VirtualBox

Ticket #19456: VBoxHardening.2.log

File VBoxHardening.2.log, 435.7 KB (added by yorickdowne, 4 years ago)

Hardening log when attempting to install Ubuntu Desktop 1804 64-bit

Line 
14b70.54b4: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6100
24b70.54b4: \SystemRoot\System32\ntdll.dll:
34b70.54b4: CreationTime: 2020-03-14T03:02:43.275222700Z
44b70.54b4: LastWriteTime: 2020-03-14T03:02:43.306236000Z
54b70.54b4: ChangeTime: 2020-03-27T13:43:11.521001300Z
64b70.54b4: FileAttributes: 0x20
74b70.54b4: Size: 0x1ed2e8
84b70.54b4: NT Headers: 0xe8
94b70.54b4: Timestamp: 0x74437382
104b70.54b4: Machine: 0x8664 - amd64
114b70.54b4: Timestamp: 0x74437382
124b70.54b4: Image Version: 10.0
134b70.54b4: SizeOfImage: 0x1f4000 (2048000)
144b70.54b4: Resource Dir: 0x183000 LB 0x6fd28
154b70.54b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164b70.54b4: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174b70.54b4: ProductName: Microsoft® Windows® Operating System
184b70.54b4: ProductVersion: 10.0.19041.153
194b70.54b4: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
204b70.54b4: FileDescription: NT Layer DLL
214b70.54b4: \SystemRoot\System32\kernel32.dll:
224b70.54b4: CreationTime: 2019-12-07T09:08:19.659069000Z
234b70.54b4: LastWriteTime: 2019-12-07T09:08:19.659069000Z
244b70.54b4: ChangeTime: 2020-03-27T13:43:11.228000700Z
254b70.54b4: FileAttributes: 0x20
264b70.54b4: Size: 0xbaa28
274b70.54b4: NT Headers: 0xf0
284b70.54b4: Timestamp: 0xa977190b
294b70.54b4: Machine: 0x8664 - amd64
304b70.54b4: Timestamp: 0xa977190b
314b70.54b4: Image Version: 10.0
324b70.54b4: SizeOfImage: 0xbd000 (774144)
334b70.54b4: Resource Dir: 0xbb000 LB 0x520
344b70.54b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354b70.54b4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364b70.54b4: ProductName: Microsoft® Windows® Operating System
374b70.54b4: ProductVersion: 10.0.19041.1
384b70.54b4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
394b70.54b4: FileDescription: Windows NT BASE API Client DLL
404b70.54b4: \SystemRoot\System32\KernelBase.dll:
414b70.54b4: CreationTime: 2020-03-14T03:02:43.692221900Z
424b70.54b4: LastWriteTime: 2020-03-14T03:02:43.739239000Z
434b70.54b4: ChangeTime: 2020-03-27T13:43:11.520001000Z
444b70.54b4: FileAttributes: 0x20
454b70.54b4: Size: 0x2c8a18
464b70.54b4: NT Headers: 0x100
474b70.54b4: Timestamp: 0x64f228e4
484b70.54b4: Machine: 0x8664 - amd64
494b70.54b4: Timestamp: 0x64f228e4
504b70.54b4: Image Version: 10.0
514b70.54b4: SizeOfImage: 0x2c7000 (2912256)
524b70.54b4: Resource Dir: 0x29e000 LB 0x548
534b70.54b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544b70.54b4: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554b70.54b4: ProductName: Microsoft® Windows® Operating System
564b70.54b4: ProductVersion: 10.0.19041.153
574b70.54b4: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
584b70.54b4: FileDescription: Windows NT BASE API Client DLL
594b70.54b4: \SystemRoot\System32\apisetschema.dll:
604b70.54b4: CreationTime: 2019-12-07T09:08:13.518339400Z
614b70.54b4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
624b70.54b4: ChangeTime: 2020-03-27T13:43:11.135999700Z
634b70.54b4: FileAttributes: 0x20
644b70.54b4: Size: 0x1f538
654b70.54b4: NT Headers: 0xd0
664b70.54b4: Timestamp: 0x31288ce0
674b70.54b4: Machine: 0x8664 - amd64
684b70.54b4: Timestamp: 0x31288ce0
694b70.54b4: Image Version: 10.0
704b70.54b4: SizeOfImage: 0x20000 (131072)
714b70.54b4: Resource Dir: 0x1f000 LB 0x408
724b70.54b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734b70.54b4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744b70.54b4: ProductName: Microsoft® Windows® Operating System
754b70.54b4: ProductVersion: 10.0.19041.1
764b70.54b4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
774b70.54b4: FileDescription: ApiSet Schema DLL
784b70.54b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794b70.54b4: supR3HardenedWinFindAdversaries: 0x2
804b70.54b4: \SystemRoot\System32\drivers\symevent64x86.sys:
814b70.54b4: CreationTime: 2013-02-25T14:25:28.206442500Z
824b70.54b4: LastWriteTime: 2013-11-28T05:30:50.145748300Z
834b70.54b4: ChangeTime: 2020-01-31T17:39:40.688592600Z
844b70.54b4: FileAttributes: 0x2020
854b70.54b4: Size: 0x2b658
864b70.54b4: NT Headers: 0xe8
874b70.54b4: Timestamp: 0x51f32ff2
884b70.54b4: Machine: 0x8664 - amd64
894b70.54b4: Timestamp: 0x51f32ff2
904b70.54b4: Image Version: 6.0
914b70.54b4: SizeOfImage: 0x38000 (229376)
924b70.54b4: Resource Dir: 0x36000 LB 0x3c8
934b70.54b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
944b70.54b4: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
954b70.54b4: ProductName: SYMEVENT
964b70.54b4: ProductVersion: 12.9.5.2
974b70.54b4: FileVersion: 12.9.5.2
984b70.54b4: FileDescription: Symantec Event Library
994b70.54b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1004b70.54b4: Calling main()
1014b70.54b4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1024b70.54b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1034b70.54b4: SUPR3HardenedMain: Respawn #1
1044b70.54b4: System32: \Device\HarddiskVolume3\Windows\System32
1054b70.54b4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1064b70.54b4: KnownDllPath: C:\WINDOWS\System32
1074b70.54b4: supR3HardenedWinInit: Performing a limited self purification...
1084b70.54b4: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1094b70.54b4: *0000000000000000-0000000000c9ffff 0x0001/0x0000 0x0000000
1104b70.54b4: *0000000000ca0000-0000000000caffff 0x0004/0x0004 0x0040000
1114b70.54b4: 0000000000cb0000-0000000000cbffff 0x0001/0x0000 0x0000000
1124b70.54b4: *0000000000cc0000-0000000000cdcfff 0x0002/0x0002 0x0040000
1134b70.54b4: 0000000000cdd000-0000000000cdffff 0x0001/0x0000 0x0000000
1144b70.54b4: *0000000000ce0000-0000000000d90fff 0x0000/0x0004 0x0020000
1154b70.54b4: 0000000000d91000-0000000000d93fff 0x0104/0x0004 0x0020000
1164b70.54b4: 0000000000d94000-0000000000ddffff 0x0004/0x0004 0x0020000
1174b70.54b4: *0000000000de0000-0000000000de3fff 0x0002/0x0002 0x0040000
1184b70.54b4: 0000000000de4000-0000000000deffff 0x0001/0x0000 0x0000000
1194b70.54b4: *0000000000df0000-0000000000df1fff 0x0004/0x0004 0x0020000
1204b70.54b4: 0000000000df2000-0000000000dfffff 0x0001/0x0000 0x0000000
1214b70.54b4: *0000000000e00000-0000000000e6afff 0x0000/0x0004 0x0020000
1224b70.54b4: 0000000000e6b000-0000000000e6dfff 0x0004/0x0004 0x0020000
1234b70.54b4: 0000000000e6e000-0000000000ffffff 0x0000/0x0004 0x0020000
1244b70.54b4: *0000000001000000-0000000001001fff 0x0004/0x0004 0x0020000
1254b70.54b4: 0000000001002000-0000000001019fff 0x0000/0x0004 0x0020000
1264b70.54b4: 000000000101a000-000000000106ffff 0x0001/0x0000 0x0000000
1274b70.54b4: *0000000001070000-0000000001075fff 0x0004/0x0004 0x0020000
1284b70.54b4: 0000000001076000-000000000116ffff 0x0000/0x0004 0x0020000
1294b70.54b4: *0000000001170000-0000000001238fff 0x0002/0x0002 0x0040000
1304b70.54b4: 0000000001239000-000000000123ffff 0x0001/0x0000 0x0000000
1314b70.54b4: *0000000001240000-000000000125cfff 0x0004/0x0004 0x0020000
1324b70.54b4: 000000000125d000-000000000133ffff 0x0000/0x0004 0x0020000
1334b70.54b4: 0000000001340000-000000000139ffff 0x0001/0x0000 0x0000000
1344b70.54b4: *00000000013a0000-00000000013aefff 0x0004/0x0004 0x0020000
1354b70.54b4: 00000000013af000-00000000013affff 0x0000/0x0004 0x0020000
1364b70.54b4: *00000000013b0000-00000000013b0fff 0x0000/0x0004 0x0020000
1374b70.54b4: 00000000013b1000-00000000015a5fff 0x0004/0x0004 0x0020000
1384b70.54b4: 00000000015a6000-00000000015a6fff 0x0000/0x0004 0x0020000
1394b70.54b4: 00000000015a7000-000000007ffdffff 0x0001/0x0000 0x0000000
1404b70.54b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1414b70.54b4: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
1424b70.54b4: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
1434b70.54b4: 000000007ffe5000-00007ff42b2dffff 0x0001/0x0000 0x0000000
1444b70.54b4: *00007ff42b2e0000-00007ff42b2e4fff 0x0002/0x0002 0x0040000
1454b70.54b4: 00007ff42b2e5000-00007ff42b3dffff 0x0000/0x0002 0x0040000
1464b70.54b4: *00007ff42b3e0000-00007ff52b3fffff 0x0000/0x0004 0x0020000
1474b70.54b4: *00007ff52b400000-00007ff52d3fffff 0x0000/0x0004 0x0020000
1484b70.54b4: 00007ff52d400000-00007ff52d400fff 0x0004/0x0004 0x0020000
1494b70.54b4: 00007ff52d401000-00007ff52d40ffff 0x0001/0x0000 0x0000000
1504b70.54b4: *00007ff52d410000-00007ff52d410fff 0x0002/0x0002 0x0040000
1514b70.54b4: 00007ff52d411000-00007ff52d41ffff 0x0001/0x0000 0x0000000
1524b70.54b4: *00007ff52d420000-00007ff52d442fff 0x0002/0x0002 0x0040000
1534b70.54b4: 00007ff52d443000-00007ff733afffff 0x0001/0x0000 0x0000000
1544b70.54b4: *00007ff733b00000-00007ff733b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1554b70.54b4: 00007ff733b01000-00007ff733b76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1564b70.54b4: 00007ff733b77000-00007ff733b77fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1574b70.54b4: 00007ff733b78000-00007ff733bbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1584b70.54b4: 00007ff733bc0000-00007ff733bc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1594b70.54b4: 00007ff733bc3000-00007ff733bc5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1604b70.54b4: 00007ff733bc6000-00007ff733bc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1614b70.54b4: 00007ff733bc9000-00007ff733bc9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1624b70.54b4: 00007ff733bca000-00007ff733bcbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1634b70.54b4: 00007ff733bcc000-00007ff733bccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1644b70.54b4: 00007ff733bcd000-00007ff733c15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1654b70.54b4: 00007ff733c16000-00007ffe187effff 0x0001/0x0000 0x0000000
1664b70.54b4: *00007ffe187f0000-00007ffe187f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1674b70.54b4: 00007ffe187f1000-00007ffe18901fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1684b70.54b4: 00007ffe18902000-00007ffe18a78fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1694b70.54b4: 00007ffe18a79000-00007ffe18a7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1704b70.54b4: 00007ffe18a7d000-00007ffe18a7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1714b70.54b4: 00007ffe18a7e000-00007ffe18ab6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1724b70.54b4: 00007ffe18ab7000-00007ffe1a62ffff 0x0001/0x0000 0x0000000
1734b70.54b4: *00007ffe1a630000-00007ffe1a630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1744b70.54b4: 00007ffe1a631000-00007ffe1a6aefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1754b70.54b4: 00007ffe1a6af000-00007ffe1a6e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1764b70.54b4: 00007ffe1a6e2000-00007ffe1a6e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1774b70.54b4: 00007ffe1a6e3000-00007ffe1a6e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1784b70.54b4: 00007ffe1a6e4000-00007ffe1a6ecfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1794b70.54b4: 00007ffe1a6ed000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
1804b70.54b4: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1814b70.54b4: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1824b70.54b4: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1834b70.54b4: 00007ffe1b0b3000-00007ffe1b0b3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1844b70.54b4: 00007ffe1b0b4000-00007ffe1b0b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1854b70.54b4: 00007ffe1b0b6000-00007ffe1b0befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1864b70.54b4: 00007ffe1b0bf000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1874b70.54b4: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
1884b70.54b4: kernel32.dll: timestamp 0xa977190b (rc=VINF_SUCCESS)
1894b70.54b4: kernelbase.dll: timestamp 0x64f228e4 (rc=VINF_SUCCESS)
1904b70.54b4: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
1914b70.54b4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1924b70.54b4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1934b70.54b4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1944b70.54b4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1954b70.54b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1964b70.54b4: supR3HardNtEnableThreadCreationEx:
1974b70.54b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
1984b70.54b4: supR3HardenedWinDoReSpawn(1): New child 5734.4570 [kernel32].
1994b70.54b4: supR3HardNtChildGatherData: PebBaseAddress=0000000000653000 cbPeb=0x388
2004b70.54b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1af50000 uNtDllChildAddr=00007ffe1af50000
2014b70.54b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1afc4550
2024b70.54b4: supR3HardenedWinSetupChildInit: Initial context:
203 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff733b07900 rdx=0000000000653000
204 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
205 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
206 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
207 rip=00007ffe1af9cf10 rsp=00000000005dfcf8 rbp=0000000000000000 ctxflags=0010001b
208 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
209 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
210 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
211 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
212 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2134b70.54b4: supR3HardenedWinSetupChildInit: Start child.
2144b70.54b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
2154b70.54b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 33 sleeps
2164b70.54b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2174b70.54b4: *0000000000000000-000000000049ffff 0x0001/0x0000 0x0000000
2184b70.54b4: *00000000004a0000-00000000004bffff 0x0004/0x0004 0x0020000
2194b70.54b4: *00000000004c0000-00000000004dcfff 0x0002/0x0002 0x0040000
2204b70.54b4: 00000000004dd000-00000000004dffff 0x0001/0x0000 0x0000000
2214b70.54b4: *00000000004e0000-00000000005dafff 0x0000/0x0004 0x0020000
2224b70.54b4: 00000000005db000-00000000005ddfff 0x0104/0x0004 0x0020000
2234b70.54b4: 00000000005de000-00000000005dffff 0x0004/0x0004 0x0020000
2244b70.54b4: *00000000005e0000-00000000005e3fff 0x0002/0x0002 0x0040000
2254b70.54b4: 00000000005e4000-00000000005effff 0x0001/0x0000 0x0000000
2264b70.54b4: *00000000005f0000-00000000005f1fff 0x0004/0x0004 0x0020000
2274b70.54b4: 00000000005f2000-00000000005fffff 0x0001/0x0000 0x0000000
2284b70.54b4: *0000000000600000-0000000000652fff 0x0000/0x0004 0x0020000
2294b70.54b4: 0000000000653000-0000000000655fff 0x0004/0x0004 0x0020000
2304b70.54b4: 0000000000656000-00000000007fffff 0x0000/0x0004 0x0020000
2314b70.54b4: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
2324b70.54b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2334b70.54b4: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
2344b70.54b4: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
2354b70.54b4: 000000007ffe5000-00007ff54205ffff 0x0001/0x0000 0x0000000
2364b70.54b4: *00007ff542060000-00007ff542060fff 0x0002/0x0002 0x0040000
2374b70.54b4: 00007ff542061000-00007ff54206ffff 0x0001/0x0000 0x0000000
2384b70.54b4: *00007ff542070000-00007ff542092fff 0x0002/0x0002 0x0040000
2394b70.54b4: 00007ff542093000-00007ff733afffff 0x0001/0x0000 0x0000000
2404b70.54b4: *00007ff733b00000-00007ff733b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2414b70.54b4: 00007ff733b01000-00007ff733b76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2424b70.54b4: 00007ff733b77000-00007ff733b77fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2434b70.54b4: 00007ff733b78000-00007ff733bbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2444b70.54b4: 00007ff733bc0000-00007ff733bc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2454b70.54b4: 00007ff733bc1000-00007ff733bc1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2464b70.54b4: 00007ff733bc2000-00007ff733bc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2474b70.54b4: 00007ff733bc7000-00007ff733bc7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2484b70.54b4: 00007ff733bc8000-00007ff733bc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2494b70.54b4: 00007ff733bc9000-00007ff733bccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2504b70.54b4: 00007ff733bcd000-00007ff733c15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2514b70.54b4: 00007ff733c16000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
2524b70.54b4: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2534b70.54b4: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2544b70.54b4: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2554b70.54b4: 00007ffe1b0b3000-00007ffe1b0befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2564b70.54b4: 00007ffe1b0bf000-00007ffe1b0cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2574b70.54b4: 00007ffe1b0ce000-00007ffe1b0cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2584b70.54b4: 00007ffe1b0cf000-00007ffe1b0d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2594b70.54b4: 00007ffe1b0d2000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2604b70.54b4: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
2614b70.54b4: supR3HardNtChildPurify: Done after 522 ms and 0 fixes (loop #0).
2624b70.54b4: supR3HardNtEnableThreadCreationEx:
2635734.4570: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
2645734.4570: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1af50000 g_uNtVerCombined=0xa04a6100 (stack ~00000000005df788)
2655734.4570: ntdll.dll: timestamp 0x74437382 (rc=VINF_SUCCESS)
2665734.4570: New simple heap: #1 0000000000900000 LB 0x400000 (for 2048000 allocation)
2675734.4570: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2685734.4570: System32: \Device\HarddiskVolume3\Windows\System32
2695734.4570: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2705734.4570: KnownDllPath: C:\WINDOWS\System32
2715734.4570: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2725734.4570: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2735734.4570: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2745734.4570: Registered Dll notification callback with NTDLL.
2755734.4570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2765734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2775734.4570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2785734.4570: supR3HardenedDllNotificationCallback: load 00007ffe187f0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2795734.4570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2805734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2815734.4570: supR3HardenedDllNotificationCallback: load 00007ffe1a630000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2825734.4570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2835734.4570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\KERNEL32.DLL'
2845734.4570: supR3HardenedDllNotificationCallback: load 00007ff733b00000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2855734.4570: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2865734.4570: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2875734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2884b70.54b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 103 ms.
2895734.4570: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
2905734.4570: \SystemRoot\System32\ntdll.dll:
2915734.4570: CreationTime: 2020-03-14T03:02:43.275222700Z
2925734.4570: LastWriteTime: 2020-03-14T03:02:43.306236000Z
2935734.4570: ChangeTime: 2020-03-27T13:43:11.521001300Z
2945734.4570: FileAttributes: 0x20
2955734.4570: Size: 0x1ed2e8
2965734.4570: NT Headers: 0xe8
2975734.4570: Timestamp: 0x74437382
2985734.4570: Machine: 0x8664 - amd64
2995734.4570: Timestamp: 0x74437382
3005734.4570: Image Version: 10.0
3015734.4570: SizeOfImage: 0x1f4000 (2048000)
3025734.4570: Resource Dir: 0x183000 LB 0x6fd28
3035734.4570: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3045734.4570: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3055734.4570: ProductName: Microsoft® Windows® Operating System
3065734.4570: ProductVersion: 10.0.19041.153
3075734.4570: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
3085734.4570: FileDescription: NT Layer DLL
3095734.4570: \SystemRoot\System32\kernel32.dll:
3105734.4570: CreationTime: 2019-12-07T09:08:19.659069000Z
3115734.4570: LastWriteTime: 2019-12-07T09:08:19.659069000Z
3125734.4570: ChangeTime: 2020-03-27T13:43:11.228000700Z
3135734.4570: FileAttributes: 0x20
3145734.4570: Size: 0xbaa28
3155734.4570: NT Headers: 0xf0
3165734.4570: Timestamp: 0xa977190b
3175734.4570: Machine: 0x8664 - amd64
3185734.4570: Timestamp: 0xa977190b
3195734.4570: Image Version: 10.0
3205734.4570: SizeOfImage: 0xbd000 (774144)
3215734.4570: Resource Dir: 0xbb000 LB 0x520
3225734.4570: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3235734.4570: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3245734.4570: ProductName: Microsoft® Windows® Operating System
3255734.4570: ProductVersion: 10.0.19041.1
3265734.4570: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3275734.4570: FileDescription: Windows NT BASE API Client DLL
3285734.4570: \SystemRoot\System32\KernelBase.dll:
3295734.4570: CreationTime: 2020-03-14T03:02:43.692221900Z
3305734.4570: LastWriteTime: 2020-03-14T03:02:43.739239000Z
3315734.4570: ChangeTime: 2020-03-27T13:43:11.520001000Z
3325734.4570: FileAttributes: 0x20
3335734.4570: Size: 0x2c8a18
3345734.4570: NT Headers: 0x100
3355734.4570: Timestamp: 0x64f228e4
3365734.4570: Machine: 0x8664 - amd64
3375734.4570: Timestamp: 0x64f228e4
3385734.4570: Image Version: 10.0
3395734.4570: SizeOfImage: 0x2c7000 (2912256)
3405734.4570: Resource Dir: 0x29e000 LB 0x548
3415734.4570: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3425734.4570: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3435734.4570: ProductName: Microsoft® Windows® Operating System
3445734.4570: ProductVersion: 10.0.19041.153
3455734.4570: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
3465734.4570: FileDescription: Windows NT BASE API Client DLL
3475734.4570: \SystemRoot\System32\apisetschema.dll:
3485734.4570: CreationTime: 2019-12-07T09:08:13.518339400Z
3495734.4570: LastWriteTime: 2019-12-07T09:08:13.518339400Z
3505734.4570: ChangeTime: 2020-03-27T13:43:11.135999700Z
3515734.4570: FileAttributes: 0x20
3525734.4570: Size: 0x1f538
3535734.4570: NT Headers: 0xd0
3545734.4570: Timestamp: 0x31288ce0
3555734.4570: Machine: 0x8664 - amd64
3565734.4570: Timestamp: 0x31288ce0
3575734.4570: Image Version: 10.0
3585734.4570: SizeOfImage: 0x20000 (131072)
3595734.4570: Resource Dir: 0x1f000 LB 0x408
3605734.4570: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3615734.4570: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3625734.4570: ProductName: Microsoft® Windows® Operating System
3635734.4570: ProductVersion: 10.0.19041.1
3645734.4570: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3655734.4570: FileDescription: ApiSet Schema DLL
3665734.4570: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3675734.4570: supR3HardenedWinFindAdversaries: 0x2
3685734.4570: \SystemRoot\System32\drivers\symevent64x86.sys:
3695734.4570: CreationTime: 2013-02-25T14:25:28.206442500Z
3705734.4570: LastWriteTime: 2013-11-28T05:30:50.145748300Z
3715734.4570: ChangeTime: 2020-01-31T17:39:40.688592600Z
3725734.4570: FileAttributes: 0x2020
3735734.4570: Size: 0x2b658
3745734.4570: NT Headers: 0xe8
3755734.4570: Timestamp: 0x51f32ff2
3765734.4570: Machine: 0x8664 - amd64
3775734.4570: Timestamp: 0x51f32ff2
3785734.4570: Image Version: 6.0
3795734.4570: SizeOfImage: 0x38000 (229376)
3805734.4570: Resource Dir: 0x36000 LB 0x3c8
3815734.4570: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3825734.4570: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
3835734.4570: ProductName: SYMEVENT
3845734.4570: ProductVersion: 12.9.5.2
3855734.4570: FileVersion: 12.9.5.2
3865734.4570: FileDescription: Symantec Event Library
3875734.4570: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3885734.4570: Calling main()
3895734.4570: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3905734.4570: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3915734.4570: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3925734.4570: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3935734.4570: SUPR3HardenedMain: Respawn #2
3945734.4570: supR3HardNtEnableThreadCreationEx:
3955734.4570: supR3HardenedDllNotificationCallback: load 00007ffe1ade0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
3965734.4570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3975734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3985734.4570: supR3HardenedDllNotificationCallback: load 00007ffe195f0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3995734.4570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4005734.4570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
4015734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
4025734.4570: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4035734.4570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
4045734.4570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4055734.4570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4065734.4570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4075734.4570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4085734.4570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4095734.4570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1af50000 'C:\WINDOWS\System32\ntdll.dll'
4105734.4570: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
4115734.4570: supR3HardenedWinDoReSpawn(2): New child 4e24.4e04 [kernel32].
4125734.4570: supR3HardNtChildGatherData: PebBaseAddress=0000000000fbb000 cbPeb=0x388
4135734.4570: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1af50000 uNtDllChildAddr=00007ffe1af50000
4145734.4570: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1afc4550
4155734.4570: supR3HardenedWinSetupChildInit: Initial context:
416 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff733b07900 rdx=0000000000fbb000
417 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
418 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
419 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
420 rip=00007ffe1af9cf10 rsp=00000000010ffa98 rbp=0000000000000000 ctxflags=0010001b
421 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
422 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
423 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
424 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
425 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4265734.4570: kernel32.dll: timestamp 0xa977190b (rc=VINF_SUCCESS)
4275734.4570: supR3HardenedWinSetupChildInit: Start child.
4285734.4570: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 4 ms.
4295734.4570: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
4305734.4570: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4315734.4570: *0000000000000000-0000000000d1ffff 0x0001/0x0000 0x0000000
4325734.4570: *0000000000d20000-0000000000d3ffff 0x0004/0x0004 0x0020000
4335734.4570: *0000000000d40000-0000000000d5cfff 0x0002/0x0002 0x0040000
4345734.4570: 0000000000d5d000-0000000000d5ffff 0x0001/0x0000 0x0000000
4355734.4570: *0000000000d60000-0000000000d63fff 0x0002/0x0002 0x0040000
4365734.4570: 0000000000d64000-0000000000d6ffff 0x0001/0x0000 0x0000000
4375734.4570: *0000000000d70000-0000000000d71fff 0x0004/0x0004 0x0020000
4385734.4570: 0000000000d72000-0000000000dfffff 0x0001/0x0000 0x0000000
4395734.4570: *0000000000e00000-0000000000fbafff 0x0000/0x0004 0x0020000
4405734.4570: 0000000000fbb000-0000000000fbdfff 0x0004/0x0004 0x0020000
4415734.4570: 0000000000fbe000-0000000000ffffff 0x0000/0x0004 0x0020000
4425734.4570: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
4435734.4570: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
4445734.4570: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
4455734.4570: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
4465734.4570: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4475734.4570: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
4485734.4570: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
4495734.4570: 000000007ffe5000-00007ff53565ffff 0x0001/0x0000 0x0000000
4505734.4570: *00007ff535660000-00007ff535660fff 0x0002/0x0002 0x0040000
4515734.4570: 00007ff535661000-00007ff53566ffff 0x0001/0x0000 0x0000000
4525734.4570: *00007ff535670000-00007ff535692fff 0x0002/0x0002 0x0040000
4535734.4570: 00007ff535693000-00007ff733afffff 0x0001/0x0000 0x0000000
4545734.4570: *00007ff733b00000-00007ff733b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4555734.4570: 00007ff733b01000-00007ff733b76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4565734.4570: 00007ff733b77000-00007ff733b77fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4575734.4570: 00007ff733b78000-00007ff733bbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4585734.4570: 00007ff733bc0000-00007ff733bc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4595734.4570: 00007ff733bc1000-00007ff733bc1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4605734.4570: 00007ff733bc2000-00007ff733bc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4615734.4570: 00007ff733bc7000-00007ff733bc7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4625734.4570: 00007ff733bc8000-00007ff733bc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4635734.4570: 00007ff733bc9000-00007ff733bccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4645734.4570: 00007ff733bcd000-00007ff733c15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4655734.4570: 00007ff733c16000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
4665734.4570: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4675734.4570: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4685734.4570: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4695734.4570: 00007ffe1b0b3000-00007ffe1b0befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4705734.4570: 00007ffe1b0bf000-00007ffe1b0cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4715734.4570: 00007ffe1b0ce000-00007ffe1b0cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4725734.4570: 00007ffe1b0cf000-00007ffe1b0d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4735734.4570: 00007ffe1b0d2000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4745734.4570: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
4755734.4570: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
4765734.4570: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4775734.4570: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4785734.4570: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
4794e24.4e04: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
4804e24.4e04: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1af50000 g_uNtVerCombined=0xa04a6100 (stack ~00000000010ff528)
4815734.4570: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
4824e24.4e04: ntdll.dll: timestamp 0x74437382 (rc=VINF_SUCCESS)
4834e24.4e04: New simple heap: #1 0000000001200000 LB 0x400000 (for 2048000 allocation)
4845734.4570: supR3HardNtEnableThreadCreationEx:
4854e24.4e04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4864e24.4e04: System32: \Device\HarddiskVolume3\Windows\System32
4874e24.4e04: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
4884e24.4e04: KnownDllPath: C:\WINDOWS\System32
4894e24.4e04: supR3HardenedVmProcessInit: Opening vboxdrv...
4904e24.4e04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4914e24.4e04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4924e24.4e04: Registered Dll notification callback with NTDLL.
4934e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
4944e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4954e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4964e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe187f0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
4974e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4984e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4994e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1a630000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5004e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5014e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\KERNEL32.DLL'
5024e24.4e04: supR3HardenedDllNotificationCallback: load 00007ff733b00000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5034e24.4e04: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5044e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5054e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5064e24.4e04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
5075734.4570: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
5084e24.4e04: \SystemRoot\System32\ntdll.dll:
5094e24.4e04: CreationTime: 2020-03-14T03:02:43.275222700Z
5104e24.4e04: LastWriteTime: 2020-03-14T03:02:43.306236000Z
5114e24.4e04: ChangeTime: 2020-03-27T13:43:11.521001300Z
5124e24.4e04: FileAttributes: 0x20
5134e24.4e04: Size: 0x1ed2e8
5144e24.4e04: NT Headers: 0xe8
5154e24.4e04: Timestamp: 0x74437382
5164e24.4e04: Machine: 0x8664 - amd64
5174e24.4e04: Timestamp: 0x74437382
5184e24.4e04: Image Version: 10.0
5194e24.4e04: SizeOfImage: 0x1f4000 (2048000)
5204e24.4e04: Resource Dir: 0x183000 LB 0x6fd28
5214e24.4e04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5224e24.4e04: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5234e24.4e04: ProductName: Microsoft® Windows® Operating System
5244e24.4e04: ProductVersion: 10.0.19041.153
5254e24.4e04: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
5264e24.4e04: FileDescription: NT Layer DLL
5274e24.4e04: \SystemRoot\System32\kernel32.dll:
5284e24.4e04: CreationTime: 2019-12-07T09:08:19.659069000Z
5294e24.4e04: LastWriteTime: 2019-12-07T09:08:19.659069000Z
5304e24.4e04: ChangeTime: 2020-03-27T13:43:11.228000700Z
5314e24.4e04: FileAttributes: 0x20
5324e24.4e04: Size: 0xbaa28
5334e24.4e04: NT Headers: 0xf0
5344e24.4e04: Timestamp: 0xa977190b
5354e24.4e04: Machine: 0x8664 - amd64
5364e24.4e04: Timestamp: 0xa977190b
5374e24.4e04: Image Version: 10.0
5384e24.4e04: SizeOfImage: 0xbd000 (774144)
5394e24.4e04: Resource Dir: 0xbb000 LB 0x520
5404e24.4e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5414e24.4e04: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5424e24.4e04: ProductName: Microsoft® Windows® Operating System
5434e24.4e04: ProductVersion: 10.0.19041.1
5444e24.4e04: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5454e24.4e04: FileDescription: Windows NT BASE API Client DLL
5464e24.4e04: \SystemRoot\System32\KernelBase.dll:
5474e24.4e04: CreationTime: 2020-03-14T03:02:43.692221900Z
5484e24.4e04: LastWriteTime: 2020-03-14T03:02:43.739239000Z
5494e24.4e04: ChangeTime: 2020-03-27T13:43:11.520001000Z
5504e24.4e04: FileAttributes: 0x20
5514e24.4e04: Size: 0x2c8a18
5524e24.4e04: NT Headers: 0x100
5534e24.4e04: Timestamp: 0x64f228e4
5544e24.4e04: Machine: 0x8664 - amd64
5554e24.4e04: Timestamp: 0x64f228e4
5564e24.4e04: Image Version: 10.0
5574e24.4e04: SizeOfImage: 0x2c7000 (2912256)
5584e24.4e04: Resource Dir: 0x29e000 LB 0x548
5594e24.4e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5604e24.4e04: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5614e24.4e04: ProductName: Microsoft® Windows® Operating System
5624e24.4e04: ProductVersion: 10.0.19041.153
5634e24.4e04: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
5644e24.4e04: FileDescription: Windows NT BASE API Client DLL
5654e24.4e04: \SystemRoot\System32\apisetschema.dll:
5664e24.4e04: CreationTime: 2019-12-07T09:08:13.518339400Z
5674e24.4e04: LastWriteTime: 2019-12-07T09:08:13.518339400Z
5684e24.4e04: ChangeTime: 2020-03-27T13:43:11.135999700Z
5694e24.4e04: FileAttributes: 0x20
5704e24.4e04: Size: 0x1f538
5714e24.4e04: NT Headers: 0xd0
5724e24.4e04: Timestamp: 0x31288ce0
5734e24.4e04: Machine: 0x8664 - amd64
5744e24.4e04: Timestamp: 0x31288ce0
5754e24.4e04: Image Version: 10.0
5764e24.4e04: SizeOfImage: 0x20000 (131072)
5774e24.4e04: Resource Dir: 0x1f000 LB 0x408
5784e24.4e04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5794e24.4e04: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5804e24.4e04: ProductName: Microsoft® Windows® Operating System
5814e24.4e04: ProductVersion: 10.0.19041.1
5824e24.4e04: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5834e24.4e04: FileDescription: ApiSet Schema DLL
5844e24.4e04: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5854e24.4e04: supR3HardenedWinFindAdversaries: 0x2
5864e24.4e04: \SystemRoot\System32\drivers\symevent64x86.sys:
5874e24.4e04: CreationTime: 2013-02-25T14:25:28.206442500Z
5884e24.4e04: LastWriteTime: 2013-11-28T05:30:50.145748300Z
5894e24.4e04: ChangeTime: 2020-01-31T17:39:40.688592600Z
5904e24.4e04: FileAttributes: 0x2020
5914e24.4e04: Size: 0x2b658
5924e24.4e04: NT Headers: 0xe8
5934e24.4e04: Timestamp: 0x51f32ff2
5944e24.4e04: Machine: 0x8664 - amd64
5954e24.4e04: Timestamp: 0x51f32ff2
5964e24.4e04: Image Version: 6.0
5974e24.4e04: SizeOfImage: 0x38000 (229376)
5984e24.4e04: Resource Dir: 0x36000 LB 0x3c8
5994e24.4e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6004e24.4e04: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
6014e24.4e04: ProductName: SYMEVENT
6024e24.4e04: ProductVersion: 12.9.5.2
6034e24.4e04: FileVersion: 12.9.5.2
6044e24.4e04: FileDescription: Symantec Event Library
6054e24.4e04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6064e24.4e04: Calling main()
6074e24.4e04: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6084e24.4e04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6094e24.4e04: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6104e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6114e24.4e04: SUPR3HardenedMain: Final process, opening VBoxDrv...
6124e24.4e04: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
6134e24.4e04: supR3HardNtEnableThreadCreationEx:
6144e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6154e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6164e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6174e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6184e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdf92b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6194e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6204e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6214e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6224e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf92b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6234e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6244e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf92b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf92b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6274e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6284e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
6294e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
6304e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
6314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6324e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6334e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6344e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6374e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
6384e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6394e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6404e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1a920000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
6414e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6424e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1ade0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6434e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6444e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18ac0000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
6454e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6464e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18eb0000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
6474e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
6484e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
6494e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18b70000 LB 0x0015d000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
6504e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
6514e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6524e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6534e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6544e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
6554e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6564e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6574e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
6584e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6594e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6604e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
6614e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6624e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6634e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
6644e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6654e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6664e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-1'
6674e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
6684e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
6694e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe181c0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
6704e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6714e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\system32\Wintrust.dll'
6724e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
6734e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6744e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6754e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18e80000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
6764e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6774e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18e80000 'C:\WINDOWS\system32\bcrypt.dll'
6784e24.4e04: bcrypt.dll loaded at 00007ffe18e80000, BCryptOpenAlgorithmProvider at 00007ffe18e851e0, preloading providers:
6794e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
6804e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6814e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6824e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18770000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
6834e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6844e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18770000 'C:\WINDOWS\system32\bcryptprimitives.dll'
6854e24.4e04: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000173f440)
6864e24.4e04: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000173f9b0)
6874e24.4e04: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000173fcd0)
6884e24.4e04: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000173fff0)
6894e24.4e04: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001740310)
6904e24.4e04: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001740630)
6914e24.4e04: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001740950)
6924e24.4e04: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001740c70)
6934e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6944e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6954e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe17fb0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6964e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6974e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
6984e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6994e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
7004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7024e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7034e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7044e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7054e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe17710000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
7064e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7074e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
7084e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
7094e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
7104e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe17ee0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7114e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7124e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7134e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7144e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
7154e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7164e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7174e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\System32\WINTRUST.DLL'
7184e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7194e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\CRYPT32.dll'
7214e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19540000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
7224e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
7234e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
7244e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7254e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
7274e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe195f0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7284e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
7294e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
7304e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
7314e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7324e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7334e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
7344e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
7354e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe16f80000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
7364e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7374e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
7384e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
7394e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe185d0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
7404e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7414e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7424e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
7434e24.4e04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
7444e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7454e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7464e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7474e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7484e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7494e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7504e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7514e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7524e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7534e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7544e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7554e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7564e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7574e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7584e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7594e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7604e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7614e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7624e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe114e0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
7634e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7644e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7654e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7664e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7674e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7684e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7704e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7714e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7724e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7734e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7744e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7754e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7764e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7774e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7784e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7794e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7804e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7814e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7824e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7834e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7844e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7854e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7864e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7874e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7884e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7894e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7904e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7914e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7924e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7934e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7944e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\Windows\System32\cryptnet.dll'
7954e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7964e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7974e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ade0000 'C:\WINDOWS\System32\rpcrt4.dll'
7984e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1a870000 LB 0x000aa000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
7994e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8004e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8014e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8024e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8034e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8044e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8054e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8074e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8084e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8094e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8104e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8114e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8124e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8134e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8144e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8154e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8164e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8174e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8184e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8194e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8204e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000174ada0
8214e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
8224e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0C72B0E2023D53CDD9886CD2B5819FB91D2B422
8234e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8244e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8264e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8274e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8284e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8294e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\SystemRoot\System32\ntdll.dll'
8304e24.4e04: g_pfnWinVerifyTrust=00007ffe18ac1da0
8314e24.4e04: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8324e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8334e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8344e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8354e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8364e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8374e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8384e24.4e04: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
8394e24.4e04: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8404e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8414e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8424e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8434e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8444e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8454e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8464e24.4e04: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
8474e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8484e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8494e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8504e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8514e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8524e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8534e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
8544e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8554e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
8564e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
8574e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35D579607A81B539FE4EE838C90FF3AA54A92A17
8584e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8594e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8604e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8614e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8624e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8634e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8644e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8654e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8664e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8674e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
8684e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8704e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
8724e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8734e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8744e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8754e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
8764e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8774e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8784e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8794e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
8804e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8814e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8824e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8834e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
8844e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8854e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8864e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8874e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
8884e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8894e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8904e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8914e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8924e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8934e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8944e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
8954e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8964e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8974e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
8984e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8994e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9004e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
9014e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9024e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9034e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
9044e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9054e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9064e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
9074e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9084e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9094e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
9104e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9114e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9124e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
9134e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9144e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9154e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9164e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
9174e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9184e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9194e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
9204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9214e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9224e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
9234e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\system32\crypt32.dll'
9244e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
9254e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xca1887d90321da00 C=US, O=Home, CN=Home Root CA, Email=tbehrens@outlook.com
9264e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x493a5e1cae949159 CN=Meep
9274e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9284e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9294e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x8c3ab3ced159df00 CN=Meep
9304e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9314e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x23b1d7342a6fbc00 CN=Meep
9324e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x7f32aa9d15aa35dd CN=Meep
9334e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9344e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9354e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9364e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9374e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
9384e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9394e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x9f54b99fd84da700 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
9404e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9414e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
9424e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
9434e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9444e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9454e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
9464e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
9474e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
9484e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
9494e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9504e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
9514e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
9524e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
9534e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9544e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xbedf2fa01f59a400 C=TW, O=Chunghwa Telecom Co., Ltd., CN=ePKI Root Certification Authority - G2
9554e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
9564e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9574e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9584e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9594e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9604e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
9614e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9624e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
9634e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9644e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9654e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9664e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9674e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9684e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9694e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
9704e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
9714e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
9724e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9734e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd578ca718078b200 C=US, O=Amazon, CN=Amazon Root CA 1
9744e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
9754e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9764e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9774e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
9784e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
9794e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9804e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
9814e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
9824e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9834e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
9844e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
9854e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9864e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9874e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9884e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
9894e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9904e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
9914e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
9924e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9934e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9944e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9954e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9964e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9974e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9984e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
9994e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
10004e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10014e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
10024e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
10034e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
10044e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
10054e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
10064e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10074e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10084e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10094e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
10104e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
10114e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10124e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
10134e24.4e04: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018
10144e24.4e04: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=90
10154e24.4e04: SUPR3HardenedMain: Load Runtime...
10164e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10174e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10184e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10194e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10204e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10214e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10224e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10234e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10244e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
10274e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10284e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
10294e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10304e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10324e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10334e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10374e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10384e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10394e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10404e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10414e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10444e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10454e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10464e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10474e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
10484e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
10494e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10504e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10514e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10524e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10534e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10544e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10554e24.4e04: supR3HardenedDllNotificationCallback: load 000000005a0a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10564e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10574e24.4e04: supR3HardenedDllNotificationCallback: load 000000005a000000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
10584e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10594e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1ac80000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
10604e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10614e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffd99220000 LB 0x005ed000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10624e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10634e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10644e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10654e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10664e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10674e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10684e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10694e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10704e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10724e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10734e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10744e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10754e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10764e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10774e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10784e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10794e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10804e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10814e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10824e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10834e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10844e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10854e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10864e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10874e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10884e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10894e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10904e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10914e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10924e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10934e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10944e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10954e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10964e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10974e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10984e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10994e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11004e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11014e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11024e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11034e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11044e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11054e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11064e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11074e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11084e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11094e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11104e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11114e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11124e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11134e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11144e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11154e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11164e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11174e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11184e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11194e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11204e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11214e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11224e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11234e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11244e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11254e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11264e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11274e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11284e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11294e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11304e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11314e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11324e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11334e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11344e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11354e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11364e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11374e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11384e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11394e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11404e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11414e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11424e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11434e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11454e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11464e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11474e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11484e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11494e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11504e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11514e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11524e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11534e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11544e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11554e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11564e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11574e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11584e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11594e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11604e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11614e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11624e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11634e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11644e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11654e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11664e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11674e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11684e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11704e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11724e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11734e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11744e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11754e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11764e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11774e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11784e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11794e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11804e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11814e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11824e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11834e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11844e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11854e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11864e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11874e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11884e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11894e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11904e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11914e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11924e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11944e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11954e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11964e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11974e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11984e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11994e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12004e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12014e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12024e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12034e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12044e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12054e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12064e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12074e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12084e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12094e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12104e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12114e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12124e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12134e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12144e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12154e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12164e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12174e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12184e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12194e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12204e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12214e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12224e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12234e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12244e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12254e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12274e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12284e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12294e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12304e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12314e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12324e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12334e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12344e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12354e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12364e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12374e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12384e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12394e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd99220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12404e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12414e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
12424e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
12434e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\system32\Wintrust.dll'
12454e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12464e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12474e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12484e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12494e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12504e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12514e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\system32\crypt32.dll'
12524e24.4e04: SUPR3HardenedMain: Load TrustedMain...
12534e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12544e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12554e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
12564e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12574e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12584e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12594e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12604e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12614e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12624e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12634e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12644e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12654e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12664e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12674e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12684e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12694e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12704e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12714e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12724e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12734e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12744e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
12754e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
12764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12774e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12784e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12794e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12804e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12814e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12824e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12834e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12844e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12854e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
12864e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
12874e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12884e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12894e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12904e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12914e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12924e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12934e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12944e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12954e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
12964e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12974e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
12984e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
12994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13014e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
13024e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
13034e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13044e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13054e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13064e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13074e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13084e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13094e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
13104e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
13114e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
13124e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
13134e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
13144e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13154e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13174e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13184e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13194e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13204e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13214e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13224e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13234e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
13244e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13254e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
13264e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13274e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13284e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13294e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13304e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13314e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
13324e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13334e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13384e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
13394e24.4e04: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
13404e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
13414e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
13424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13444e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13454e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13464e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13474e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13484e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13494e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
13504e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13514e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
13524e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
13534e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13544e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13554e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13564e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13574e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13584e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13594e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13604e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13614e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13624e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13634e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13644e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13654e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13664e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13674e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13684e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13694e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13704e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13714e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13724e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13734e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13744e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13754e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13764e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13774e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13784e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13794e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13804e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13814e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13824e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13834e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13844e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13854e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13864e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13874e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13884e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13894e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13904e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13914e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13924e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13934e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13944e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13954e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13964e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13974e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13984e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14004e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14014e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14024e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14034e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14044e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14054e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14064e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14074e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14084e24.4e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14094e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14104e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14114e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14124e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14134e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14144e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14154e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14174e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14184e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
14194e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14204e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
14214e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
14224e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
14234e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14244e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14254e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14264e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14274e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14284e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14294e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14304e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14324e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14334e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14354e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14384e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14394e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14404e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14414e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14444e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14454e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14464e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14474e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14484e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14494e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14504e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14514e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14524e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14534e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
14544e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14554e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14564e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14574e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14584e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14594e24.4e04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
14604e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14614e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14624e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14634e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14644e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14654e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14664e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14674e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14684e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14694e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14704e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14714e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14724e24.4e04: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
14734e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
14744e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
14754e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14774e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14784e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14794e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14804e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14814e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14834e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14844e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14864e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14874e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14884e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14894e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14904e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14914e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14924e24.4e04: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
14934e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14944e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14954e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14964e24.4e04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
14974e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
14984e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15004e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15024e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15034e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15044e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15054e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15064e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15074e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15084e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15094e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15104e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15114e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15124e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15134e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15144e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15154e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15174e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15184e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
15194e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15204e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15214e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15224e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15234e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15244e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15254e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15264e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15274e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15284e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15294e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15304e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15314e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15324e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15334e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15344e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15354e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15364e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15384e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15394e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15404e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15414e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15424e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15444e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15454e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15464e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15474e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15484e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15494e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15504e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15514e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15524e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15534e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15544e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15554e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15564e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15574e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15584e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15594e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15604e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15614e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15624e24.4e04: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15634e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15644e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15654e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15664e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15674e24.4e04: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15684e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15694e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15704e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15714e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15724e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15734e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15744e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15754e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15774e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15784e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15794e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15804e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15814e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15824e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15834e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15844e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15854e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15864e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15874e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15884e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15894e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
15904e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
15914e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15924e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15934e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15944e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
15954e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
15964e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
15974e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59116339FF1B29B4A343FCBB3B064353F8B9655
15984e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16024e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16034e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16044e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16054e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16074e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16084e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16094e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16104e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16114e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16124e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16134e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16144e24.4e04: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16154e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16174e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16184e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16194e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16204e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16214e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16224e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16234e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16244e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
16264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
16274e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16284e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16294e24.4e04: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16304e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16314e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16324e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16334e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16344e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16354e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16364e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16374e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16384e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16394e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16404e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16414e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18690000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
16424e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16434e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18cd0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
16444e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16454e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18d70000 LB 0x0010a000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
16464e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16474e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16484e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16494e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16504e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
16514e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
16524e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1a190000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
16534e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16544e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19ff0000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
16554e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16564e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe191e0000 LB 0x00354000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
16574e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16584e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdf19d0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16594e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16604e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdc6b70000 LB 0x0015c000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16614e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16624e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19720000 LB 0x00731000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
16634e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16644e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19e60000 LB 0x00129000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
16654e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16664e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe11bf0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
16674e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16684e24.4e04: supR3HardenedDllNotificationCallback: load 00000000592a0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
16694e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16704e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffd95fc0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
16714e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16724e24.4e04: supR3HardenedDllNotificationCallback: load 0000000058830000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
16734e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16744e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1ad00000 LB 0x000d5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
16754e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16764e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffd96c00000 LB 0x02614000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
16774e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16784e24.4e04: supR3HardenedDllNotificationCallback: load 0000000059fa0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
16794e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16804e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0c200000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16814e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16824e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdc46e0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
16834e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16844e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16854e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16864e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16874e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16884e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16894e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16904e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16914e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16924e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16944e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16954e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16964e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16974e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16984e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16994e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17004e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17014e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17024e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17034e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17044e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17054e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17074e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17084e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17094e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
17104e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17114e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17124e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17134e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17144e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
17154e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17174e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17184e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17194e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
17204e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17214e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17224e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17234e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17244e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17254e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
17274e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17284e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17294e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17304e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17314e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17324e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17334e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17344e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17354e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17364e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17374e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17384e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17394e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17404e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17414e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17424e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17434e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17444e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17454e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17464e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17474e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17484e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17494e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17504e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17514e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17524e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17534e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17544e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17554e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17564e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17574e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17584e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17594e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17604e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17614e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17624e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17634e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17644e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17654e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17664e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17674e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17684e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-string-l1-1-0'
17704e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17724e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17734e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17744e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17754e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17764e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17774e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17784e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17794e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17804e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17814e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17824e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17834e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17844e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17854e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17864e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17874e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17884e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17894e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17904e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17914e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17924e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17944e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17954e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17964e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17974e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17984e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17994e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18004e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18014e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18024e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18034e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18044e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18054e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18064e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18074e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18084e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18094e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18104e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
18114e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18124e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-datetime-l1-1-1'
18134e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18144e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18154e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18164e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18174e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18184e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18194e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18204e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18214e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18224e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18234e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18244e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18254e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18264e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18274e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18284e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18294e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18304e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18314e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18324e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18334e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18344e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18354e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18364e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18374e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18384e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18394e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18404e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18414e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18424e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18434e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18444e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18454e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18464e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18474e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18484e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18494e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18504e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18514e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18524e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18534e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18544e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18554e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-obsolete-l1-2-0'
18564e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18574e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18584e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18594e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18604e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18614e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18624e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18634e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18644e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18654e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18664e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18674e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18684e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18694e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18704e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18724e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18734e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18744e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18754e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18764e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18774e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18784e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18794e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18804e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18814e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18824e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18834e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18844e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18854e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18864e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18874e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18884e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18894e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18904e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18914e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18924e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18944e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18954e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18964e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18974e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
18984e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
18994e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
19004e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
19014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19024e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19034e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19044e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19054e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
19064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19074e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19084e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
19094e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19104e24.4e04: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
19114e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19124e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe196f0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
19134e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19144e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe196f0000 'C:\WINDOWS\system32\IMM32.DLL'
19154e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19164e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19174e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19184e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19194e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19204e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19214e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19224e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19234e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19244e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19254e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19264e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19274e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19284e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19294e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19304e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19314e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19324e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19334e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19344e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19354e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19364e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19374e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19384e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19394e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19404e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19414e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19424e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19434e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19444e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19454e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19464e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19474e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19484e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19494e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19504e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19514e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19524e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19534e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19544e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19554e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19564e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19574e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19584e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19594e24.4e04: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
19604e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
19614e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19624e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19634e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19644e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19654e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19664e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19674e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19684e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19694e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19704e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19714e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19724e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19734e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19744e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19754e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19764e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19774e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19784e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19794e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19804e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19814e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19824e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19834e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19844e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19854e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\System32\ADVAPI32.DLL'
19864e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19874e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19884e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19894e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19904e24.4e04: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19914e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19924e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19944e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19954e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19964e24.4e04: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19974e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19984e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19994e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
20004e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
20014e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
20024e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
20034e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
20044e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
20054e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
20064e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
20074e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
20084e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc46e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
20094e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20104e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20114e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
20124e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20134e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20144e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
20154e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
20164e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
20174e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
20184e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=963449C047676DA4B69F8A6EE574773FF48118F8
20194e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20214e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
20224e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20234e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
20244e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20264e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
20274e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20284e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20294e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
20304e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20314e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
20324e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20334e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20344e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
20354e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20364e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20374e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
20384e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20394e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20404e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
20414e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20424e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20434e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
20444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20454e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20464e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
20474e24.4e04: SUPR3HardenedMain: Calling TrustedMain (00007ffdc46e16c0)...
20484e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
20494e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
20504e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
20514e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
20524e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
20534e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20544e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
20554e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
20564e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe17f70000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
20574e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
20584e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe16510000 LB 0x0078a000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
20594e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
20604e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1abd0000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
20614e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20624e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
20634e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
20644e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20654e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19690000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
20664e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20674e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
20684e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
20694e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20704e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20714e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20724e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20734e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20744e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20754e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20774e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20784e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20794e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
20804e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
20814e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
20824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20834e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20844e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
20854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20864e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20874e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20884e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20894e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20904e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
20914e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20924e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
20944e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20954e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20964e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
20974e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20984e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20994e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
21004e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21014e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21024e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
21034e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
21044e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
21054e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
21064e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21074e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
21084e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
21094e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
21104e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
21114e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
21124e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
21134e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21144e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21154e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21164e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21174e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21184e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21194e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21204e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21214e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21224e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21234e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21244e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
21254e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21264e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21274e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21284e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21294e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21304e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21324e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21334e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21364e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
21374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21384e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21394e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21404e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21414e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21444e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21454e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21464e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdc6d20000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
21474e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21484e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6d20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
21494e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
21504e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
21514e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
21524e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
21534e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe16fb0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
21544e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
21554e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21564e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21574e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21584e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21594e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21604e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
21614e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
21624e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000684 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21634e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
21644e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
21654e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=008FC60BD6BD131F2BA2F8399DCDDB004781856F
21664e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21674e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
21684e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
21694e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21704e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21714e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
21724e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
21734e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
21744e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21754e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21774e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21784e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21794e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21804e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21814e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21824e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21834e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe15e30000 LB 0x0009f000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
21844e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21854e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15e30000 'C:\WINDOWS\system32\uxtheme.dll'
21864e24.4e04: \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Owner is administrators group.
21874e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21884e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'userenv.dll'.
21894e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
21904e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21914e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
21924e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
21934e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
21944e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
21954e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
21964e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
21974e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
21984e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll) WinVerifyTrust
21994e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
22004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
22014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
22024e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006b4 pwszName=\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
22034e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
22044e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
22054e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3034B43023697EC11C2CC7A826C7023D130AF0F
22064e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
22074e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22084e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22094e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22104e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll'
22114e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22124e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22134e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
22144e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
22154e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll) WinVerifyTrust
22164e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
22174e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22184e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22194e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
22204e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22214e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22224e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22234e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22244e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22254e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
22264e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22274e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22284e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22294e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22304e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22314e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
22324e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22334e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
22374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
22384e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22394e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22404e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22414e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22434e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22454e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22464e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22474e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
22484e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22494e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
22504e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
22514e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22524e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22534e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22544e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22554e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22564e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
22574e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
22584e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22594e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22604e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22614e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
22624e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
22634e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22644e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22654e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
22664e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
22674e24.4e04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll)
22684e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll
22694e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe18550000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
22704e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
22714e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe125a0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
22724e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22734e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe096f0000 LB 0x001a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\gdiplus.dll [fFlags=0x0]
22744e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll [avoiding WinVerifyTrust]
22754e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffdc3420000 LB 0x00153000 C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [fFlags=0x0]
22764e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
22774e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3420000 'C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll'
22784e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000063c pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll
22794e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
22804e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
22814e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3034B43023697EC11C2CC7A826C7023D130AF0F
22824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22834e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22844e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22864e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
22874e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22884e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22894e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22904e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22914e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll'
22924e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22934e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll'
22944e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'C:\WINDOWS\system32\user32.dll'
22954e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22964e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22974e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
22984e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22994e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23004e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1abd0000 'C:\WINDOWS\system32\SHCore.dll'
23014e24.4e04: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
23024e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
23034e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
23044e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23054e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\system32\winmm.dll'
23064e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
23074e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23084e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\system32\winmm.dll'
23094e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
23104e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23114e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
23124e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23134e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23144e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15e30000 'C:\WINDOWS\system32\uxtheme.dll'
23154e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23164e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23174e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\system32\advapi32.dll'
23184e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
23194e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18550000 'C:\WINDOWS\system32\userenv.dll'
23214e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
23224e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23234e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
23244e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe19040000 LB 0x000a8000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
23254e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23264e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
23274e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
23284e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23294e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23304e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23314e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23324e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23334e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
23344e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23354e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
23364e24.2fb4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
23374e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23384e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23394e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23404e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23414e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23424e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23434e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23444e24.2fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
23454e24.2fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23464e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23474e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23484e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23494e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23504e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23514e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23524e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23534e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23544e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23554e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23564e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23574e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23584e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23594e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
23604e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23614e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23624e24.2fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23634e24.2fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23644e24.2fb4: supR3HardenedDllNotificationCallback: load 00007ffdc3e10000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23654e24.2fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23664e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23674e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23684e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23694e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23704e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23714e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
23724e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23734e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23744e24.2fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23754e24.2fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
23764e24.2fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23774e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23784e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23794e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23804e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23814e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23824e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23834e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23844e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23854e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23864e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23874e24.2fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
23884e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23894e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23904e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23914e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23924e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23934e24.2fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23944e24.2fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23954e24.2fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23964e24.2fb4: supR3HardenedDllNotificationCallback: load 00007ffdc4520000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
23974e24.2fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23984e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc4520000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
23994e24.2fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24004e24.2fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24014e24.2fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ad00000 'C:\Windows\System32\oleaut32.dll'
24024e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a190000 'C:\WINDOWS\system32\gdi32.dll'
24034e24.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24044e24.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24054e24.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24064e24.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24074e24.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24084e24.1700: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
24094e24.1700: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24104e24.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24114e24.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24124e24.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24134e24.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24144e24.1700: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24154e24.1700: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24164e24.1700: supR3HardenedDllNotificationCallback: load 00007ffdf2a50000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
24174e24.1700: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24184e24.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
24194e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24204e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24214e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
24224e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe1a6f0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
24234e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24244e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
24254e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
24264e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
24274e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
24284e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
24294e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
24304e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24324e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
24334e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24354e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
24364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24374e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24384e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24394e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24404e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24414e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24424e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24434e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24454e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
24464e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000850 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24474e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
24484e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
24494e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60362572FA6AF1A9FE25C7CF141D4B6757457357
24504e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24514e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24524e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
24534e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24544e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24554e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
24564e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
24574e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
24584e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24594e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
24604e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
24614e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24624e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24634e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
24644e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
24654e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
24664e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
24674e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
24684e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
24694e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
24704e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
24714e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
24724e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24734e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24744e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
24754e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24764e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24774e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24784e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
24794e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
24804e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
24814e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
24824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24834e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24844e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24864e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
24874e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
24884e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
24894e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24904e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24914e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24924e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
24934e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
24944e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
24954e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24964e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24974e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24984e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24994e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
25004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25024e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25034e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25044e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25054e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25064e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
25074e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe170f0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
25084e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
25094e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe14cf0000 LB 0x00263000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
25104e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25114e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe14f60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
25124e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25134e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffde6970000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
25144e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25154e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a190000 'C:\WINDOWS\System32\gdi32.dll'
25164e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6970000 'C:\WINDOWS\system32\dataexchange.dll'
25174e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
25184e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
25194e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
25204e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
25214e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
25224e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0b4b0000 LB 0x00202000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
25234e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
25244e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
25254e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
25264e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
25274e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25284e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25294e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25304e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25314e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25324e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
25334e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
25344e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
25354e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
25364e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25374e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25384e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1abd0000 'C:\WINDOWS\system32\Shcore.dll'
25394e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25404e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
25414e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
25424e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
25434e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
25444e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
25454e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
25464e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25474e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
25484e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
25494e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
25504e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
25514e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
25524e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25534e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
25544e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
25554e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
25564e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
25574e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
25584e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
25594e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
25604e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
25614e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
25624e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
25634e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe173c0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
25644e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
25654e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe15bb0000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
25664e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
25674e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe154d0000 LB 0x00156000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
25684e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
25694e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe15850000 LB 0x0035a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
25704e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
25714e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0ee50000 LB 0x000fc000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
25724e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
25734e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
25744e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
25754e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
25764e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25774e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25784e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25794e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25804e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25814e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25834e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25844e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25864e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
25874e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
25884e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25894e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25904e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25914e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25924e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25934e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25944e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25954e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25964e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25974e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25984e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
26004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
26014e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
26024e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26034e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26044e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26054e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26074e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26084e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26094e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26104e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
26114e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26124e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26134e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
26144e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26154e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
26164e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26174e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26184e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
26194e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26214e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
26224e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26234e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26244e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
26254e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
26264e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26274e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
26284e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
26294e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26304e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
26314e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
26324e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26334e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe191e0000 'api-ms-win-core-com-l1-1-0.dll'
26344e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19e60000 'C:\WINDOWS\system32\ole32.dll'
26354e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
26364e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26374e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a6f0000 'C:\WINDOWS\System32\MSCTF.dll'
26384e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26394e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26404e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26414e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
26424e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
26434e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
26444e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
26454e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
26464e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26474e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26484e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26494e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26504e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26514e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26524e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26534e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26544e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26554e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
26564e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe16040000 LB 0x0002e000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
26574e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
26584e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16040000 'C:\WINDOWS\system32\dwmapi.dll'
26594e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
26604e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26614e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15e30000 'C:\WINDOWS\system32\uxtheme.dll'
26624e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26634e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextShaping.dll)
26644e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextShaping.dll
26654e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffde1980000 LB 0x000ae000 C:\WINDOWS\SYSTEM32\TextShaping.dll [fFlags=0x0]
26664e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextShaping.dll [avoiding WinVerifyTrust]
26674e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26684e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26704e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26714e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextShaping.dll'
26724e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
26734e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26744e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16040000 'C:\WINDOWS\SYSTEM32\dwmapi.dll'
26754e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19e60000 'C:\WINDOWS\System32\ole32.dll'
26764e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ad00000 'C:\WINDOWS\System32\OLEAUT32.dll'
26774e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009b4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26784e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
26794e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
26804e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46BE18D02EFADA6E2F926AE4B4C307765628F960
26814e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26824e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26834e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
26844e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26854e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26864e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
26874e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
26884e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
26894e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26904e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26914e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26924e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26934e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
26944e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
26954e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EE8CE12BD1BE2D5C631FB945E56CB8B6B41928B
26964e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26974e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26984e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
26994e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27004e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27014e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
27024e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
27034e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27044e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27054e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
27064e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27074e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27084e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27094e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27104e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27114e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
27124e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
27134e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe11ef0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
27144e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
27154e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe11520000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
27164e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
27174e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
27184e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27194e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
27204e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11520000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
27214e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27224e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
27234e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
27244e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC2897B72ED5F23C46FCCABE8804053C8A2F56D
27254e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27264e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27274e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
27284e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27294e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27304e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
27314e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
27324e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27334e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27344e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27354e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27364e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27374e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27384e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27394e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe10230000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
27404e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27414e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10230000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
27424e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
27434e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27444e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-0.dll'
27454e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
27464e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27474e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
27484e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b98 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27494e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
27504e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
27514e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97DB456414A6404D40FC68397CEC149031102AB1
27524e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27534e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27544e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
27554e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27564e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27574e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
27584e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
27594e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27604e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
27614e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
27624e24.4e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
27634e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27644e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27654e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27664e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27674e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe10300000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
27684e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27694e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10300000 'C:\WINDOWS\system32\wbem\fastprox.dll'
27704e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
27714e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
27724e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
27734e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5EADECC72051B192313442AC435D4D342659B45
27744e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27754e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27764e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
27774e24.4e04: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27784e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27794e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
27804e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
27814e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
27824e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27834e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27844e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27854e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27864e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27874e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
27884e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0ff10000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
27894e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
27904e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0ff10000 'C:\WINDOWS\System32\amsi.dll'
27914e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27924e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27934e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
27944e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
27954e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
27964e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll) WinVerifyTrust
27974e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
27984e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27994e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28004e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28014e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28024e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28034e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28044e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28054e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
28064e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0fe80000 LB 0x00046000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll [fFlags=0x0]
28074e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
28084e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
28094e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28104e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
28114e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
28124e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28134e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
28144e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
28154e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28164e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
28174e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
28184e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28194e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
28204e24.4e04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
28214e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28224e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-1'
28234e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
28244e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28254e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
28264e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
28274e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28284e24.4e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28294e24.4e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28304e24.4e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
28314e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe11640000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
28324e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
28334e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11640000 'C:\WINDOWS\system32\version.dll'
28344e24.4e04: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
28354e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
28364e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0fe80000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll'
28374e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28384e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28394e24.4e04: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
28404e24.4e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\System32\ADVAPI32.dll'
28414e24.222c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28424e24.222c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28434e24.222c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28444e24.222c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
28454e24.222c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28464e24.222c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28474e24.222c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28484e24.222c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28494e24.222c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28504e24.222c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28514e24.222c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28524e24.222c: supR3HardenedDllNotificationCallback: load 00007ffd94400000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
28534e24.222c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28544e24.222c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd94400000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28554e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28564e24.3f5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28574e24.3f5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28584e24.3f5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28594e24.3f5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
28604e24.3f5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
28614e24.3f5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28624e24.3f5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
28634e24.3f5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28644e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28654e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28664e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28674e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28684e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28694e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28704e24.3f5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28714e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28724e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28734e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28744e24.3f5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28754e24.3f5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28764e24.3f5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28774e24.3f5c: supR3HardenedDllNotificationCallback: load 00007ffde4090000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
28784e24.3f5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28794e24.3f5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde4090000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
28804e24.2258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28814e24.2258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28824e24.2258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28834e24.2258: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28844e24.2258: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
28854e24.2258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28864e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28874e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28884e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28894e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28904e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28914e24.2258: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28924e24.2258: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
28934e24.2258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28944e24.2258: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28954e24.2258: supR3HardenedDllNotificationCallback: load 00007ffde14b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
28964e24.2258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28974e24.2258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde14b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28984e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\Shell32.dll'
28994e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29004e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29014e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd94400000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29024e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29034e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29044e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29054e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29064e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29074e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
29084e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
29094e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29104e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29114e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29124e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29134e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29144e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29154e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29164e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29174e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29184e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29194e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29204e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29214e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29224e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcb700000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29234e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29244e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcb700000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
29254e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcb700000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
29264e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d64 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
29274e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
29284e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
29294e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8401D407AEA23766BB4FE6F0EB51772C5540EF0D
29304e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29314e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29324e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
29334e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29344e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
29354e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
29364e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
29374e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
29384e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
29394e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29404e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29414e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
29424e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
29434e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29444e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
29454e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
29464e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe11e00000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
29474e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
29484e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcb720000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
29494e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
29504e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcb720000 'C:\WINDOWS\system32\WinHvPlatform.dll'
29514e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
29524e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29534e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11e00000 'C:\WINDOWS\system32\vid.dll'
29544e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29554e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29564e24.37b4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
29574e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
29584e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29594e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29604e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1af50000 'C:\WINDOWS\system32\NTDLL.DLL'
29614e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29624e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29634e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29644e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29654e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29664e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
29674e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
29684e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29694e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29704e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29714e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29724e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29734e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
29744e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
29754e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29764e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29774e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29784e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29794e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
29804e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
29814e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29824e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29834e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29844e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29854e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
29864e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29874e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29884e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29894e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29904e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29914e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
29924e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
29934e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
29944e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
29954e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
29964e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29974e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29984e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
29994e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
30004e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
30014e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
30024e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
30034e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30044e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30054e24.37b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
30064e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
30074e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
30084e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30094e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30104e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30114e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30124e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
30134e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30144e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30154e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30164e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
30174e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30184e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
30194e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
30204e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30214e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30224e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30234e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30244e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30254e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30264e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30274e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30284e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
30294e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
30304e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
30314e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30324e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30334e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30344e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30354e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30364e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30374e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30384e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30394e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30404e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30414e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30424e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30434e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30444e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30454e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30464e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30474e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30484e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30494e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30504e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30514e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
30524e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30534e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30544e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
30554e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe18b20000 LB 0x0004d000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
30564e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
30574e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe1a1c0000 LB 0x00467000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
30584e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30594e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcb900000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
30604e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30614e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffd92be0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
30624e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30634e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe17a70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
30644e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
30654e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffd93440000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
30664e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
30674e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd93440000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
30684e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30694e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
30704e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
30714e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30724e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30734e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30744e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30754e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdc6b20000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30764e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30774e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6b20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
30784e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30794e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
30804e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30814e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
30824e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30834e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30844e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30854e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd92be0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
30864e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30874e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30884e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30894e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30904e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
30914e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
30924e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30934e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30944e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30954e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30964e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30974e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
30984e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcf9e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
30994e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31004e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcf9e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
31014e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31024e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31034e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31044e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31054e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
31064e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31074e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31084e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31094e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31104e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31114e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31124e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31134e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcc860000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
31144e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31154e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc860000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
31164e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31174e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31184e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31194e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31204e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
31214e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31224e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31234e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31244e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31254e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31264e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31274e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31284e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcc120000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
31294e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31304e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc120000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
31314e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31324e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31334e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31344e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31354e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
31364e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31374e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31384e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31394e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31404e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31414e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31424e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31434e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdcbf20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
31444e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31454e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbf20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
31464e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31474e24.2f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31484e24.2f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31494e24.2f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31504e24.2f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31514e24.2f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
31524e24.2f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31534e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31544e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31554e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31564e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31574e24.2f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31584e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31594e24.2f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31604e24.2f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31614e24.2f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31624e24.2f0c: supR3HardenedDllNotificationCallback: load 00007ffdcbc70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
31634e24.2f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31644e24.2f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbc70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
31654e24.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31664e24.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31674e24.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31684e24.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
31694e24.5678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
31704e24.5678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
31714e24.5678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31724e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31734e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31744e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31754e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31764e24.5678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31774e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31784e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31794e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31804e24.5678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31814e24.5678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31824e24.5678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31834e24.5678: supR3HardenedDllNotificationCallback: load 00007ffde14a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
31844e24.5678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31854e24.5678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde14a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
31864e24.4524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31874e24.4524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31884e24.4524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31894e24.4524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31904e24.4524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
31914e24.4524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31924e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31934e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31944e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31954e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31964e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31974e24.4524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31984e24.4524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31994e24.4524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32004e24.4524: supR3HardenedDllNotificationCallback: load 00007ffdcf8c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32014e24.4524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32024e24.4524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcf8c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32034e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32044e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32054e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32064e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32074e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
32084e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32094e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32104e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32114e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32124e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32134e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32144e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32154e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe125f0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
32164e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32174e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe125f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
32184e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
32194e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32204e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17a70000 'C:\WINDOWS\system32\Iphlpapi.dll'
32214e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32224e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
32234e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
32244e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
32254e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe1acf0000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
32264e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
32274e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
32284e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe11cd0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
32294e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
32304e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32314e24.37b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
32324e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
32334e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe117a0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
32344e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
32354e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32364e24.37b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
32374e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
32384e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe11780000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
32394e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
32404e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
32414e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
32424e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe17ab0000 LB 0x000ca000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
32434e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
32444e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32454e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32464e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32474e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32484e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32494e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32504e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
32514e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32524e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32534e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32544e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32554e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
32564e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001034 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
32574e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
32584e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
32594e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79BF2453BDEEBB334E2AD6935E3330FBF5D59D03
32604e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32614e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32624e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
32634e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32644e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
32654e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000102c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
32664e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
32674e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
32684e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=653C5E0C6E935EF0939CBEE488076FAF3867E603
32694e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
32704e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32714e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32724e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32734e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
32744e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32754e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
32764e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32774e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32784e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
32794e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32804e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32814e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
32824e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32834e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32844e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
32854e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
32864e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
32874e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
32884e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
32894e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
32904e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
32914e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32924e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
32934e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
32944e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
32954e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
32964e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32974e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32984e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
32994e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
33004e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
33014e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33024e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33034e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
33044e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33054e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33064e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
33074e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe18380000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
33084e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
33094e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe10780000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
33104e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33114e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10780000 'C:\WINDOWS\System32\MMDevApi.dll'
33124e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001128 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
33134e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
33144e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
33154e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
33164e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
33174e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
33184e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.172.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
33194e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33204e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33214e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
33224e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
33234e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33244e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33254e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33264e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
33274e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
33284e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
33294e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
33304e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33314e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
33324e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
33334e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe18500000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
33344e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
33354e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdd5100000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
33364e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
33374e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdc7db0000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
33384e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
33394e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
33404e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
33414e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe184e0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
33424e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
33434e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
33444e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
33454e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
33464e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
33474e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
33484e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
33494e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
33504e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33514e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33524e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33534e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33544e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33554e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc7db0000 'C:\WINDOWS\System32\dsound.dll'
33564e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
33574e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
33584e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
33594e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
33604e24.37b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
33614e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
33624e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc7db0000 'C:\WINDOWS\System32\dsound.dll'
33634e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
33644e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
33654e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
33664e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
33674e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
33684e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
33694e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
33704e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
33714e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
33724e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
33734e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33744e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc7db0000 'C:\WINDOWS\system32\dsound.dll'
33754e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33764e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33774e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10780000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
33784e24.268c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
33794e24.268c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
33804e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
33814e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
33824e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
33834e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
33844e24.268c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
33854e24.268c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
33864e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33874e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33884e24.268c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33894e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33904e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33914e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33924e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33934e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
33944e24.268c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
33954e24.268c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
33964e24.268c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33974e24.268c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
33984e24.268c: supR3HardenedDllNotificationCallback: load 00007ffde49e0000 LB 0x00180000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
33994e24.268c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
34004e24.268c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde49e0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
34014e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34024e24.268c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
34034e24.268c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
34044e24.268c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
34054e24.268c: supR3HardenedDllNotificationCallback: load 00007ffe15f50000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
34064e24.268c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
34074e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34084e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34094e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34104e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34114e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
34124e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
34134e24.37b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
34144e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
34154e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34164e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
34174e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000126c pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34184e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
34194e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
34204e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
34214e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
34224e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
34234e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.172.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
34244e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34254e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34264e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
34274e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
34284e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
34294e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
34304e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34314e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
34324e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
34334e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
34344e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
34354e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
34364e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
34374e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
34384e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
34394e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
34404e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
34414e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34424e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
34434e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
34444e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34454e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34464e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
34474e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34484e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34494e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34504e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34514e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34524e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34534e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
34544e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
34554e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdf2e30000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
34564e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
34574e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe0be80000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
34584e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
34594e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdec060000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
34604e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34614e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34624e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34634e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34644e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34654e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34664e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34674e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34684e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34694e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34704e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34714e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34724e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34734e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34744e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34754e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34764e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34774e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34784e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34794e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34804e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34814e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34824e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34834e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34844e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34854e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34864e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34874e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
34884e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34894e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34904e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34914e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34924e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34934e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34944e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34954e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34964e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34974e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34984e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
34994e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35004e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35014e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35024e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35034e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35044e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35054e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
35064e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35074e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35084e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35094e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35104e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35114e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec060000 'C:\WINDOWS\System32\wdmaud.drv'
35124e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001238 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
35134e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
35144e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
35154e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F52C3491362A84195D0F4029118265BEC5420E41
35164e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
35174e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
35184e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.172.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
35194e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35204e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35214e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
35224e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
35234e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
35244e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35254e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
35264e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
35274e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
35284e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
35294e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35304e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
35314e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
35324e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35334e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35344e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35354e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35364e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35374e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35384e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35394e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35404e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35414e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
35424e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffdb8cd0000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
35434e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
35444e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe0f310000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
35454e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35464e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35474e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35484e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35494e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35504e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35514e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35524e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35534e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35544e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35554e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35564e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35574e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35584e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35594e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35604e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35614e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35624e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
35634e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35644e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35654e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35664e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35674e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f310000 'C:\WINDOWS\System32\msacm32.drv'
35684e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001294 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
35694e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000174ada0
35704e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000174ada0
35714e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=379C5E7D3810A2A2921A90444E90F305F8AF3962
35724e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
35734e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
35744e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.172.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
35754e24.37b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35764e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35774e24.37b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
35784e24.37b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
35794e24.37b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
35804e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
35814e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
35824e24.37b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
35834e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35844e24.37b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35854e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35864e24.37b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
35874e24.37b4: supR3HardenedDllNotificationCallback: load 00007ffe0f180000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
35884e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
35894e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f180000 'C:\WINDOWS\System32\midimap.dll'
35904e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
35914e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35924e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f180000 'C:\WINDOWS\System32\midimap.dll'
35934e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
35944e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35954e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f180000 'C:\WINDOWS\System32\midimap.dll'
35964e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
35974e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35984e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f180000 'C:\WINDOWS\System32\midimap.dll'
35994e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
36004e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36014e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36024e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
36034e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36044e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36054e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36064e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36074e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36084e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36094e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36104e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36114e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36124e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
36134e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36144e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36154e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36164e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36174e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36184e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36194e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36204e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36214e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36224e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36234e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36244e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36254e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36264e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36274e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36284e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36294e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36304e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
36314e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36324e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc7db0000 'C:\WINDOWS\system32\dsound.dll'
36334e24.37b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
36344e24.37b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36354e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36364e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36374e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36384e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36394e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36404e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36414e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36424e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36434e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36444e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\System32\winmm.dll'
36454e24.37b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
36464e24.2c24: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
36474e24.2c24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
36484e24.2c24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
36494e24.2c24: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013d8 (hFile=00000000000013f8) with 0xc0000022 -> STATUS_TRUST_FAILURE
36504e24.2c24: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
36514e24.2c24: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001b0 (hFile=00000000000001b4) with 0xc0000022 -> STATUS_TRUST_FAILURE
36524e24.4524: supR3HardenedDllNotificationCallback: Unload 00007ffdcf8c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
36534e24.5678: supR3HardenedDllNotificationCallback: Unload 00007ffde14a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
36544e24.2f0c: supR3HardenedDllNotificationCallback: Unload 00007ffdcbc70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
36554e24.2258: supR3HardenedDllNotificationCallback: Unload 00007ffde14b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
36564e24.3f5c: supR3HardenedDllNotificationCallback: Unload 00007ffde4090000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
36574e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbf20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
36584e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcc120000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
36594e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcc860000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
36604e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcf9e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
36614e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdc6b20000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
36624e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffd93440000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
36634e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffdcb900000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
36644e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffd92be0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
36654e24.37b4: supR3HardenedDllNotificationCallback: Unload 00007ffe1a1c0000 LB 0x00467000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
36664e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffdf2a50000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
36674e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe10230000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
36684e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffde6970000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
36694e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
36704e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
36714e24.4e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
36724e24.4e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
36734e24.4e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
36744e24.4e04: supR3HardenedDllNotificationCallback: load 00007ffe0ed30000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
36754e24.4e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
36764e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe14cf0000 LB 0x00263000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
36774e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe170f0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
36784e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe14f60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
36794e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe0b4b0000 LB 0x00202000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
36804e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe10300000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
36814e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffdc4520000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
36824e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe11520000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
36834e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffe11ef0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
36844e24.4e04: supR3HardenedDllNotificationCallback: Unload 00007ffdc3e10000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
36854e24.4e04: Terminating the normal way: rcExit=0
36865734.4570: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 710196 ms, the end);
36874b70.54b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 710946 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy