515250.40f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4525250.40f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde72a0000 'C:\WINDOWS\System32\ntdll.dll'
4535250.40f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
4545250.40f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
4555250.40f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4565250.40f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4575250.40f0: supR3HardenedDllNotificationCallback: load 00007ffde23a0000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
4585250.40f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4595250.40f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
4605250.40f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4615250.40f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde72a0000 'C:\WINDOWS\System32\ntdll.dll'
4625250.40f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde23a0000 'C:\WINDOWS\system32\apphelp.dll'
4635250.40f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffde73117f0 pvNtTerminateThread=00007ffde733cb10
4645250.40f0: supR3HardenedWinDoReSpawn(2): New child 4818.43d4 [kernel32].
4655250.40f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
4665250.40f0: supR3HardNtChildGatherData: PebBaseAddress=000000000072f000 cbPeb=0x388
4675250.40f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffde72a0000 uNtDllChildAddr=00007ffde72a0000
4685250.40f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffde73117f0
4695250.40f0: supR3HardenedWinSetupChildInit: Initial context:
470 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65fc37900 rdx=000000000072f000
471 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
472 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
473 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
474 rip=00007ffde730ceb0 rsp=00000000005cfcb8 rbp=0000000000000000 ctxflags=0010001b
475 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
476 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
477 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
478 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
479 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4805250.40f0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
4815250.40f0: supR3HardenedWinSetupChildInit: Start child.
4825250.40f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
4835250.40f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 58 sleeps
4845250.40f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4855250.40f0: *0000000000000000-000000000048ffff 0x0001/0x0000 0x0000000
4865250.40f0: *0000000000490000-00000000004affff 0x0004/0x0004 0x0020000
4875250.40f0: *00000000004b0000-00000000004cafff 0x0002/0x0002 0x0040000
4885250.40f0: 00000000004cb000-00000000004cffff 0x0001/0x0000 0x0000000
4895250.40f0: *00000000004d0000-00000000005cafff 0x0000/0x0004 0x0020000
4905250.40f0: 00000000005cb000-00000000005cdfff 0x0104/0x0004 0x0020000
4915250.40f0: 00000000005ce000-00000000005cffff 0x0004/0x0004 0x0020000
4925250.40f0: *00000000005d0000-00000000005d3fff 0x0002/0x0002 0x0040000
4935250.40f0: 00000000005d4000-00000000005dffff 0x0001/0x0000 0x0000000
4945250.40f0: *00000000005e0000-00000000005e1fff 0x0004/0x0004 0x0020000
4955250.40f0: 00000000005e2000-00000000005fffff 0x0001/0x0000 0x0000000
4965250.40f0: *0000000000600000-000000000072efff 0x0000/0x0004 0x0020000
4975250.40f0: 000000000072f000-0000000000731fff 0x0004/0x0004 0x0020000
4985250.40f0: 0000000000732000-00000000007fffff 0x0000/0x0004 0x0020000
4995250.40f0: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
5005250.40f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5015250.40f0: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
5025250.40f0: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
5035250.40f0: 000000007ffeb000-00007ff5345cffff 0x0001/0x0000 0x0000000
5045250.40f0: *00007ff5345d0000-00007ff5345d0fff 0x0002/0x0002 0x0040000
5055250.40f0: 00007ff5345d1000-00007ff5345dffff 0x0001/0x0000 0x0000000
5065250.40f0: *00007ff5345e0000-00007ff534602fff 0x0002/0x0002 0x0040000
5075250.40f0: 00007ff534603000-00007ff65fc2ffff 0x0001/0x0000 0x0000000
5085250.40f0: *00007ff65fc30000-00007ff65fc30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5095250.40f0: 00007ff65fc31000-00007ff65fca6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5105250.40f0: 00007ff65fca7000-00007ff65fca7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5115250.40f0: 00007ff65fca8000-00007ff65fceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5125250.40f0: 00007ff65fcf0000-00007ff65fcf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5135250.40f0: 00007ff65fcf1000-00007ff65fcf1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5145250.40f0: 00007ff65fcf2000-00007ff65fcf6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5155250.40f0: 00007ff65fcf7000-00007ff65fcf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5165250.40f0: 00007ff65fcf8000-00007ff65fcf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5175250.40f0: 00007ff65fcf9000-00007ff65fcfcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5185250.40f0: 00007ff65fcfd000-00007ff65fd45fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5195250.40f0: 00007ff65fd46000-00007ffde729ffff 0x0001/0x0000 0x0000000
5205250.40f0: *00007ffde72a0000-00007ffde72a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5215250.40f0: 00007ffde72a1000-00007ffde73b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5225250.40f0: 00007ffde73b8000-00007ffde73fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5235250.40f0: 00007ffde73ff000-00007ffde740afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5245250.40f0: 00007ffde740b000-00007ffde7419fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5255250.40f0: 00007ffde741a000-00007ffde741afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5265250.40f0: 00007ffde741b000-00007ffde741dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5275250.40f0: 00007ffde741e000-00007ffde748ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5285250.40f0: 00007ffde7490000-00007ffffffeffff 0x0001/0x0000 0x0000000
5295250.40f0: VirtualBoxVM.exe: timestamp 0x5e1f1d0f (rc=VINF_SUCCESS)
5305250.40f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5315250.40f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
5325250.40f0: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
5334818.43d4: Log file opened: 6.1.2r135662 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
5344818.43d4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffde72a0000 g_uNtVerCombined=0xa047ba00 (stack ~00000000005cf748)
5354818.43d4: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
5365250.40f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
5374818.43d4: New simple heap: #1 0000000000900000 LB 0x400000 (for 2031616 allocation)
5385250.40f0: supR3HardNtEnableThreadCreationEx:
5394818.43d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
5404818.43d4: System32: \Device\HarddiskVolume4\Windows\System32
5414818.43d4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
5424818.43d4: KnownDllPath: C:\WINDOWS\System32
5434818.43d4: supR3HardenedVmProcessInit: Opening vboxdrv...
5444818.43d4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5454818.43d4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5464818.43d4: Registered Dll notification callback with NTDLL.
5474818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
5484818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
5494818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5504818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde43e0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5514818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
5524818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
5534818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde54e0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5544818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5554818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
5564818.43d4: supR3HardenedDllNotificationCallback: load 00007ff65fc30000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5574818.43d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5584818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5594818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5604818.43d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffde73117f0 pvNtTerminateThread=00007ffde733cb10
5615250.40f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 75 ms.
5624818.43d4: \SystemRoot\System32\ntdll.dll:
5634818.43d4: CreationTime: 2020-02-12T07:19:30.132238800Z
5644818.43d4: LastWriteTime: 2020-02-12T07:19:30.162494800Z
5654818.43d4: ChangeTime: 2020-02-12T07:26:33.159262200Z
5664818.43d4: FileAttributes: 0x20
5674818.43d4: Size: 0x1e8458
5684818.43d4: NT Headers: 0xd8
5694818.43d4: Timestamp: 0x64d10ee0
5704818.43d4: Machine: 0x8664 - amd64
5714818.43d4: Timestamp: 0x64d10ee0
5724818.43d4: Image Version: 10.0
5734818.43d4: SizeOfImage: 0x1f0000 (2031616)
5744818.43d4: Resource Dir: 0x17f000 LB 0x6f310
5754818.43d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5764818.43d4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5774818.43d4: ProductName: Microsoft® Windows® Operating System
5784818.43d4: ProductVersion: 10.0.18362.657
5794818.43d4: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
5804818.43d4: FileDescription: NT Layer DLL
5814818.43d4: \SystemRoot\System32\kernel32.dll:
5824818.43d4: CreationTime: 2019-09-10T22:39:29.514755700Z
5834818.43d4: LastWriteTime: 2019-09-10T22:39:29.527443800Z
5844818.43d4: ChangeTime: 2020-02-12T07:19:59.588854400Z
5854818.43d4: FileAttributes: 0x20
5864818.43d4: Size: 0xb0570
5874818.43d4: NT Headers: 0xe8
5884818.43d4: Timestamp: 0xd0cecc10
5894818.43d4: Machine: 0x8664 - amd64
5904818.43d4: Timestamp: 0xd0cecc10
5914818.43d4: Image Version: 10.0
5924818.43d4: SizeOfImage: 0xb2000 (729088)
5934818.43d4: Resource Dir: 0xb0000 LB 0x520
5944818.43d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5954818.43d4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5964818.43d4: ProductName: Microsoft® Windows® Operating System
5974818.43d4: ProductVersion: 10.0.18362.329
5984818.43d4: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
5994818.43d4: FileDescription: Windows NT BASE API Client DLL
6004818.43d4: \SystemRoot\System32\KernelBase.dll:
6014818.43d4: CreationTime: 2020-02-12T07:19:30.527518200Z
6024818.43d4: LastWriteTime: 2020-02-12T07:19:30.574366200Z
6034818.43d4: ChangeTime: 2020-02-12T07:26:32.300090000Z
6044818.43d4: FileAttributes: 0x20
6054818.43d4: Size: 0x2a3508
6064818.43d4: NT Headers: 0xf0
6074818.43d4: Timestamp: 0xf96f12ee
6084818.43d4: Machine: 0x8664 - amd64
6094818.43d4: Timestamp: 0xf96f12ee
6104818.43d4: Image Version: 10.0
6114818.43d4: SizeOfImage: 0x2a3000 (2764800)
6124818.43d4: Resource Dir: 0x27d000 LB 0x548
6134818.43d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6144818.43d4: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6154818.43d4: ProductName: Microsoft® Windows® Operating System
6164818.43d4: ProductVersion: 10.0.18362.628
6174818.43d4: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
6184818.43d4: FileDescription: Windows NT BASE API Client DLL
6194818.43d4: \SystemRoot\System32\apisetschema.dll:
6204818.43d4: CreationTime: 2019-03-19T04:43:54.837151500Z
6214818.43d4: LastWriteTime: 2019-03-19T04:43:54.837151500Z
6224818.43d4: ChangeTime: 2020-02-12T07:19:59.582022500Z
6234818.43d4: FileAttributes: 0x20
6244818.43d4: Size: 0x1d028
6254818.43d4: NT Headers: 0xc8
6264818.43d4: Timestamp: 0xd6ced080
6274818.43d4: Machine: 0x8664 - amd64
6284818.43d4: Timestamp: 0xd6ced080
6294818.43d4: Image Version: 10.0
6304818.43d4: SizeOfImage: 0x1e000 (122880)
6314818.43d4: Resource Dir: 0x1d000 LB 0x408
6324818.43d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6334818.43d4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6344818.43d4: ProductName: Microsoft® Windows® Operating System
6354818.43d4: ProductVersion: 10.0.18362.1
6364818.43d4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
6374818.43d4: FileDescription: ApiSet Schema DLL
6384818.43d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6394818.43d4: supR3HardenedWinFindAdversaries: 0x80
6404818.43d4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
6414818.43d4: CreationTime: 2018-09-06T04:58:57.414771000Z
6424818.43d4: LastWriteTime: 2018-09-27T21:40:37.008033600Z
6434818.43d4: ChangeTime: 2019-08-11T01:35:40.506356200Z
6444818.43d4: FileAttributes: 0x20
6454818.43d4: Size: 0x3f520
6464818.43d4: NT Headers: 0xf8
6474818.43d4: Timestamp: 0x5b568210
6484818.43d4: Machine: 0x8664 - amd64
6494818.43d4: Timestamp: 0x5b568210
6504818.43d4: Image Version: 10.0
6514818.43d4: SizeOfImage: 0x41000 (266240)
6524818.43d4: Resource Dir: 0x3f000 LB 0x3b8
6534818.43d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6544818.43d4: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
6554818.43d4: ProductName: Malwarebytes SwissArmy
6564818.43d4: ProductVersion: 4.3.0.161
6574818.43d4: FileVersion: 4.3.0.161
6584818.43d4: FileDescription: Malwarebytes SwissArmy
6594818.43d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6604818.43d4: Calling main()
6614818.43d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6624818.43d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6634818.43d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6644818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6654818.43d4: SUPR3HardenedMain: Final process, opening VBoxDrv...
6664818.43d4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
6674818.43d4: supR3HardNtEnableThreadCreationEx:
6684818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6694818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6704818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6714818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6724818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddf830000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6734818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6744818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6754818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6764818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6774818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6784818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6794818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6804818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6814818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6824818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6834818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
6844818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6854818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
6864818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
6874818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6884818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6894818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
6904818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
6914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6924818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6934818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
6944818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
6954818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
6964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6974818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6984818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
6994818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
7004818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7014818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7024818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
7034818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
7044818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7064818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7074818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7084818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6f90000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
7094818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7104818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4210000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
7114818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7124818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4230000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
7134818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
7144818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7154818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4f90000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
7164818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7174818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6df0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
7184818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7194818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4710000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
7204818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7214818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7224818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7234818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-synch-l1-2-0'
7244818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7254818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7264818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-fibers-l1-1-1'
7274818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7284818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7294818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-fibers-l1-1-1'
7304818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7314818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7324818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-synch-l1-2-0'
7334818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
7344818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7354818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-localization-l1-2-1'
7364818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4710000 'C:\WINDOWS\system32\Wintrust.dll'
7374818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
7384818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7394818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7404818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4330000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
7414818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7424818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4330000 'C:\WINDOWS\system32\bcrypt.dll'
7434818.43d4: bcrypt.dll loaded at 00007ffde4330000, BCryptOpenAlgorithmProvider at 00007ffde4334c70, preloading providers:
7444818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
7454818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7464818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7474818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4690000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
7484818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7494818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4690000 'C:\WINDOWS\system32\bcryptprimitives.dll'
7504818.43d4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000d5df30)
7514818.43d4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000d5f4a0)
7524818.43d4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000d5f7a0)
7534818.43d4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000d5faa0)
7544818.43d4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000d5fda0)
7554818.43d4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000d600a0)
7564818.43d4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000d603a0)
7574818.43d4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000d606a0)
7584818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5280000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
7594818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
7604818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7614818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
7624818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
7634818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
7644818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7654818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7664818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7674818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7684818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7694818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde3550000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
7704818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7714818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
7724818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7734818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
7744818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
7754818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde3bb0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7764818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7774818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7794818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7804818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7814818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7824818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'C:\WINDOWS\System32\kernel32.dll'
7834818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7844818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7854818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4710000 'C:\WINDOWS\System32\WINTRUST.DLL'
7864818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7874818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7884818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\CRYPT32.dll'
7894818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5350000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
7904818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
7914818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
7924818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
7934818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7944818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7954818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7964818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7974818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7984818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
7994818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde71c0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8004818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
8014818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
8024818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
8034818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8044818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
8054818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
8064818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
8074818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde2d90000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
8084818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8094818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde41d0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
8104818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
8114818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
8124818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8134818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
8144818.43d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
8154818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
8164818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8174818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8184818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8194818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8204818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8214818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8224818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8234818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8244818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8254818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8274818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8284818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8294818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8304818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8314818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8324818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8334818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd8720000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
8344818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8354818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8364818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8374818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8384818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8394818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8404818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8414818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8424818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8434818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8444818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8454818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8474818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8484818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8494818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8504818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8514818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8524818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8534818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8544818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8554818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8564818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8574818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8584818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8594818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8604818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8614818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8624818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8634818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\WINDOWS\System32\cryptnet.dll'
8644818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8654818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8720000 'C:\Windows\System32\cryptnet.dll'
8664818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5fd0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
8674818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8684818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8694818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8704818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
8714818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8724818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8734818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8744818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8754818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8764818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8784818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8794818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8804818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8814818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8824818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8834818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
8844818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8854818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8864818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
8874818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8884818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d70830
8894818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
8904818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95FD49F93AE6ADF9D4DE48632E3114C0D5FFE7A0
8914818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8924818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8934818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6df0000 'C:\WINDOWS\System32\rpcrt4.dll'
8944818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8954818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8964818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
8974818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8984818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8994818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9004818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\SystemRoot\System32\ntdll.dll'
9014818.43d4: g_pfnWinVerifyTrust=00007ffde47161f0
9024818.43d4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9034818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9044818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9054818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9064818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9074818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9084818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9094818.43d4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
9104818.43d4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9114818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9124818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9134818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9144818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9154818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9164818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9174818.43d4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
9184818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9194818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9204818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9224818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
9234818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
9244818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
9254818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
9264818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
9274818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9284818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9294818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9304818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
9314818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9324818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
9334818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9344818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9354818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9364818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
9374818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9384818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9394818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9404818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
9414818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9424818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9434818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9444818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
9454818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9474818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9484818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
9494818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9504818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9514818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9524818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
9534818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9544818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9554818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9564818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9574818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9584818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
9594818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9604818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9614818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9624818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9634818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
9644818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9654818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9664818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
9674818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9684818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9694818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
9704818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9714818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9724818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
9734818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9744818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9754818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
9764818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9774818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9784818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
9794818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9804818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9814818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
9824818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9834818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9844818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
9864818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9874818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
9894818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
9904818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
9914818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
9924818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\system32\crypt32.dll'
9934818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9944818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9954818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9964818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9974818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9984818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9994818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10004818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10014818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10024818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
10034818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10044818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10054818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
10064818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
10074818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
10084818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
10094818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
10104818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
10114818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
10124818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
10134818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10144818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
10154818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
10164818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
10174818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10184818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10194818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
10204818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
10214818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10224818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10234818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10244818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
10254818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10264818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10274818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
10284818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
10294818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
10304818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10314818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
10324818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
10334818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
10344818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10354818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10364818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
10374818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
10384818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10394818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10404818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
10414818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
10424818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
10434818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
10444818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
10454818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
10464818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10474818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10484818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
10494818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
10504818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10514818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
10524818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
10534818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10544818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
10554818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10564818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10574818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
10584818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10594818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
10604818.43d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10614818.43d4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=68
10624818.43d4: SUPR3HardenedMain: Load Runtime...
10634818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
10644818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10654818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10664818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10674818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10684818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10694818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10704818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10714818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10724818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
10734818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
10744818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10754818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
10764818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
10774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10794818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10804818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10814818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10824818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10834818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10844818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10854818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
10864818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10874818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10884818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
10894818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10904818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10924818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10934818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10944818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
10954818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
10964818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
10974818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10984818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10994818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11004818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11014818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11024818.43d4: supR3HardenedDllNotificationCallback: load 0000000052970000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
11034818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11044818.43d4: supR3HardenedDllNotificationCallback: load 0000000052360000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11054818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11064818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6090000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
11074818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11084818.43d4: supR3HardenedDllNotificationCallback: load 00007ffda54c0000 LB 0x005e9000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
11094818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11104818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11114818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11124818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11134818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11144818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11154818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11164818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11174818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11184818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11194818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11204818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11224818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11234818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11244818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11254818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11264818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11274818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11284818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11294818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11304818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11314818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11324818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11334818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11344818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11354818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11364818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11374818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11384818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11394818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11404818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11414818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11424818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11434818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11444818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11454818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11464818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11474818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11484818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11494818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11504818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11514818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11524818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11534818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11544818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11554818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11564818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11574818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11584818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11594818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11604818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11614818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11624818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11634818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11644818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11654818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11664818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11674818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11684818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11694818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11704818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11714818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11724818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11734818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11744818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11754818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11764818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11774818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11784818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11794818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11804818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11814818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11824818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11834818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11844818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11854818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11864818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11874818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11894818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11904818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11914818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11924818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11934818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11944818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11954818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11964818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11974818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11984818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11994818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12004818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12014818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12024818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12034818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12044818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12054818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12064818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12074818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12084818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12094818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12104818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12114818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12124818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12134818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12144818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12154818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12164818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12174818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12184818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12194818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12204818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12224818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12234818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12244818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12254818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12264818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12274818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12284818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12294818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12304818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12314818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12324818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12334818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12344818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12354818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12364818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12374818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12384818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12394818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12404818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12414818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12424818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12434818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12444818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12454818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12474818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12484818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12494818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12504818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12514818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12524818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12534818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12544818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12554818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12564818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12574818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12584818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12594818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12604818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12614818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12624818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12634818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12644818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12654818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12664818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12674818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12684818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12694818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12704818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12714818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12724818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12734818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12744818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12754818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12764818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12774818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12784818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12794818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12804818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12814818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12824818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12834818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12844818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12864818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda54c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12874818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
12884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
12894818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
12904818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12914818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4710000 'C:\WINDOWS\system32\Wintrust.dll'
12924818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
12934818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12944818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
12954818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
12964818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
12974818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
12984818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\system32\crypt32.dll'
12994818.43d4: SUPR3HardenedMain: Load TrustedMain...
13004818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
13014818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13024818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
13034818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
13044818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
13054818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
13064818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
13074818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
13084818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
13094818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13104818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13114818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
13124818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
13134818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
13144818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
13154818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
13164818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13174818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13184818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
13194818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
13204818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
13214818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13224818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
13234818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
13244818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13254818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13274818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13284818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
13294818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13304818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13314818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
13324818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13334818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
13344818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
13354818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13364818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13374818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
13384818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
13394818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13404818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13414818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
13424818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13434818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13444818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13454818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
13464818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
13474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13484818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13494818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13504818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13514818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13524818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13534818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
13544818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13554818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
13564818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
13574818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
13584818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13594818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13604818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
13614818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
13624818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
13634818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13644818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13654818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
13664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13674818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13684818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
13694818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
13704818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
13714818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
13724818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
13734818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
13744818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
13754818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
13764818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13794818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13804818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
13814818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13824818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13834818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
13844818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13854818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13864818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
13874818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
13884818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13894818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13904818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
13914818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
13924818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
13934818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
13944818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13954818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13974818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13984818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
13994818.43d4: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
14004818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
14014818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
14024818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14034818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14044818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14064818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14074818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
14084818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
14094818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
14104818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
14114818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
14124818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
14134818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14144818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14154818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14164818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14174818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14184818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14194818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14204818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
14214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
14224818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14234818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14244818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14254818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14264818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14274818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14284818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14294818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14304818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14314818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14324818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14354818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
14364818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14374818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14384818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14394818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14404818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14414818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14424818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14434818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14444818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14454818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14464818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14484818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14494818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14504818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14514818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14524818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14534818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14544818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14554818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14564818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14574818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14584818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14594818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14604818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14614818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14624818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14634818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14644818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14654818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14664818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14674818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14684818.43d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14694818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14704818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14714818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14724818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14734818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14744818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14754818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14764818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14784818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
14794818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
14804818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
14814818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
14824818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
14834818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14844818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14854818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14864818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14874818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14884818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14894818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14904818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14914818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14924818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14934818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14944818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14954818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14974818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14984818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14994818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15004818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15014818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15024818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15034818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15044818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15064818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15074818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15084818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15094818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15104818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15114818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15124818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
15134818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15144818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
15154818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15164818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15174818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
15184818.43d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
15194818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
15204818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15214818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15224818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
15234818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15244818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15254818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15274818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15284818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15294818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15304818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15314818.43d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
15324818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
15334818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
15344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15354818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15364818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
15374818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15384818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15394818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15404818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15414818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15424818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
15434818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15444818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15454818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15464818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15484818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15494818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15504818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15514818.43d4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
15524818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15534818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15544818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
15554818.43d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
15564818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
15574818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15584818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15594818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15604818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15614818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15624818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15634818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15644818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15654818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15674818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15684818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
15694818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15704818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15714818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15724818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15734818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15744818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15754818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15764818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15774818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15794818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15804818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15814818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15824818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15834818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
15844818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
15854818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15864818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15874818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15884818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15894818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15904818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15914818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15924818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15934818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15944818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15954818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15974818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15984818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15994818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16004818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16014818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
16024818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16034818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16044818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
16054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16064818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16074818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16084818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16094818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16104818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
16114818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16124818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16134818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
16144818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16154818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16164818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16174818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
16184818.43d4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
16194818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16204818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16214818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
16224818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
16234818.43d4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
16244818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16254818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16264818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
16274818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16284818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16294818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
16304818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16314818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16324818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
16334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
16344818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
16354818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
16364818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
16374818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16384818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16394818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
16404818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16414818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16424818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16434818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16444818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
16454818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
16464818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
16474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16484818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16494818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16504818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
16514818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
16524818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
16534818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
16544818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16554818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16564818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16574818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16584818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16594818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16604818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16614818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16624818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16634818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16644818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16654818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16674818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
16684818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16694818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16704818.43d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16714818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16724818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16734818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16744818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16754818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16764818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16794818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16804818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16814818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
16824818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
16834818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
16844818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16854818.43d4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
16864818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16874818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16884818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
16894818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
16904818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16914818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16924818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16934818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16944818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16954818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16964818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16974818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16984818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16994818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
17004818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DXCore.dll)
17014818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DXCore.dll
17024818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde43b0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
17034818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
17044818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4ef0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
17054818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
17064818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde50e0000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
17074818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
17084818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
17094818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
17104818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
17114818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
17124818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
17134818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5fa0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
17144818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
17154818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6b30000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
17164818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
17174818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde67f0000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
17184818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
17194818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4360000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
17204818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
17214818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
17224818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde2de0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
17234818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
17244818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddf800000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
17254818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17264818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdaeb80000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
17274818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
17284818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde7110000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
17294818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17304818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
17314818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
17324818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
17334818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
17344818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4170000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
17354818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
17364818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
17374818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4180000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
17384818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
17394818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
17404818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
17414818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
17424818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6cd0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
17434818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17444818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
17454818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
17464818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
17474818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
17484818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde41f0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
17494818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
17504818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
17514818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
17524818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
17534818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4770000 LB 0x0077f000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
17544818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
17554818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
17564818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
17574818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
17584818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
17594818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
17604818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde6100000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
17614818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
17624818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5e40000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
17634818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17644818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdc6430000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
17654818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17664818.43d4: supR3HardenedDllNotificationCallback: load 0000000052400000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17674818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17684818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdad280000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17694818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17704818.43d4: supR3HardenedDllNotificationCallback: load 0000000051df0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17714818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
17724818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde7030000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
17734818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17744818.43d4: supR3HardenedDllNotificationCallback: load 00007ffd81a50000 LB 0x02609000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
17754818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
17764818.43d4: supR3HardenedDllNotificationCallback: load 0000000051d90000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
17774818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17784818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd7230000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17794818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17804818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd7260000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
17814818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
17824818.43d4: supR3HardenedDllNotificationCallback: load 00007ffda21e0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
17834818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
17844818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
17854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
17864818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
17874818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
17884818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
17894818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
17904818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
17914818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
17924818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
17934818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
17944818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
17954818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
17964818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
17974818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
17984818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
17994818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
18004818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
18014818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
18024818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
18034818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
18044818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
18054818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
18064818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
18074818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
18084818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18094818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18104818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18114818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
18124818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18134818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
18144818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18154818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
18164818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18174818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
18184818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
18194818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
18204818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
18214818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
18224818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
18234818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18244818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18254818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
18264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18274818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18284818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18294818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18304818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18314818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18324818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
18334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18354818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
18364818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
18374818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
18384818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18394818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18404818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18414818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18424818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18434818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18444818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18454818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18464818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
18474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18484818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18494818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18504818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18514818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
18524818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18534818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18544818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
18554818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
18564818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
18574818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
18584818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\umpdc.dll
18594818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18604818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18614818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18624818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18634818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
18644818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
18654818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
18664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18674818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18684818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
18694818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18704818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18714818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18724818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18734818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18744818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18754818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
18764818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18784818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18794818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18804818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
18814818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18824818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18834818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18844818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18854818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
18864818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18874818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18884818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18894818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18904818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
18914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18924818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18934818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18944818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18954818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
18964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18974818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18984818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18994818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
19004818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
19014818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19024818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'C:\WINDOWS\System32\kernel32.dll'
19034818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
19044818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
19054818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19064818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19074818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19084818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19094818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19104818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19114818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
19124818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
19134818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19144818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19154818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19164818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19174818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19184818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19194818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
19204818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
19214818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19224818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
19234818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19244818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
19254818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
19264818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
19274818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19284818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19294818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
19304818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
19314818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
19324818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
19334818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
19344818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
19354818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
19364818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
19374818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
19384818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
19394818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
19404818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
19414818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
19424818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
19434818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19444818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19454818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19464818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19474818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19484818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19494818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
19504818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
19514818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19524818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19534818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19544818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19554818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19564818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19574818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
19584818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
19594818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19604818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
19614818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19624818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
19634818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
19644818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
19654818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19664818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19674818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
19684818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
19694818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
19704818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
19714818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
19724818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
19734818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
19744818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
19754818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
19764818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
19774818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
19784818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
19794818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
19804818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19814818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-string-l1-1-0'
19824818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
19834818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
19844818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19864818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19874818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19884818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19894818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19904818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
19914818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
19924818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19934818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19944818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19954818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19964818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19974818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19984818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
19994818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
20004818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20014818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20024818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20034818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20044818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20054818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20064818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20074818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20084818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20094818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20104818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20114818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20124818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20134818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20144818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20154818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20164818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20174818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20184818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20194818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20204818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20214818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20224818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20234818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20244818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20254818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20264818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20274818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20284818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
20294818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
20304818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20314818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20324818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20334818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20344818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20354818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20364818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
20374818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
20384818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20394818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20404818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20414818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20424818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20434818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20444818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20454818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20464818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20474818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20484818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20494818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20504818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20514818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20524818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20534818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20544818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20554818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20564818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20574818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20584818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
20594818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20604818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-datetime-l1-1-1'
20614818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20624818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20634818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20644818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20654818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20664818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20674818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20684818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20694818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
20704818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
20714818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20724818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20734818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20744818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20754818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20764818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20774818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
20784818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
20794818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20804818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20814818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20824818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20834818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20844818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20854818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20864818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20874818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20894818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20904818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20914818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20924818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20934818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20944818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20954818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20964818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20974818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20984818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20994818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21004818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21014818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21024818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21034818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21044818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21054818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21064818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21074818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
21084818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
21094818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21104818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21114818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21124818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21134818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21144818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21154818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
21164818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
21174818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21184818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21194818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21204818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21214818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21224818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21234818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21244818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21254818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21264818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21274818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21284818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21294818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21304818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
21314818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21324818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
21334818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21344818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21354818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21364818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21374818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
21384818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21394818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-localization-obsolete-l1-2-0'
21404818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21414818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21424818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21434818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21444818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21454818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21464818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21474818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21484818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
21494818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
21504818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21514818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21524818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21534818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21544818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21554818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21564818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
21574818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
21584818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21594818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21604818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21614818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21624818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21634818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21644818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21654818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21664818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21674818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21684818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21694818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21704818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21714818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
21724818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21734818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
21744818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21754818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21764818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21774818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21784818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21794818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21804818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21814818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21824818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21834818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21844818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21864818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
21874818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
21884818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21894818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21904818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21914818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21924818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21934818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21944818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
21954818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
21964818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21974818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21984818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21994818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22004818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22014818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22024818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22034818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22044818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22054818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22064818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22074818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22084818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22094818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22104818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22114818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22124818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22134818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22144818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22154818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22164818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
22174818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
22184818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
22194818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
22204818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
22214818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22224818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22234818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
22244818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22254818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
22264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22274818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22284818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
22294818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22304818.43d4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
22314818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22324818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde5370000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
22334818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
22344818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5370000 'C:\WINDOWS\system32\IMM32.DLL'
22354818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
22364818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
22374818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22384818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22394818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22404818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22414818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22424818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22434818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22444818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22454818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
22464818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
22474818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22484818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22494818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22504818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22514818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22524818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22534818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
22544818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
22554818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22564818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22574818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22584818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22594818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22604818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22614818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22624818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22634818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22644818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22654818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22664818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22674818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22684818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22694818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22704818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22714818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22724818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22734818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22744818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22754818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
22764818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
22774818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22784818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22794818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22804818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22814818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22824818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22834818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22844818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22854818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
22864818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
22874818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22894818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22904818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22914818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22924818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22934818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
22944818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
22954818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22964818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22974818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22984818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22994818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
23004818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
23014818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23024818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23034818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23044818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
23054818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23064818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
23074818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
23084818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
23094818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
23104818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
23114818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
23124818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
23134818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
23144818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
23154818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23164818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23174818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5fd0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
23184818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
23194818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
23204818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
23214818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
23224818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
23234818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
23244818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
23254818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
23264818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
23274818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
23284818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
23294818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
23304818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
23314818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
23324818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
23334818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
23344818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
23354818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
23364818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
23374818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
23384818.43d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
23394818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
23404818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
23414818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
23424818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
23434818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
23444818.43d4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23454818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23464818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23474818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
23484818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23494818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
23504818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
23514818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
23524818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
23534818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
23544818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
23554818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
23564818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
23574818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
23584818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda21e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
23594818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23604818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23614818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
23624818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23634818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23644818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
23654818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23664818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23674818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
23684818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23694818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23704818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
23714818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23724818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23734818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
23744818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23754818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23764818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
23774818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23784818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23794818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
23804818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23814818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23824818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
23834818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23844818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23854818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
23864818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23874818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23884818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'
23894818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
23904818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
23914818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
23924818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
23934818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23944818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
23954818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
23964818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23974818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
23984818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
23994818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24004818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
24014818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24024818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24034818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
24044818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24054818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
24064818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24074818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24084818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
24094818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24104818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24114818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
24124818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24134818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24144818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
24154818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24164818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24174818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
24184818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24194818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24204818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
24214818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
24224818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24234818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24244818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24254818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
24264818.43d4: SUPR3HardenedMain: Calling TrustedMain (00007ffda21e16c0)...
24274818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24284818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
24294818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
24304818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
24314818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
24324818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
24334818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24344818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
24354818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
24364818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
24374818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
24384818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
24394818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
24404818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24414818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24424818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24434818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24444818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24454818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24464818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24484818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24494818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24504818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24514818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24524818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24534818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24544818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
24554818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24564818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24574818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24584818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24594818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24604818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24614818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24624818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24634818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
24644818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24654818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24674818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24684818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24694818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24704818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24714818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24724818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24734818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdaea50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
24744818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24754818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaea50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
24764818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000638 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24774818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
24784818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
24794818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
24804818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
24814818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
24824818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
24834818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24844818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24854818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
24864818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
24874818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
24884818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24894818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24904818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24924818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24934818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24944818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24954818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24964818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24974818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde24f0000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
24984818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24994818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde24f0000 'C:\WINDOWS\system32\uxtheme.dll'
25004818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6b30000 'C:\WINDOWS\system32\user32.dll'
25014818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25024818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25034818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6100000 'C:\WINDOWS\system32\shell32.dll'
25044818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
25054818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25064818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde7110000 'C:\WINDOWS\system32\SHCore.dll'
25074818.43d4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
25084818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
25094818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25104818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25114818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\system32\winmm.dll'
25124818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25134818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25144818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\system32\winmm.dll'
25154818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25164818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25174818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6100000 'C:\WINDOWS\system32\shell32.dll'
25184818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25194818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25204818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde24f0000 'C:\WINDOWS\system32\uxtheme.dll'
25214818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
25224818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25234818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5fd0000 'C:\WINDOWS\system32\advapi32.dll'
25244818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
25254818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
25264818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
25274818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
25284818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
25294818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
25304818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
25314818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
25324818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
25334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25354818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25364818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25374818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde4060000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
25384818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25394818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4060000 'C:\WINDOWS\system32\userenv.dll'
25404818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
25414818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25424818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'C:\WINDOWS\System32\kernel32.dll'
25434818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde56e0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
25444818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25454818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
25464818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
25474818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
25484818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25494818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25504818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25514818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25524818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
25534818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
25544818.c0cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
25554818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
25564818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25574818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25584818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25594818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25604818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25614818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25624818.c0cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
25634818.c0cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25644818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25654818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25664818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25674818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25684818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25694818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
25704818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25714818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25724818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
25734818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25744818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25754818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25764818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25774818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
25784818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25794818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25804818.c0cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25814818.c0cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25824818.c0cc: supR3HardenedDllNotificationCallback: load 00007ffdaced0000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25834818.c0cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25844818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaced0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25854818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
25864818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25874818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25884818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25894818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
25904818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25914818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25924818.c0cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
25934818.c0cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
25944818.c0cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25954818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25964818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25974818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25984818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25994818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26004818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26014818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26024818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26034818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26044818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26054818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
26064818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26074818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26084818.c0cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
26094818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26104818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26114818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26124818.c0cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26134818.c0cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26144818.c0cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26154818.c0cc: supR3HardenedDllNotificationCallback: load 00007ffda6060000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
26164818.c0cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26174818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda6060000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
26184818.c0cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26194818.c0cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26204818.c0cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde7030000 'C:\Windows\System32\oleaut32.dll'
26214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5fa0000 'C:\WINDOWS\system32\gdi32.dll'
26224818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde53a0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
26234818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26244818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
26254818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
26264818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
26274818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
26284818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
26294818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
26304818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
26314818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26324818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26354818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
26364818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26374818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26384818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26394818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26404818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
26414818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26424818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26434818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26444818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26454818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
26474818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
26484818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
26494818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009b4 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26504818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
26514818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
26524818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
26534818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
26544818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
26554818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
26564818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26574818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26584818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
26594818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
26604818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
26614818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
26624818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
26634818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26644818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
26654818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
26664818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
26674818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
26684818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
26694818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
26704818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
26714818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
26724818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
26734818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
26744818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26754818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26764818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
26774818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26784818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26794818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
26804818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
26814818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
26824818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26834818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
26844818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
26854818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
26864818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
26874818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26884818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26894818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
26904818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26924818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
26934818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26944818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26954818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26964818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26974818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
26984818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
26994818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
27004818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
27014818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
27024818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27034818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
27044818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
27054818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27064818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27074818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27084818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
27094818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27104818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27114818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27124818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27134818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27144818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
27154818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
27164818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
27174818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27184818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde2e70000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
27194818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27204818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde14f0000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
27214818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
27224818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde1bc0000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
27234818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
27244818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdc13f0000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
27254818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
27264818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5fa0000 'C:\WINDOWS\System32\gdi32.dll'
27274818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc13f0000 'C:\WINDOWS\system32\dataexchange.dll'
27284818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
27294818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
27304818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
27314818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
27324818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
27334818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
27344818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27354818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
27364818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
27374818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
27384818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde2940000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
27394818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
27404818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde25b0000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
27414818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
27424818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27434818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27444818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27454818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27464818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27474818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27484818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
27494818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27504818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27514818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
27524818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27534818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27544818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
27554818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
27564818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
27574818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
27584818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
27594818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
27604818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
27614818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
27624818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27634818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
27644818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
27654818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
27664818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27674818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde7110000 'C:\WINDOWS\system32\Shcore.dll'
27684818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27694818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
27704818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
27714818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
27724818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
27734818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
27744818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27754818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
27764818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
27774818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
27784818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
27794818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27804818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
27814818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
27824818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
27834818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
27844818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
27854818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
27864818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
27874818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
27884818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
27894818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde31d0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
27904818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
27914818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde2140000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
27924818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
27934818.43d4: supR3HardenedDllNotificationCallback: load 00007ffde0800000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
27944818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
27954818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd0d30000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
27964818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
27974818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd07a0000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
27984818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
27994818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
28004818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
28014818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
28024818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28034818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28044818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
28054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
28064818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
28074818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28084818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28094818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
28104818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
28114818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
28124818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
28134818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
28144818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
28154818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28164818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28174818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
28184818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
28194818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
28204818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
28214818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
28224818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
28234818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28244818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28254818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28264818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28274818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28284818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28294818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
28304818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28314818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28324818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
28334818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28344818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28354818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
28364818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28374818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28384818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
28394818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28404818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28414818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
28424818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
28434818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28444818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6b30000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
28454818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
28464818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28474818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6b30000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
28484818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
28494818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28504818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde67f0000 'api-ms-win-core-com-l1-1-0.dll'
28514818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28524818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\iertutil.dll)
28534818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\iertutil.dll
28544818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdd7cd0000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
28554818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
28564818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28574818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28584818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28594818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28604818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\iertutil.dll'
28614818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
28624818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28634818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5e40000 'C:\WINDOWS\system32\ole32.dll'
28644818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
28654818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28664818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde53a0000 'C:\WINDOWS\System32\MSCTF.dll'
28674818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5e40000 'C:\WINDOWS\System32\ole32.dll'
28684818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28694818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28704818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde7030000 'C:\WINDOWS\System32\OLEAUT32.dll'
28714818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28724818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
28734818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
28744818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
28754818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28764818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28774818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
28784818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28794818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28804818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
28814818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
28824818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
28834818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28844818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
28854818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
28864818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28874818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
28884818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
28894818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
28904818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
28914818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
28924818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
28934818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28944818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28954818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
28964818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
28974818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
28984818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28994818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29004818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29014818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
29024818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29034818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29044818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29064818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
29074818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
29084818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
29094818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
29104818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29114818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29124818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29134818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29144818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29154818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddb1c0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
29164818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29174818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddb250000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
29184818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29194818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
29204818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29214818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
29224818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddb250000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
29234818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29244818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
29254818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
29264818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
29274818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
29284818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
29294818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
29304818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29314818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29324818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
29334818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
29344818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29354818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29364818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29374818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29384818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29394818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29404818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29414818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddaae0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
29424818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29434818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddaae0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
29444818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
29454818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-localization-l1-2-0.dll'
29474818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
29484818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29494818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
29504818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b8c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29514818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
29524818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
29534818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
29544818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
29554818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
29564818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
29574818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29584818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29594818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
29604818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
29614818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29624818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29634818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29644818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29654818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29664818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29674818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29684818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29694818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdda6b0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
29704818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29714818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdda6b0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
29724818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b08 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
29734818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
29744818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
29754818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
29764818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
29774818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
29784818.43d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
29794818.43d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29804818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29814818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
29824818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
29834818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
29844818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
29854818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
29864818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
29874818.43d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
29884818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29894818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29904818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29914818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29924818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29934818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
29944818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdda2d0000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
29954818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
29964818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdda2d0000 'C:\WINDOWS\System32\amsi.dll'
29974818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
29984818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
29994818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
30004818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
30014818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
30024818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MpOAV.dll) WinVerifyTrust
30034818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MpOAV.dll
30044818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30054818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30064818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30074818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30084818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30094818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30104818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30114818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MpOAV.dll
30124818.43d4: supR3HardenedDllNotificationCallback: load 00007ffdda270000 LB 0x00046000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpOav.dll [fFlags=0x0]
30134818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MpOAV.dll
30144818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
30154818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30164818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-synch-l1-2-0'
30174818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
30184818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30194818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-fibers-l1-1-1'
30204818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
30214818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30224818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-synch-l1-2-0'
30234818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
30244818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30254818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-fibers-l1-1-1'
30264818.43d4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
30274818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30284818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde43e0000 'api-ms-win-core-localization-l1-2-1'
30294818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
30304818.43d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30314818.43d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
30324818.43d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
30334818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30344818.43d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30354818.43d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30364818.43d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
30374818.43d4: supR3HardenedDllNotificationCallback: load 00007ffddec30000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
30384818.43d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
30394818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddec30000 'C:\WINDOWS\system32\version.dll'
30404818.43d4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
30414818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
30424818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdda270000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpOav.dll'
30434818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
30444818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
30454818.43d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
30464818.43d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5fd0000 'C:\WINDOWS\System32\ADVAPI32.dll'
30474818.6b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
30484818.6b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30494818.6b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30504818.6b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
30514818.6b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30524818.6b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30534818.6b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30544818.6b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30554818.6b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30564818.6b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30574818.6b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30584818.6b28: supR3HardenedDllNotificationCallback: load 00007ffd9f810000 LB 0x0037a000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
30594818.6b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30604818.6b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9f810000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30614818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
30624818.81b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
30634818.81b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30644818.81b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30654818.81b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
30664818.81b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
30674818.81b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30684818.81b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
30694818.81b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30704818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30714818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30724818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30734818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30744818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30754818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30764818.81b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30774818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30784818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30794818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30804818.81b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30814818.81b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30824818.81b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30834818.81b8: supR3HardenedDllNotificationCallback: load 00007ffddf790000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
30844818.81b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30854818.81b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf790000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
30864818.4c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
30874818.4c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30884818.4c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30894818.4c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30904818.4c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
30914818.4c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30924818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30934818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30944818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30954818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30964818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30974818.4c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30984818.4c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30994818.4c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
31004818.4c5c: supR3HardenedDllNotificationCallback: load 00007ffdddc30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
31014818.4c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
31024818.4c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdddc30000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
31034818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
31044818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31054818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6100000 'C:\WINDOWS\system32\Shell32.dll'
31064818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31074818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31084818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31094818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31104818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31114818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
31124818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
31134818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31144818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31154818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
31164818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
31174818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
31184818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
31194818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31204818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31214818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31224818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31234818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
31244818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
31254818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31264818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31274818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31284818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31294818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31304818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31314818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31324818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31334818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31344818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
31354818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31364818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
31374818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
31384818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
31394818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
31404818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
31414818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31424818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31434818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31444818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31454818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
31464818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
31474818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
31484818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
31494818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
31504818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
31514818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31524818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31534818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31544818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31554818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31564818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31574818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31584818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
31594818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31604818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
31614818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
31624818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31634818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31644818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31654818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31664818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
31674818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
31684818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31694818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31704818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31714818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
31724818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31734818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
31744818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31754818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31764818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31774818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31784818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31794818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31804818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31814818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31824818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31834818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31844818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31854818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31864818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
31874818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31884818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31894818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31904818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31914818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31924818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31934818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31944818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31954818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31964818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31974818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31984818.5a68: supR3HardenedDllNotificationCallback: load 00007ffde5790000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
31994818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
32004818.5a68: supR3HardenedDllNotificationCallback: load 00007ffdd01d0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
32014818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32024818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd8e6d0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
32034818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32044818.5a68: supR3HardenedDllNotificationCallback: load 00007ffde36f0000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
32054818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
32064818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd87160000 LB 0x009e1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
32074818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
32084818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87160000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
32094818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32104818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
32114818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32124818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaced0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
32134818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32144818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32154818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32164818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8e6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
32174818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32184818.7ca8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32194818.7ca8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32204818.7ca8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32214818.7ca8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32224818.7ca8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
32234818.7ca8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32244818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32254818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32264818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32274818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32284818.7ca8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32294818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32304818.7ca8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32314818.7ca8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32324818.7ca8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32334818.7ca8: supR3HardenedDllNotificationCallback: load 00007ffdd87a0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
32344818.7ca8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32354818.7ca8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd87a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
32364818.854c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32374818.854c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32384818.854c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32394818.854c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
32404818.854c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32414818.854c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
32424818.854c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32434818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32444818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32454818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32464818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32474818.854c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32484818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32494818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32504818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32514818.854c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32524818.854c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32534818.854c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32544818.854c: supR3HardenedDllNotificationCallback: load 00007ffdddc10000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
32554818.854c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32564818.854c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdddc10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32574818.b620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32584818.b620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32594818.b620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32604818.b620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32614818.b620: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
32624818.b620: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32634818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32644818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32654818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32664818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32674818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32684818.b620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32694818.b620: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32704818.b620: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32714818.b620: supR3HardenedDllNotificationCallback: load 00007ffddce80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32724818.b620: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32734818.b620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddce80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32744818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32754818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
32764818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
32774818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
32784818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
32794818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
32804818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
32814818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
32824818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
32834818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
32844818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
32854818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
32864818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
32874818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
32884818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32894818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32904818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
32914818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
32924818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
32934818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
32944818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
32954818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
32964818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32974818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
32984818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
32994818.5a68: supR3HardenedDllNotificationCallback: load 00007ffde3f70000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
33004818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
33014818.5a68: supR3HardenedDllNotificationCallback: load 00007ffddeae0000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
33024818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33034818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddeae0000 'C:\WINDOWS\System32\MMDevApi.dll'
33044818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001074 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
33054818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
33064818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
33074818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
33084818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33094818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33104818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
33114818.5a68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33124818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33134818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
33144818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
33154818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
33164818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33174818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33184818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
33194818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33204818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33214818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33224818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33234818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd9d2c0000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
33244818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33254818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33264818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33274818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\System32\dsound.dll'
33284818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\System32\dsound.dll'
33294818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33304818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33314818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
33324818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33334818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33344818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddeae0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
33354818.3a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33364818.3a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33374818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
33384818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
33394818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
33404818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
33414818.3a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
33424818.3a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
33434818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33444818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33454818.3a14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33464818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33474818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33484818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33494818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33504818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
33514818.3a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
33524818.3a14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
33534818.3a14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33544818.3a14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
33554818.3a14: supR3HardenedDllNotificationCallback: load 00007ffddeda0000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
33564818.3a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
33574818.3a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddeda0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
33584818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33594818.3a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
33604818.3a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
33614818.3a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
33624818.3a14: supR3HardenedDllNotificationCallback: load 00007ffde2810000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
33634818.3a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
33644818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33654818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33664818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33674818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33684818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33694818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33704818.5a68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
33714818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
33724818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33734818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
33744818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000108c pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
33754818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
33764818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
33774818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
33784818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33794818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33804818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
33814818.5a68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33824818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33834818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
33844818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
33854818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
33864818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
33874818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
33884818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
33894818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
33904818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33914818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33924818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
33934818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
33944818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
33954818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
33964818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
33974818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
33984818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33994818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
34004818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34014818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34024818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34034818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34044818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34054818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34064818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
34074818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34084818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34094818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34104818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34114818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34124818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
34134818.5a68: supR3HardenedDllNotificationCallback: load 00007ffde04f0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
34144818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34154818.5a68: supR3HardenedDllNotificationCallback: load 00007ffdde9c0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
34164818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
34174818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd9aa10000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
34184818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34194818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34204818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34214818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34224818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34234818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34244818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34254818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34264818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34274818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34284818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34294818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34304818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34314818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34324818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34334818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34344818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34354818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34364818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34374818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34384818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
34394818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001110 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
34404818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
34414818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
34424818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
34434818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
34444818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
34454818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
34464818.5a68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34474818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34484818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
34494818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
34504818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
34514818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
34524818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34534818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
34544818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
34554818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
34564818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
34574818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
34584818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
34594818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
34604818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34614818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
34624818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
34634818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34644818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34654818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34664818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34674818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34684818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34694818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34704818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34714818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34724818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
34734818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd9a9e0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
34744818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
34754818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd9aa00000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
34764818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34774818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34784818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34794818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34804818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34814818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34824818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34834818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34844818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34854818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34864818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34874818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34884818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34894818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34904818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34914818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34924818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34934818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
34944818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34954818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34964818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34974818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34984818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa00000 'C:\WINDOWS\System32\msacm32.drv'
34994818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
35004818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
35014818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
35024818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
35034818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
35044818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
35054818.5a68: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
35064818.5a68: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35074818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35084818.5a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
35094818.5a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
35104818.5a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
35114818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
35124818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35134818.5a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35144818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35154818.5a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35164818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35174818.5a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35184818.5a68: supR3HardenedDllNotificationCallback: load 00007ffd9a9d0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
35194818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35204818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a9d0000 'C:\WINDOWS\System32\midimap.dll'
35214818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35224818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35234818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a9d0000 'C:\WINDOWS\System32\midimap.dll'
35244818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35254818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35264818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a9d0000 'C:\WINDOWS\System32\midimap.dll'
35274818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35284818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35294818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a9d0000 'C:\WINDOWS\System32\midimap.dll'
35304818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35314818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35324818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35334818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35344818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35354818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35364818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35374818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35384818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35394818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35404818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35414818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35424818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35434818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35444818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35454818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35464818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35474818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35484818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35494818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35504818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35514818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35524818.cf00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35534818.cf00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35544818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35554818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35564818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35574818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35584818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35594818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35604818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35614818.cf00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35624818.cf00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35634818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35644818.cf00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35654818.cf00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35664818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35674818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35684818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35694818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35704818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35714818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35724818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35734818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35744818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35754818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35764818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35774818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35784818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35794818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35804818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35814818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35824818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35834818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35844818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35854818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35864818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35874818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35884818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35894818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35904818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35914818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35924818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35934818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35944818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
35954818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35964818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35974818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35984818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
35994818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36004818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36014818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36024818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36034818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36044818.6f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
36054818.6f04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36064818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36074818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36084818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36094818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36104818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36114818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36124818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36134818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36144818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36154818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36164818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36174818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36184818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36194818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36204818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36214818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36224818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36234818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36244818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36254818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36264818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36274818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36284818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36294818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36304818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36314818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36324818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36334818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36344818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36354818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36364818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36374818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36384818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36394818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36404818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36414818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36424818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36434818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36444818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36454818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36464818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36474818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36484818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36494818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36504818.6f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
36514818.6f04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36524818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36534818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36544818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36554818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36564818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36574818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36584818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36594818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36604818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36614818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36624818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36634818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36644818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36654818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36664818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36674818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36684818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36694818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36704818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36714818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36724818.81b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6b30000 'C:\WINDOWS\system32\User32.dll'
36734818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36744818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36754818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36764818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36774818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36784818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36794818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36804818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
36814818.cf00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
36824818.cf00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36834818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36844818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36854818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36864818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36874818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36884818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36894818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36904818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36914818.cf00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
36924818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
36934818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
36944818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36954818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
36964818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
36974818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
36984818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'textinputframework.dll'.
36994818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'inputhost.dll'.
37004818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
37014818.6f04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
37024818.6f04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
37034818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
37044818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
37054818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
37064818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume4\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
37074818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
37084818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
37094818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
37104818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'coremessaging.dll'.
37114818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'coreuicomponents.dll'.
37124818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'propsys.dll'.
37134818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'shcore.dll'.
37144818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'win32u.dll'.
37154818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
37164818.6f04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\InputHost.dll) WinVerifyTrust
37174818.6f04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\InputHost.dll
37184818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
37194818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
37204818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
37214818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
37224818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
37234818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
37244818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
37254818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
37264818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
37274818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37284818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37294818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37304818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37314818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
37324818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
37334818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
37344818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
37354818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
37364818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
37374818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
37384818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
37394818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
37404818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
37414818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
37424818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
37434818.6f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
37444818.6f04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
37454818.6f04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
37464818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
37474818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
37484818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
37494818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
37504818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
37514818.6f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
37524818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
37534818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
37544818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37554818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37564818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
37574818.6f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
37584818.6f04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37594818.6f04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
37604818.6f04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
37614818.6f04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
37624818.6f04: supR3HardenedDllNotificationCallback: load 00007ffde0530000 LB 0x000ef000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
37634818.6f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
37644818.6f04: supR3HardenedDllNotificationCallback: load 00007ffdd0680000 LB 0x0011a000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
37654818.6f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
37664818.6f04: supR3HardenedDllNotificationCallback: load 00007ffdd0840000 LB 0x00151000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
37674818.6f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
37684818.6f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0840000 'C:\Windows\System32\Windows.UI.dll'
37694818.4974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
37704818.4974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
37714818.4974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdde9c0000 'C:\WINDOWS\System32\avrt.dll'
37724818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
37734818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37744818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37754818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37764818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37774818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37784818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37794818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37804818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37814818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37824818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
37834818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37844818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37854818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37864818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37874818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37884818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
37894818.6438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37904818.6438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37914818.6438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37924818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37934818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37944818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37954818.5a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
37964818.5a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37974818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37984818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
37994818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
38004818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
38014818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38024818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38034818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38044818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38054818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38064818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38074818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
38084818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38094818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38104818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38114818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38124818.5a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38134818.9654: supR3HardenedDllNotificationCallback: Unload 00007ffdd0840000 LB 0x00151000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
38144818.9654: supR3HardenedDllNotificationCallback: Unload 00007ffdd0680000 LB 0x0011a000 C:\Windows\System32\InputHost.dll [flags=0x0]
38154818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
38164818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38174818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
38184818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
38194818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9aa10000 'C:\WINDOWS\System32\wdmaud.drv'
38204818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38214818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38224818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38234818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38244818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38254818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38264818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38274818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38284818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38294818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38304818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38314818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
38324818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38334818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38344818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38354818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38364818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38374818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38384818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38394818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38404818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38414818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9d2c0000 'C:\WINDOWS\system32\dsound.dll'
38424818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38434818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38444818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38454818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38464818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38474818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38484818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38494818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38504818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd7260000 'C:\WINDOWS\System32\winmm.dll'
38514818.5df8: KiUserExceptionDispatcher: 0xc0000005 (0000000000000001, 0000000000000021) @ 00007ffd9d2e8201 (flags=0x0)
3852 rax=0000000000000000 rbx=00000000148dde78 rcx=ac4f3d5044ec0000 rdx=0000000000000000
3853 rsi=0000000000000001 rdi=0000000000000021 r8 =000000000a77eff8 r9 =00000000067c7150
3854 r10=0000000000000000 r11=000000000a77f2d0 r12=0000000000000003 r13=0000000000000000
3855 r14=00000000067c7278 r15=00007ffd872dadd4 P1=0000000000000010 P2=000000000a77ec89
3856 rip=00007ffd9d2e8201 rsp=000000000a77f340 rbp=00000000067c7150 ctxflags=0010005f
3857 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010206 mxcrx=00001fa0
3858 P3=0000000000a50000 P4=00007ffde72dba17 P5=0000000000900000 P6=00007ffd00000000
3859 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
3860 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000048 dcr=0000000000000001
3861 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
38624818.5df8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
38634818.5df8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38644818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde54e0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
38654818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
38664818.5df8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
38674818.5df8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38684818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4710000 'C:\WINDOWS\System32\WINTRUST.DLL'
38694818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\CRYPT32.dll'
38704818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
38714818.5df8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
38724818.5df8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
38734818.5df8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
38744818.5df8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
38754818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde72a0000 'C:\WINDOWS\System32\ntdll.dll'
38764818.5df8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012d4 pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
38774818.5df8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d70830
38784818.5df8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d70830
38794818.5df8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB05C7236BF75A3E9746E25E1039005E1268927
38804818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde3550000 'C:\WINDOWS\system32\rsaenh.dll'
38814818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4f90000 'C:\WINDOWS\System32\crypt32.dll'
38824818.5df8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0414~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
38834818.5df8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38844818.5df8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll) WinVerifyTrust
38854818.5df8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
38864818.5df8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
38874818.5df8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll
38884818.5df8: supR3HardenedDllNotificationCallback: load 00007ffde23a0000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
38894818.5df8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll
38904818.5df8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll
38914818.5df8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
38924818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde72a0000 'C:\WINDOWS\System32\ntdll.dll'
38934818.5df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde23a0000 'C:\WINDOWS\system32\apphelp.dll'
38945250.40f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1593365 ms, the end);
38954390.2f04: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1594027 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy