VirtualBox

Ticket #19456: VBoxHardening.log

File VBoxHardening.log, 392.5 KB (added by yorickdowne, 4 years ago)
Line 
132f8.6bc: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6100
232f8.6bc: \SystemRoot\System32\ntdll.dll:
332f8.6bc: CreationTime: 2020-03-14T03:02:43.275222700Z
432f8.6bc: LastWriteTime: 2020-03-14T03:02:43.306236000Z
532f8.6bc: ChangeTime: 2020-03-27T13:43:11.521001300Z
632f8.6bc: FileAttributes: 0x20
732f8.6bc: Size: 0x1ed2e8
832f8.6bc: NT Headers: 0xe8
932f8.6bc: Timestamp: 0x74437382
1032f8.6bc: Machine: 0x8664 - amd64
1132f8.6bc: Timestamp: 0x74437382
1232f8.6bc: Image Version: 10.0
1332f8.6bc: SizeOfImage: 0x1f4000 (2048000)
1432f8.6bc: Resource Dir: 0x183000 LB 0x6fd28
1532f8.6bc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1632f8.6bc: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1732f8.6bc: ProductName: Microsoft® Windows® Operating System
1832f8.6bc: ProductVersion: 10.0.19041.153
1932f8.6bc: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
2032f8.6bc: FileDescription: NT Layer DLL
2132f8.6bc: \SystemRoot\System32\kernel32.dll:
2232f8.6bc: CreationTime: 2019-12-07T09:08:19.659069000Z
2332f8.6bc: LastWriteTime: 2019-12-07T09:08:19.659069000Z
2432f8.6bc: ChangeTime: 2020-03-27T13:43:11.228000700Z
2532f8.6bc: FileAttributes: 0x20
2632f8.6bc: Size: 0xbaa28
2732f8.6bc: NT Headers: 0xf0
2832f8.6bc: Timestamp: 0xa977190b
2932f8.6bc: Machine: 0x8664 - amd64
3032f8.6bc: Timestamp: 0xa977190b
3132f8.6bc: Image Version: 10.0
3232f8.6bc: SizeOfImage: 0xbd000 (774144)
3332f8.6bc: Resource Dir: 0xbb000 LB 0x520
3432f8.6bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3532f8.6bc: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3632f8.6bc: ProductName: Microsoft® Windows® Operating System
3732f8.6bc: ProductVersion: 10.0.19041.1
3832f8.6bc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3932f8.6bc: FileDescription: Windows NT BASE API Client DLL
4032f8.6bc: \SystemRoot\System32\KernelBase.dll:
4132f8.6bc: CreationTime: 2020-03-14T03:02:43.692221900Z
4232f8.6bc: LastWriteTime: 2020-03-14T03:02:43.739239000Z
4332f8.6bc: ChangeTime: 2020-03-27T13:43:11.520001000Z
4432f8.6bc: FileAttributes: 0x20
4532f8.6bc: Size: 0x2c8a18
4632f8.6bc: NT Headers: 0x100
4732f8.6bc: Timestamp: 0x64f228e4
4832f8.6bc: Machine: 0x8664 - amd64
4932f8.6bc: Timestamp: 0x64f228e4
5032f8.6bc: Image Version: 10.0
5132f8.6bc: SizeOfImage: 0x2c7000 (2912256)
5232f8.6bc: Resource Dir: 0x29e000 LB 0x548
5332f8.6bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5432f8.6bc: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5532f8.6bc: ProductName: Microsoft® Windows® Operating System
5632f8.6bc: ProductVersion: 10.0.19041.153
5732f8.6bc: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
5832f8.6bc: FileDescription: Windows NT BASE API Client DLL
5932f8.6bc: \SystemRoot\System32\apisetschema.dll:
6032f8.6bc: CreationTime: 2019-12-07T09:08:13.518339400Z
6132f8.6bc: LastWriteTime: 2019-12-07T09:08:13.518339400Z
6232f8.6bc: ChangeTime: 2020-03-27T13:43:11.135999700Z
6332f8.6bc: FileAttributes: 0x20
6432f8.6bc: Size: 0x1f538
6532f8.6bc: NT Headers: 0xd0
6632f8.6bc: Timestamp: 0x31288ce0
6732f8.6bc: Machine: 0x8664 - amd64
6832f8.6bc: Timestamp: 0x31288ce0
6932f8.6bc: Image Version: 10.0
7032f8.6bc: SizeOfImage: 0x20000 (131072)
7132f8.6bc: Resource Dir: 0x1f000 LB 0x408
7232f8.6bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7332f8.6bc: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7432f8.6bc: ProductName: Microsoft® Windows® Operating System
7532f8.6bc: ProductVersion: 10.0.19041.1
7632f8.6bc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7732f8.6bc: FileDescription: ApiSet Schema DLL
7832f8.6bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7932f8.6bc: supR3HardenedWinFindAdversaries: 0x2
8032f8.6bc: \SystemRoot\System32\drivers\symevent64x86.sys:
8132f8.6bc: CreationTime: 2013-02-25T14:25:28.206442500Z
8232f8.6bc: LastWriteTime: 2013-11-28T05:30:50.145748300Z
8332f8.6bc: ChangeTime: 2020-01-31T17:39:40.688592600Z
8432f8.6bc: FileAttributes: 0x2020
8532f8.6bc: Size: 0x2b658
8632f8.6bc: NT Headers: 0xe8
8732f8.6bc: Timestamp: 0x51f32ff2
8832f8.6bc: Machine: 0x8664 - amd64
8932f8.6bc: Timestamp: 0x51f32ff2
9032f8.6bc: Image Version: 6.0
9132f8.6bc: SizeOfImage: 0x38000 (229376)
9232f8.6bc: Resource Dir: 0x36000 LB 0x3c8
9332f8.6bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9432f8.6bc: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
9532f8.6bc: ProductName: SYMEVENT
9632f8.6bc: ProductVersion: 12.9.5.2
9732f8.6bc: FileVersion: 12.9.5.2
9832f8.6bc: FileDescription: Symantec Event Library
9932f8.6bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10032f8.6bc: Calling main()
10132f8.6bc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
10232f8.6bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10332f8.6bc: SUPR3HardenedMain: Respawn #1
10432f8.6bc: System32: \Device\HarddiskVolume3\Windows\System32
10532f8.6bc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
10632f8.6bc: KnownDllPath: C:\WINDOWS\System32
10732f8.6bc: supR3HardenedWinInit: Performing a limited self purification...
10832f8.6bc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
10932f8.6bc: *0000000000000000-0000000000dbffff 0x0001/0x0000 0x0000000
11032f8.6bc: *0000000000dc0000-0000000000dcffff 0x0004/0x0004 0x0040000
11132f8.6bc: 0000000000dd0000-0000000000ddffff 0x0001/0x0000 0x0000000
11232f8.6bc: *0000000000de0000-0000000000dfcfff 0x0002/0x0002 0x0040000
11332f8.6bc: 0000000000dfd000-0000000000dfffff 0x0001/0x0000 0x0000000
11432f8.6bc: *0000000000e00000-0000000000f11fff 0x0000/0x0004 0x0020000
11532f8.6bc: 0000000000f12000-0000000000f14fff 0x0004/0x0004 0x0020000
11632f8.6bc: 0000000000f15000-0000000000ffffff 0x0000/0x0004 0x0020000
11732f8.6bc: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
11832f8.6bc: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
11932f8.6bc: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
12032f8.6bc: *0000000001100000-0000000001103fff 0x0002/0x0002 0x0040000
12132f8.6bc: 0000000001104000-000000000110ffff 0x0001/0x0000 0x0000000
12232f8.6bc: *0000000001110000-0000000001111fff 0x0004/0x0004 0x0020000
12332f8.6bc: 0000000001112000-000000000111ffff 0x0001/0x0000 0x0000000
12432f8.6bc: *0000000001120000-0000000001121fff 0x0004/0x0004 0x0020000
12532f8.6bc: 0000000001122000-0000000001139fff 0x0000/0x0004 0x0020000
12632f8.6bc: 000000000113a000-00000000011bffff 0x0001/0x0000 0x0000000
12732f8.6bc: *00000000011c0000-00000000011c5fff 0x0004/0x0004 0x0020000
12832f8.6bc: 00000000011c6000-00000000012bffff 0x0000/0x0004 0x0020000
12932f8.6bc: *00000000012c0000-0000000001388fff 0x0002/0x0002 0x0040000
13032f8.6bc: 0000000001389000-000000000138ffff 0x0001/0x0000 0x0000000
13132f8.6bc: *0000000001390000-00000000013acfff 0x0004/0x0004 0x0020000
13232f8.6bc: 00000000013ad000-000000000148ffff 0x0000/0x0004 0x0020000
13332f8.6bc: 0000000001490000-00000000014bffff 0x0001/0x0000 0x0000000
13432f8.6bc: *00000000014c0000-00000000014cefff 0x0004/0x0004 0x0020000
13532f8.6bc: 00000000014cf000-00000000014cffff 0x0000/0x0004 0x0020000
13632f8.6bc: *00000000014d0000-00000000016c4fff 0x0004/0x0004 0x0020000
13732f8.6bc: 00000000016c5000-00000000016c5fff 0x0000/0x0004 0x0020000
13832f8.6bc: 00000000016c6000-000000007ffdffff 0x0001/0x0000 0x0000000
13932f8.6bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
14032f8.6bc: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
14132f8.6bc: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
14232f8.6bc: 000000007ffe5000-00007ff48494ffff 0x0001/0x0000 0x0000000
14332f8.6bc: *00007ff484950000-00007ff484954fff 0x0002/0x0002 0x0040000
14432f8.6bc: 00007ff484955000-00007ff484a4ffff 0x0000/0x0002 0x0040000
14532f8.6bc: *00007ff484a50000-00007ff584a6ffff 0x0000/0x0004 0x0020000
14632f8.6bc: *00007ff584a70000-00007ff586a6ffff 0x0000/0x0004 0x0020000
14732f8.6bc: 00007ff586a70000-00007ff586a70fff 0x0004/0x0004 0x0020000
14832f8.6bc: 00007ff586a71000-00007ff586a7ffff 0x0001/0x0000 0x0000000
14932f8.6bc: *00007ff586a80000-00007ff586a80fff 0x0002/0x0002 0x0040000
15032f8.6bc: 00007ff586a81000-00007ff586a8ffff 0x0001/0x0000 0x0000000
15132f8.6bc: *00007ff586a90000-00007ff586ab2fff 0x0002/0x0002 0x0040000
15232f8.6bc: 00007ff586ab3000-00007ff78383ffff 0x0001/0x0000 0x0000000
15332f8.6bc: *00007ff783840000-00007ff783840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15432f8.6bc: 00007ff783841000-00007ff7838b6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15532f8.6bc: 00007ff7838b7000-00007ff7838b7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15632f8.6bc: 00007ff7838b8000-00007ff7838fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15732f8.6bc: 00007ff783900000-00007ff783902fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15832f8.6bc: 00007ff783903000-00007ff783905fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15932f8.6bc: 00007ff783906000-00007ff783908fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16032f8.6bc: 00007ff783909000-00007ff783909fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16132f8.6bc: 00007ff78390a000-00007ff78390bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16232f8.6bc: 00007ff78390c000-00007ff78390cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16332f8.6bc: 00007ff78390d000-00007ff783955fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16432f8.6bc: 00007ff783956000-00007ffe187effff 0x0001/0x0000 0x0000000
16532f8.6bc: *00007ffe187f0000-00007ffe187f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16632f8.6bc: 00007ffe187f1000-00007ffe18901fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16732f8.6bc: 00007ffe18902000-00007ffe18a78fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16832f8.6bc: 00007ffe18a79000-00007ffe18a7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16932f8.6bc: 00007ffe18a7d000-00007ffe18a7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
17032f8.6bc: 00007ffe18a7e000-00007ffe18ab6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
17132f8.6bc: 00007ffe18ab7000-00007ffe1a62ffff 0x0001/0x0000 0x0000000
17232f8.6bc: *00007ffe1a630000-00007ffe1a630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17332f8.6bc: 00007ffe1a631000-00007ffe1a6aefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17432f8.6bc: 00007ffe1a6af000-00007ffe1a6e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17532f8.6bc: 00007ffe1a6e2000-00007ffe1a6e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17632f8.6bc: 00007ffe1a6e3000-00007ffe1a6e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17732f8.6bc: 00007ffe1a6e4000-00007ffe1a6ecfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17832f8.6bc: 00007ffe1a6ed000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
17932f8.6bc: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18032f8.6bc: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18132f8.6bc: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18232f8.6bc: 00007ffe1b0b3000-00007ffe1b0b3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18332f8.6bc: 00007ffe1b0b4000-00007ffe1b0b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18432f8.6bc: 00007ffe1b0b6000-00007ffe1b0befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18532f8.6bc: 00007ffe1b0bf000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18632f8.6bc: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
18732f8.6bc: kernel32.dll: timestamp 0xa977190b (rc=VINF_SUCCESS)
18832f8.6bc: kernelbase.dll: timestamp 0x64f228e4 (rc=VINF_SUCCESS)
18932f8.6bc: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
19032f8.6bc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
19132f8.6bc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
19232f8.6bc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
19332f8.6bc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
19432f8.6bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
19532f8.6bc: supR3HardNtEnableThreadCreationEx:
19632f8.6bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
19732f8.6bc: supR3HardenedWinDoReSpawn(1): New child 20a8.52f4 [kernel32].
19832f8.6bc: supR3HardNtChildGatherData: PebBaseAddress=0000000000a14000 cbPeb=0x388
19932f8.6bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1af50000 uNtDllChildAddr=00007ffe1af50000
20032f8.6bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1afc4550
20132f8.6bc: supR3HardenedWinSetupChildInit: Initial context:
202 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff783847900 rdx=0000000000a14000
203 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
204 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
205 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
206 rip=00007ffe1af9cf10 rsp=0000000000cfff38 rbp=0000000000000000 ctxflags=0010001b
207 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
208 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
209 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
210 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
211 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
21232f8.6bc: supR3HardenedWinSetupChildInit: Start child.
21332f8.6bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
21432f8.6bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 33 sleeps
21532f8.6bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
21632f8.6bc: *0000000000000000-000000000094ffff 0x0001/0x0000 0x0000000
21732f8.6bc: *0000000000950000-000000000096ffff 0x0004/0x0004 0x0020000
21832f8.6bc: *0000000000970000-000000000098cfff 0x0002/0x0002 0x0040000
21932f8.6bc: 000000000098d000-000000000098ffff 0x0001/0x0000 0x0000000
22032f8.6bc: *0000000000990000-0000000000993fff 0x0002/0x0002 0x0040000
22132f8.6bc: 0000000000994000-000000000099ffff 0x0001/0x0000 0x0000000
22232f8.6bc: *00000000009a0000-00000000009a1fff 0x0004/0x0004 0x0020000
22332f8.6bc: 00000000009a2000-00000000009fffff 0x0001/0x0000 0x0000000
22432f8.6bc: *0000000000a00000-0000000000a13fff 0x0000/0x0004 0x0020000
22532f8.6bc: 0000000000a14000-0000000000a16fff 0x0004/0x0004 0x0020000
22632f8.6bc: 0000000000a17000-0000000000bfffff 0x0000/0x0004 0x0020000
22732f8.6bc: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
22832f8.6bc: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
22932f8.6bc: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
23032f8.6bc: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
23132f8.6bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
23232f8.6bc: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
23332f8.6bc: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
23432f8.6bc: 000000007ffe5000-00007ff531beffff 0x0001/0x0000 0x0000000
23532f8.6bc: *00007ff531bf0000-00007ff531bf0fff 0x0002/0x0002 0x0040000
23632f8.6bc: 00007ff531bf1000-00007ff531bfffff 0x0001/0x0000 0x0000000
23732f8.6bc: *00007ff531c00000-00007ff531c22fff 0x0002/0x0002 0x0040000
23832f8.6bc: 00007ff531c23000-00007ff78383ffff 0x0001/0x0000 0x0000000
23932f8.6bc: *00007ff783840000-00007ff783840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24032f8.6bc: 00007ff783841000-00007ff7838b6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24132f8.6bc: 00007ff7838b7000-00007ff7838b7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24232f8.6bc: 00007ff7838b8000-00007ff7838fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24332f8.6bc: 00007ff783900000-00007ff783900fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24432f8.6bc: 00007ff783901000-00007ff783901fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24532f8.6bc: 00007ff783902000-00007ff783906fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24632f8.6bc: 00007ff783907000-00007ff783907fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24732f8.6bc: 00007ff783908000-00007ff783908fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24832f8.6bc: 00007ff783909000-00007ff78390cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
24932f8.6bc: 00007ff78390d000-00007ff783955fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25032f8.6bc: 00007ff783956000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
25132f8.6bc: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25232f8.6bc: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25332f8.6bc: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25432f8.6bc: 00007ffe1b0b3000-00007ffe1b0befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25532f8.6bc: 00007ffe1b0bf000-00007ffe1b0cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25632f8.6bc: 00007ffe1b0ce000-00007ffe1b0cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25732f8.6bc: 00007ffe1b0cf000-00007ffe1b0d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25832f8.6bc: 00007ffe1b0d2000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
25932f8.6bc: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
26032f8.6bc: supR3HardNtChildPurify: Done after 523 ms and 0 fixes (loop #0).
26120a8.52f4: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
26220a8.52f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1af50000 g_uNtVerCombined=0xa04a6100 (stack ~0000000000cff9c8)
26320a8.52f4: ntdll.dll: timestamp 0x74437382 (rc=VINF_SUCCESS)
26420a8.52f4: New simple heap: #1 0000000000e00000 LB 0x400000 (for 2048000 allocation)
26532f8.6bc: supR3HardNtEnableThreadCreationEx:
26620a8.52f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
26720a8.52f4: System32: \Device\HarddiskVolume3\Windows\System32
26820a8.52f4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
26920a8.52f4: KnownDllPath: C:\WINDOWS\System32
27020a8.52f4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
27120a8.52f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
27220a8.52f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
27320a8.52f4: Registered Dll notification callback with NTDLL.
27420a8.52f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
27520a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
27620a8.52f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
27720a8.52f4: supR3HardenedDllNotificationCallback: load 00007ffe187f0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
27820a8.52f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
27920a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28020a8.52f4: supR3HardenedDllNotificationCallback: load 00007ffe1a630000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
28120a8.52f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28220a8.52f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\KERNEL32.DLL'
28320a8.52f4: supR3HardenedDllNotificationCallback: load 00007ff783840000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
28420a8.52f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
28520a8.52f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
28620a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
28720a8.52f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
28832f8.6bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
28920a8.52f4: \SystemRoot\System32\ntdll.dll:
29020a8.52f4: CreationTime: 2020-03-14T03:02:43.275222700Z
29120a8.52f4: LastWriteTime: 2020-03-14T03:02:43.306236000Z
29220a8.52f4: ChangeTime: 2020-03-27T13:43:11.521001300Z
29320a8.52f4: FileAttributes: 0x20
29420a8.52f4: Size: 0x1ed2e8
29520a8.52f4: NT Headers: 0xe8
29620a8.52f4: Timestamp: 0x74437382
29720a8.52f4: Machine: 0x8664 - amd64
29820a8.52f4: Timestamp: 0x74437382
29920a8.52f4: Image Version: 10.0
30020a8.52f4: SizeOfImage: 0x1f4000 (2048000)
30120a8.52f4: Resource Dir: 0x183000 LB 0x6fd28
30220a8.52f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
30320a8.52f4: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
30420a8.52f4: ProductName: Microsoft® Windows® Operating System
30520a8.52f4: ProductVersion: 10.0.19041.153
30620a8.52f4: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
30720a8.52f4: FileDescription: NT Layer DLL
30820a8.52f4: \SystemRoot\System32\kernel32.dll:
30920a8.52f4: CreationTime: 2019-12-07T09:08:19.659069000Z
31020a8.52f4: LastWriteTime: 2019-12-07T09:08:19.659069000Z
31120a8.52f4: ChangeTime: 2020-03-27T13:43:11.228000700Z
31220a8.52f4: FileAttributes: 0x20
31320a8.52f4: Size: 0xbaa28
31420a8.52f4: NT Headers: 0xf0
31520a8.52f4: Timestamp: 0xa977190b
31620a8.52f4: Machine: 0x8664 - amd64
31720a8.52f4: Timestamp: 0xa977190b
31820a8.52f4: Image Version: 10.0
31920a8.52f4: SizeOfImage: 0xbd000 (774144)
32020a8.52f4: Resource Dir: 0xbb000 LB 0x520
32120a8.52f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32220a8.52f4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
32320a8.52f4: ProductName: Microsoft® Windows® Operating System
32420a8.52f4: ProductVersion: 10.0.19041.1
32520a8.52f4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
32620a8.52f4: FileDescription: Windows NT BASE API Client DLL
32720a8.52f4: \SystemRoot\System32\KernelBase.dll:
32820a8.52f4: CreationTime: 2020-03-14T03:02:43.692221900Z
32920a8.52f4: LastWriteTime: 2020-03-14T03:02:43.739239000Z
33020a8.52f4: ChangeTime: 2020-03-27T13:43:11.520001000Z
33120a8.52f4: FileAttributes: 0x20
33220a8.52f4: Size: 0x2c8a18
33320a8.52f4: NT Headers: 0x100
33420a8.52f4: Timestamp: 0x64f228e4
33520a8.52f4: Machine: 0x8664 - amd64
33620a8.52f4: Timestamp: 0x64f228e4
33720a8.52f4: Image Version: 10.0
33820a8.52f4: SizeOfImage: 0x2c7000 (2912256)
33920a8.52f4: Resource Dir: 0x29e000 LB 0x548
34020a8.52f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
34120a8.52f4: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
34220a8.52f4: ProductName: Microsoft® Windows® Operating System
34320a8.52f4: ProductVersion: 10.0.19041.153
34420a8.52f4: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
34520a8.52f4: FileDescription: Windows NT BASE API Client DLL
34620a8.52f4: \SystemRoot\System32\apisetschema.dll:
34720a8.52f4: CreationTime: 2019-12-07T09:08:13.518339400Z
34820a8.52f4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
34920a8.52f4: ChangeTime: 2020-03-27T13:43:11.135999700Z
35020a8.52f4: FileAttributes: 0x20
35120a8.52f4: Size: 0x1f538
35220a8.52f4: NT Headers: 0xd0
35320a8.52f4: Timestamp: 0x31288ce0
35420a8.52f4: Machine: 0x8664 - amd64
35520a8.52f4: Timestamp: 0x31288ce0
35620a8.52f4: Image Version: 10.0
35720a8.52f4: SizeOfImage: 0x20000 (131072)
35820a8.52f4: Resource Dir: 0x1f000 LB 0x408
35920a8.52f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
36020a8.52f4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
36120a8.52f4: ProductName: Microsoft® Windows® Operating System
36220a8.52f4: ProductVersion: 10.0.19041.1
36320a8.52f4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
36420a8.52f4: FileDescription: ApiSet Schema DLL
36520a8.52f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
36620a8.52f4: supR3HardenedWinFindAdversaries: 0x2
36720a8.52f4: \SystemRoot\System32\drivers\symevent64x86.sys:
36820a8.52f4: CreationTime: 2013-02-25T14:25:28.206442500Z
36920a8.52f4: LastWriteTime: 2013-11-28T05:30:50.145748300Z
37020a8.52f4: ChangeTime: 2020-01-31T17:39:40.688592600Z
37120a8.52f4: FileAttributes: 0x2020
37220a8.52f4: Size: 0x2b658
37320a8.52f4: NT Headers: 0xe8
37420a8.52f4: Timestamp: 0x51f32ff2
37520a8.52f4: Machine: 0x8664 - amd64
37620a8.52f4: Timestamp: 0x51f32ff2
37720a8.52f4: Image Version: 6.0
37820a8.52f4: SizeOfImage: 0x38000 (229376)
37920a8.52f4: Resource Dir: 0x36000 LB 0x3c8
38020a8.52f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
38120a8.52f4: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
38220a8.52f4: ProductName: SYMEVENT
38320a8.52f4: ProductVersion: 12.9.5.2
38420a8.52f4: FileVersion: 12.9.5.2
38520a8.52f4: FileDescription: Symantec Event Library
38620a8.52f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
38720a8.52f4: Calling main()
38820a8.52f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
38920a8.52f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
39020a8.52f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
39120a8.52f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
39220a8.52f4: SUPR3HardenedMain: Respawn #2
39320a8.52f4: supR3HardNtEnableThreadCreationEx:
39420a8.52f4: supR3HardenedDllNotificationCallback: load 00007ffe1ade0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
39520a8.52f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
39620a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
39720a8.52f4: supR3HardenedDllNotificationCallback: load 00007ffe195f0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
39820a8.52f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
39920a8.52f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
40020a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
40120a8.52f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
40220a8.52f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
40320a8.52f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
40420a8.52f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40520a8.52f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
40620a8.52f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
40720a8.52f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
40820a8.52f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1af50000 'C:\WINDOWS\System32\ntdll.dll'
40920a8.52f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
41020a8.52f4: supR3HardenedWinDoReSpawn(2): New child 4500.3604 [kernel32].
41120a8.52f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000806000 cbPeb=0x388
41220a8.52f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1af50000 uNtDllChildAddr=00007ffe1af50000
41320a8.52f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1afc4550
41420a8.52f4: supR3HardenedWinSetupChildInit: Initial context:
415 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff783847900 rdx=0000000000806000
416 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
417 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
418 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
419 rip=00007ffe1af9cf10 rsp=0000000000affda8 rbp=0000000000000000 ctxflags=0010001b
420 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
421 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
422 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
423 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
424 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
42520a8.52f4: kernel32.dll: timestamp 0xa977190b (rc=VINF_SUCCESS)
42620a8.52f4: supR3HardenedWinSetupChildInit: Start child.
42720a8.52f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
42820a8.52f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 525 ms, 34 sleeps
42920a8.52f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
43020a8.52f4: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000
43120a8.52f4: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000
43220a8.52f4: *0000000000700000-000000000071cfff 0x0002/0x0002 0x0040000
43320a8.52f4: 000000000071d000-000000000071ffff 0x0001/0x0000 0x0000000
43420a8.52f4: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
43520a8.52f4: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
43620a8.52f4: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
43720a8.52f4: 0000000000732000-00000000007fffff 0x0001/0x0000 0x0000000
43820a8.52f4: *0000000000800000-0000000000805fff 0x0000/0x0004 0x0020000
43920a8.52f4: 0000000000806000-0000000000808fff 0x0004/0x0004 0x0020000
44020a8.52f4: 0000000000809000-00000000009fffff 0x0000/0x0004 0x0020000
44120a8.52f4: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
44220a8.52f4: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
44320a8.52f4: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
44420a8.52f4: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
44520a8.52f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
44620a8.52f4: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
44720a8.52f4: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
44820a8.52f4: 000000007ffe5000-00007ff53e31ffff 0x0001/0x0000 0x0000000
44920a8.52f4: *00007ff53e320000-00007ff53e320fff 0x0002/0x0002 0x0040000
45020a8.52f4: 00007ff53e321000-00007ff53e32ffff 0x0001/0x0000 0x0000000
45120a8.52f4: *00007ff53e330000-00007ff53e352fff 0x0002/0x0002 0x0040000
45220a8.52f4: 00007ff53e353000-00007ff78383ffff 0x0001/0x0000 0x0000000
45320a8.52f4: *00007ff783840000-00007ff783840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45420a8.52f4: 00007ff783841000-00007ff7838b6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45520a8.52f4: 00007ff7838b7000-00007ff7838b7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45620a8.52f4: 00007ff7838b8000-00007ff7838fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45720a8.52f4: 00007ff783900000-00007ff783900fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45820a8.52f4: 00007ff783901000-00007ff783901fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
45920a8.52f4: 00007ff783902000-00007ff783906fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
46020a8.52f4: 00007ff783907000-00007ff783907fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
46120a8.52f4: 00007ff783908000-00007ff783908fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
46220a8.52f4: 00007ff783909000-00007ff78390cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
46320a8.52f4: 00007ff78390d000-00007ff783955fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
46420a8.52f4: 00007ff783956000-00007ffe1af4ffff 0x0001/0x0000 0x0000000
46520a8.52f4: *00007ffe1af50000-00007ffe1af50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
46620a8.52f4: 00007ffe1af51000-00007ffe1b06afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
46720a8.52f4: 00007ffe1b06b000-00007ffe1b0b2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
46820a8.52f4: 00007ffe1b0b3000-00007ffe1b0befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
46920a8.52f4: 00007ffe1b0bf000-00007ffe1b0cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
47020a8.52f4: 00007ffe1b0ce000-00007ffe1b0cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
47120a8.52f4: 00007ffe1b0cf000-00007ffe1b0d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
47220a8.52f4: 00007ffe1b0d2000-00007ffe1b143fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
47320a8.52f4: 00007ffe1b144000-00007ffffffeffff 0x0001/0x0000 0x0000000
47420a8.52f4: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
47520a8.52f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
47620a8.52f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
47720a8.52f4: supR3HardNtChildPurify: Done after 554 ms and 0 fixes (loop #0).
47820a8.52f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
4794500.3604: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
4804500.3604: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1af50000 g_uNtVerCombined=0xa04a6100 (stack ~0000000000aff838)
48120a8.52f4: supR3HardNtEnableThreadCreationEx:
4824500.3604: ntdll.dll: timestamp 0x74437382 (rc=VINF_SUCCESS)
4834500.3604: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2048000 allocation)
4844500.3604: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4854500.3604: System32: \Device\HarddiskVolume3\Windows\System32
4864500.3604: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
4874500.3604: KnownDllPath: C:\WINDOWS\System32
4884500.3604: supR3HardenedVmProcessInit: Opening vboxdrv...
4894500.3604: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4904500.3604: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4914500.3604: Registered Dll notification callback with NTDLL.
4924500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
4934500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4944500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4954500.3604: supR3HardenedDllNotificationCallback: load 00007ffe187f0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
4964500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4974500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4984500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1a630000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
4994500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5004500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\KERNEL32.DLL'
5014500.3604: supR3HardenedDllNotificationCallback: load 00007ff783840000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5024500.3604: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5034500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5044500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
50520a8.52f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 100 ms.
5064500.3604: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1afc4550 pvNtTerminateThread=00007ffe1afeb820
5074500.3604: \SystemRoot\System32\ntdll.dll:
5084500.3604: CreationTime: 2020-03-14T03:02:43.275222700Z
5094500.3604: LastWriteTime: 2020-03-14T03:02:43.306236000Z
5104500.3604: ChangeTime: 2020-03-27T13:43:11.521001300Z
5114500.3604: FileAttributes: 0x20
5124500.3604: Size: 0x1ed2e8
5134500.3604: NT Headers: 0xe8
5144500.3604: Timestamp: 0x74437382
5154500.3604: Machine: 0x8664 - amd64
5164500.3604: Timestamp: 0x74437382
5174500.3604: Image Version: 10.0
5184500.3604: SizeOfImage: 0x1f4000 (2048000)
5194500.3604: Resource Dir: 0x183000 LB 0x6fd28
5204500.3604: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5214500.3604: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5224500.3604: ProductName: Microsoft® Windows® Operating System
5234500.3604: ProductVersion: 10.0.19041.153
5244500.3604: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
5254500.3604: FileDescription: NT Layer DLL
5264500.3604: \SystemRoot\System32\kernel32.dll:
5274500.3604: CreationTime: 2019-12-07T09:08:19.659069000Z
5284500.3604: LastWriteTime: 2019-12-07T09:08:19.659069000Z
5294500.3604: ChangeTime: 2020-03-27T13:43:11.228000700Z
5304500.3604: FileAttributes: 0x20
5314500.3604: Size: 0xbaa28
5324500.3604: NT Headers: 0xf0
5334500.3604: Timestamp: 0xa977190b
5344500.3604: Machine: 0x8664 - amd64
5354500.3604: Timestamp: 0xa977190b
5364500.3604: Image Version: 10.0
5374500.3604: SizeOfImage: 0xbd000 (774144)
5384500.3604: Resource Dir: 0xbb000 LB 0x520
5394500.3604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5404500.3604: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5414500.3604: ProductName: Microsoft® Windows® Operating System
5424500.3604: ProductVersion: 10.0.19041.1
5434500.3604: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5444500.3604: FileDescription: Windows NT BASE API Client DLL
5454500.3604: \SystemRoot\System32\KernelBase.dll:
5464500.3604: CreationTime: 2020-03-14T03:02:43.692221900Z
5474500.3604: LastWriteTime: 2020-03-14T03:02:43.739239000Z
5484500.3604: ChangeTime: 2020-03-27T13:43:11.520001000Z
5494500.3604: FileAttributes: 0x20
5504500.3604: Size: 0x2c8a18
5514500.3604: NT Headers: 0x100
5524500.3604: Timestamp: 0x64f228e4
5534500.3604: Machine: 0x8664 - amd64
5544500.3604: Timestamp: 0x64f228e4
5554500.3604: Image Version: 10.0
5564500.3604: SizeOfImage: 0x2c7000 (2912256)
5574500.3604: Resource Dir: 0x29e000 LB 0x548
5584500.3604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5594500.3604: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5604500.3604: ProductName: Microsoft® Windows® Operating System
5614500.3604: ProductVersion: 10.0.19041.153
5624500.3604: FileVersion: 10.0.19041.153 (WinBuild.160101.0800)
5634500.3604: FileDescription: Windows NT BASE API Client DLL
5644500.3604: \SystemRoot\System32\apisetschema.dll:
5654500.3604: CreationTime: 2019-12-07T09:08:13.518339400Z
5664500.3604: LastWriteTime: 2019-12-07T09:08:13.518339400Z
5674500.3604: ChangeTime: 2020-03-27T13:43:11.135999700Z
5684500.3604: FileAttributes: 0x20
5694500.3604: Size: 0x1f538
5704500.3604: NT Headers: 0xd0
5714500.3604: Timestamp: 0x31288ce0
5724500.3604: Machine: 0x8664 - amd64
5734500.3604: Timestamp: 0x31288ce0
5744500.3604: Image Version: 10.0
5754500.3604: SizeOfImage: 0x20000 (131072)
5764500.3604: Resource Dir: 0x1f000 LB 0x408
5774500.3604: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5784500.3604: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5794500.3604: ProductName: Microsoft® Windows® Operating System
5804500.3604: ProductVersion: 10.0.19041.1
5814500.3604: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5824500.3604: FileDescription: ApiSet Schema DLL
5834500.3604: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5844500.3604: supR3HardenedWinFindAdversaries: 0x2
5854500.3604: \SystemRoot\System32\drivers\symevent64x86.sys:
5864500.3604: CreationTime: 2013-02-25T14:25:28.206442500Z
5874500.3604: LastWriteTime: 2013-11-28T05:30:50.145748300Z
5884500.3604: ChangeTime: 2020-01-31T17:39:40.688592600Z
5894500.3604: FileAttributes: 0x2020
5904500.3604: Size: 0x2b658
5914500.3604: NT Headers: 0xe8
5924500.3604: Timestamp: 0x51f32ff2
5934500.3604: Machine: 0x8664 - amd64
5944500.3604: Timestamp: 0x51f32ff2
5954500.3604: Image Version: 6.0
5964500.3604: SizeOfImage: 0x38000 (229376)
5974500.3604: Resource Dir: 0x36000 LB 0x3c8
5984500.3604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5994500.3604: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
6004500.3604: ProductName: SYMEVENT
6014500.3604: ProductVersion: 12.9.5.2
6024500.3604: FileVersion: 12.9.5.2
6034500.3604: FileDescription: Symantec Event Library
6044500.3604: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6054500.3604: Calling main()
6064500.3604: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6074500.3604: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6084500.3604: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6094500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6104500.3604: SUPR3HardenedMain: Final process, opening VBoxDrv...
6114500.3604: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
6124500.3604: supR3HardNtEnableThreadCreationEx:
6134500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6144500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6154500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6164500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6174500.3604: supR3HardenedDllNotificationCallback: load 00007ffe125e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6184500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6194500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6204500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6214500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe125e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6224500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6234500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6244500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe125e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe125e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6264500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6274500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
6284500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
6294500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
6304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6314500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6324500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6334500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6344500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6364500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
6374500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6384500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6394500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1a920000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
6404500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6414500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1ade0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6424500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6434500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18ac0000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
6444500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6454500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18eb0000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
6464500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
6474500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
6484500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18b70000 LB 0x0015d000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
6494500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
6504500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6514500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6524500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6534500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
6544500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6554500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6564500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
6574500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6584500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6594500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
6604500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6614500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6624500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
6634500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6644500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6654500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-1'
6664500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
6674500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
6684500.3604: supR3HardenedDllNotificationCallback: load 00007ffe181c0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
6694500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6704500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\system32\Wintrust.dll'
6714500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
6724500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6734500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6744500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18e80000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
6754500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6764500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18e80000 'C:\WINDOWS\system32\bcrypt.dll'
6774500.3604: bcrypt.dll loaded at 00007ffe18e80000, BCryptOpenAlgorithmProvider at 00007ffe18e851e0, preloading providers:
6784500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
6794500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6804500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6814500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18770000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
6824500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6834500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18770000 'C:\WINDOWS\system32\bcryptprimitives.dll'
6844500.3604: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000117f440)
6854500.3604: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000117f9b0)
6864500.3604: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000117fcd0)
6874500.3604: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000117fff0)
6884500.3604: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001180310)
6894500.3604: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001180630)
6904500.3604: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001180950)
6914500.3604: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001180c70)
6924500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6934500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6944500.3604: supR3HardenedDllNotificationCallback: load 00007ffe17fb0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6954500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6964500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
6974500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6984500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7014500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7024500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7034500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7044500.3604: supR3HardenedDllNotificationCallback: load 00007ffe17710000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
7054500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7064500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
7074500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
7084500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
7094500.3604: supR3HardenedDllNotificationCallback: load 00007ffe17ee0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7104500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7114500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7124500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7134500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
7144500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7154500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7164500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\System32\WINTRUST.DLL'
7174500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7184500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7194500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\CRYPT32.dll'
7204500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19540000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
7214500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
7224500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
7234500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7244500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
7264500.3604: supR3HardenedDllNotificationCallback: load 00007ffe195f0000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7274500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
7284500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
7294500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
7304500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7314500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7324500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
7334500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
7344500.3604: supR3HardenedDllNotificationCallback: load 00007ffe16f80000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
7354500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7364500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
7374500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
7384500.3604: supR3HardenedDllNotificationCallback: load 00007ffe185d0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
7394500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7404500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7414500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
7424500.3604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
7434500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7444500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7454500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7464500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7474500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7484500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7494500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7504500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7514500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7524500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7534500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7544500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7554500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7564500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7574500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7584500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7594500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7604500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7614500.3604: supR3HardenedDllNotificationCallback: load 00007ffe114e0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
7624500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7634500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7644500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7654500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7664500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7674500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7684500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7694500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7704500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7714500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7724500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7734500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7744500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7754500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7764500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7774500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7784500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7794500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7804500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7814500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7824500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7834500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7844500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7854500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7864500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7874500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7894500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7904500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7914500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\WINDOWS\System32\cryptnet.dll'
7924500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7934500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe114e0000 'C:\Windows\System32\cryptnet.dll'
7944500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7954500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7964500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ade0000 'C:\WINDOWS\System32\rpcrt4.dll'
7974500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1a870000 LB 0x000aa000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
7984500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7994500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8004500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8014500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8024500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8034500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8044500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8054500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8064500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8074500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8084500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8094500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8104500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8114500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8124500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8134500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8144500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8154500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8164500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8174500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8184500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8194500.3604: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012328d0
8204500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
8214500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0C72B0E2023D53CDD9886CD2B5819FB91D2B422
8224500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8234500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8244500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8254500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8264500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8274500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8284500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\SystemRoot\System32\ntdll.dll'
8294500.3604: g_pfnWinVerifyTrust=00007ffe18ac1da0
8304500.3604: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8314500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8324500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8334500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8344500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8354500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8364500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8374500.3604: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
8384500.3604: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8394500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8404500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8414500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8424500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8434500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8444500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8454500.3604: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
8464500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8474500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8484500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8494500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8504500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8514500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8524500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
8534500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8544500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
8554500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
8564500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35D579607A81B539FE4EE838C90FF3AA54A92A17
8574500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8584500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8594500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8604500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8614500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8624500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8634500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8644500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8654500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8664500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
8674500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8684500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8694500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8704500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
8714500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8724500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8734500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8744500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
8754500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8764500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8774500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8784500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
8794500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8804500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8814500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8824500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
8834500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8844500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8854500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8864500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
8874500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8884500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8894500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8904500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8914500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8924500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8934500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
8944500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8954500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8964500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
8974500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
8984500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
8994500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
9004500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9014500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9024500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
9034500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9044500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9054500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
9064500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9074500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9084500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
9094500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9104500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9114500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
9124500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9134500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9144500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9154500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
9164500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9174500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9184500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
9194500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
9204500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
9214500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
9224500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\system32\crypt32.dll'
9234500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
9244500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xca1887d90321da00 C=US, O=Home, CN=Home Root CA, Email=tbehrens@outlook.com
9254500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x493a5e1cae949159 CN=Meep
9264500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9274500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9284500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x8c3ab3ced159df00 CN=Meep
9294500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9304500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x23b1d7342a6fbc00 CN=Meep
9314500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x7f32aa9d15aa35dd CN=Meep
9324500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9334500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9344500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9354500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9364500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
9374500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9384500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x9f54b99fd84da700 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
9394500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9404500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
9414500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
9424500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9434500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9444500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
9454500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
9464500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
9474500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
9484500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9494500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
9504500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
9514500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
9524500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9534500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xbedf2fa01f59a400 C=TW, O=Chunghwa Telecom Co., Ltd., CN=ePKI Root Certification Authority - G2
9544500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
9554500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9564500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9574500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9584500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9594500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
9604500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9614500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
9624500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9634500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9644500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9654500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9664500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9674500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9684500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
9694500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
9704500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
9714500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9724500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd578ca718078b200 C=US, O=Amazon, CN=Amazon Root CA 1
9734500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
9744500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9754500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9764500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
9774500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
9784500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9794500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
9804500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
9814500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9824500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
9834500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
9844500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9854500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9864500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9874500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
9884500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9894500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
9904500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
9914500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9924500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9934500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9944500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9954500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9964500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9974500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
9984500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
9994500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10004500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
10014500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
10024500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
10034500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
10044500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
10054500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10064500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10074500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10084500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
10094500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
10104500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10114500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
10124500.3604: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018
10134500.3604: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=90
10144500.3604: SUPR3HardenedMain: Load Runtime...
10154500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10164500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10174500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10184500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10194500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10204500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10214500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10244500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
10264500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10274500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
10284500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10294500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10314500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10324500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10344500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10364500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10374500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10384500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10394500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10404500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10434500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10444500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10454500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10464500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
10474500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
10484500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
10494500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10504500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10514500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10524500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10534500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10544500.3604: supR3HardenedDllNotificationCallback: load 000000005a0a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10554500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10564500.3604: supR3HardenedDllNotificationCallback: load 000000005a000000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
10574500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10584500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1ac80000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
10594500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10604500.3604: supR3HardenedDllNotificationCallback: load 00007ffdc43e0000 LB 0x005ed000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10614500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10624500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10634500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10644500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10654500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10664500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10674500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10684500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10694500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10704500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10714500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10724500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10734500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10744500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10754500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10764500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10774500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10784500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10794500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10804500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10814500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10824500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10834500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10844500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10854500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10864500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10874500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10884500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10894500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10904500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10914500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10924500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10934500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10944500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10954500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10964500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10974500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10984500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10994500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11004500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11014500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11024500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11034500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11044500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11054500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11064500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11074500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11084500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11094500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11104500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11114500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11124500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11134500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11144500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11154500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11164500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11174500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11184500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11194500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11204500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11214500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11224500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11234500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11244500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11254500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11264500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11274500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11284500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11294500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11304500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11314500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11324500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11334500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11344500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11354500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11364500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11374500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11384500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11394500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11404500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11414500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11424500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11444500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11454500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11464500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11474500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11484500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11494500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11504500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11514500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11524500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11534500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11544500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11554500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11564500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11574500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11584500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11594500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11604500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11614500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11624500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11634500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11644500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11654500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11664500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11674500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11684500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11694500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11704500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11714500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11724500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11734500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11744500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11754500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11764500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11774500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11784500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11794500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11804500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11814500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11824500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11834500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11844500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11854500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11864500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11874500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11894500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11904500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11914500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11934500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11944500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11954500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11964500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11974500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11984500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11994500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12004500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12014500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12024500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12034500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12044500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12054500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12064500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12074500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12084500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12094500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12104500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12114500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12124500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12134500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12144500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12154500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12164500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12174500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12184500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12194500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12204500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12214500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12224500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12234500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12244500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12264500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12274500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12284500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12294500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12304500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12314500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12324500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12334500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12344500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12354500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12364500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12374500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12384500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc43e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12394500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12404500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
12414500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
12424500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18ac0000 'C:\WINDOWS\system32\Wintrust.dll'
12444500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12454500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12464500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12474500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12484500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12494500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12504500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\system32\crypt32.dll'
12514500.3604: SUPR3HardenedMain: Load TrustedMain...
12524500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12534500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12544500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
12554500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12564500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12574500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12584500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12594500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12604500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12614500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12624500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12634500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12644500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12654500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12664500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12674500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12704500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12714500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12724500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12734500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
12744500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
12754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12764500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12774500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12784500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12794500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12804500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
12814500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
12824500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12834500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12844500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
12854500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
12864500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12874500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12884500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12894500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12904500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12914500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12924500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12934500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12944500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
12954500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12964500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
12974500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
12984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13004500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
13014500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
13024500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13034500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13044500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13054500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13064500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13074500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13084500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
13094500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
13104500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
13114500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
13124500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
13134500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13144500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13164500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13174500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13184500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13194500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13204500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13214500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13224500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
13234500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13244500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
13254500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13264500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13274500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13284500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13294500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13304500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
13314500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13324500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13344500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13374500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
13384500.3604: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
13394500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
13404500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
13414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13434500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13444500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13454500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13464500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13474500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13484500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
13494500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13504500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
13514500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
13524500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13534500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13544500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13554500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13564500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13574500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13584500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13594500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13604500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
13614500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13624500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13634500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13644500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13654500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13664500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13674500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13704500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13714500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13724500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13734500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13744500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13754500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13764500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13774500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13784500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13794500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13804500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13814500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13824500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13834500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13844500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13854500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13864500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13874500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13884500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13894500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13904500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13914500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13924500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13934500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13944500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13954500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13964500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13974500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13994500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14004500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14014500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14024500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14034500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14044500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14054500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14064500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14074500.3604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14084500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14094500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14104500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14114500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14124500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14134500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14144500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14164500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14174500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
14184500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14194500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
14204500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
14214500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
14224500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14244500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14254500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14264500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14274500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14284500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14294500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14314500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14324500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14344500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14374500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14384500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14394500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14404500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14434500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14444500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14454500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14464500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14474500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14484500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14494500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14504500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14514500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14524500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
14534500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14544500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14554500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14564500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14574500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14584500.3604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
14594500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14604500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14614500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14624500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14634500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14644500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14654500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14664500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14674500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14684500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14704500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14714500.3604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
14724500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
14734500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
14744500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14764500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14774500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14784500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14794500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14804500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14814500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14824500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14834500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14844500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14854500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14864500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14874500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14884500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14894500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14904500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14914500.3604: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
14924500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14934500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14944500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14954500.3604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
14964500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
14974500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14994500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15014500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15024500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15034500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15044500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15054500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15064500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15074500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15084500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15094500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15104500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15114500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15124500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15134500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15144500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15164500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15174500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
15184500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15194500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15204500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15214500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15234500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15244500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15254500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15264500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15274500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15284500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15294500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15304500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15314500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15324500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15334500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15344500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15354500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15374500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15384500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15394500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15404500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15414500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15434500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15444500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15454500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15464500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15474500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15484500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15494500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15504500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15514500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15524500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15534500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15544500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15554500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15564500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15574500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15584500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15594500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15604500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15614500.3604: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15624500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15634500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15644500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15654500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15664500.3604: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15674500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15694500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15704500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15714500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15724500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15734500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15744500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15764500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15774500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
15784500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15794500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15804500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15814500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15824500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15834500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15844500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15854500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15864500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15874500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15884500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
15894500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
15904500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15914500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15924500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15934500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
15944500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
15954500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
15964500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59116339FF1B29B4A343FCBB3B064353F8B9655
15974500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16014500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16024500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16034500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16044500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16054500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16064500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16074500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16084500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16094500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16104500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16114500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16124500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16134500.3604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16144500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16164500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16174500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16184500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16194500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16204500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16214500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16244500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
16254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
16264500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16274500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16284500.3604: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16294500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16304500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16314500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16324500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16334500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16344500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16354500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16364500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16374500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16384500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16394500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16404500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18690000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
16414500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16424500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18cd0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
16434500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16444500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18d70000 LB 0x0010a000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
16454500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16464500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16474500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16484500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16494500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
16504500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
16514500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1a190000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
16524500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16534500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19ff0000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
16544500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16554500.3604: supR3HardenedDllNotificationCallback: load 00007ffe191e0000 LB 0x00354000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
16564500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16574500.3604: supR3HardenedDllNotificationCallback: load 00007ffdf8c10000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16584500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16594500.3604: supR3HardenedDllNotificationCallback: load 00007ffdcb8d0000 LB 0x0015c000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16604500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16614500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19720000 LB 0x00731000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
16624500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16634500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19e60000 LB 0x00129000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
16644500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16654500.3604: supR3HardenedDllNotificationCallback: load 00007ffe11bf0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
16664500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16674500.3604: supR3HardenedDllNotificationCallback: load 00000000592a0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
16684500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16694500.3604: supR3HardenedDllNotificationCallback: load 00007ffd96bf0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
16704500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16714500.3604: supR3HardenedDllNotificationCallback: load 0000000058830000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
16724500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16734500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1ad00000 LB 0x000d5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
16744500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16754500.3604: supR3HardenedDllNotificationCallback: load 00007ffd971f0000 LB 0x02614000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
16764500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16774500.3604: supR3HardenedDllNotificationCallback: load 0000000059fa0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
16784500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16794500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0c200000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16804500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16814500.3604: supR3HardenedDllNotificationCallback: load 00007ffdc5000000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
16824500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16834500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16844500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16854500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16864500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16874500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16884500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16894500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16904500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16914500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16934500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16944500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16954500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16964500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16974500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16984500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
16994500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17004500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17014500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17024500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17034500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17044500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17054500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17064500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17074500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17084500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
17094500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17104500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17114500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17124500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17134500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
17144500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17164500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17174500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17184500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
17194500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17204500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17214500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17224500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17234500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17244500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17254500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
17264500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17274500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17284500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17294500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17304500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17314500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17324500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17334500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17344500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17354500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17364500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17374500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17384500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17394500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17404500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17414500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17424500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17434500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17444500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17454500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17464500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17474500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17484500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17494500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17504500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17514500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17524500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17534500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17544500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17554500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17564500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17574500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17584500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17594500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17604500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17614500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17624500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17634500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17644500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17654500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17664500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17674500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17684500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-string-l1-1-0'
17694500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17704500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17714500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17724500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17734500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17744500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17754500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17764500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17774500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17784500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17794500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17804500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17814500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17824500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17834500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17844500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17854500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17864500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17874500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17884500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17894500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17904500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17914500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17934500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17944500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17954500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17964500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17974500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17984500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17994500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18004500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18014500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18024500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18034500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18044500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18054500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18064500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18074500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18084500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18094500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
18104500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18114500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-datetime-l1-1-1'
18124500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18134500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18144500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18154500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18164500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18174500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18184500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18194500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18204500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18214500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18224500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18234500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18244500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18254500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18264500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18274500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18284500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18294500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18304500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18314500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18324500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18334500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18344500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18354500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18364500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18374500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18384500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18394500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18404500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18414500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18424500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18434500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18444500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18454500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18464500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18474500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18484500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18494500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18504500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18514500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18524500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18534500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18544500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-obsolete-l1-2-0'
18554500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18564500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18574500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18584500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18594500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18604500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18614500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18624500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18634500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18644500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18654500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18664500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18674500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18684500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18694500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18704500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18714500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18724500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18734500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18744500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18754500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18764500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18774500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18784500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18794500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18804500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18814500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18824500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18834500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18844500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18854500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18864500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18874500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18884500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18894500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18904500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18914500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18934500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18944500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18954500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18964500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
18974500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
18984500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
18994500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
19004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19014500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19024500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19034500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19044500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
19054500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19064500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19074500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
19084500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19094500.3604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
19104500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19114500.3604: supR3HardenedDllNotificationCallback: load 00007ffe196f0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
19124500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19134500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe196f0000 'C:\WINDOWS\system32\IMM32.DLL'
19144500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19154500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19164500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19174500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19184500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19194500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19204500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19214500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19224500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19234500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19244500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19254500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19264500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19274500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19284500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19294500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19304500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19314500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19324500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19334500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19344500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19354500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19364500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19374500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19384500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19394500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19404500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19414500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19424500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19434500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19444500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19454500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19464500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19474500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19484500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19494500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19504500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19514500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19524500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19534500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19544500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19554500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19564500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19574500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19584500.3604: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
19594500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
19604500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19614500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19624500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19634500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19644500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19654500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19664500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19674500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19684500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19694500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19704500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19714500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19724500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19734500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19744500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19754500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19764500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19774500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19784500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19794500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19804500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19814500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19824500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19834500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19844500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\System32\ADVAPI32.DLL'
19854500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19864500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19874500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19884500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19894500.3604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19904500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19914500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19934500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19944500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19954500.3604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19964500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19974500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19984500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19994500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
20004500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
20014500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
20024500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
20034500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
20044500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
20054500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
20064500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
20074500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5000000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
20084500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20094500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20104500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
20114500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20124500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20134500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
20144500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
20154500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
20164500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
20174500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=963449C047676DA4B69F8A6EE574773FF48118F8
20184500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20194500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20204500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
20214500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20224500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
20234500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20244500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20254500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
20264500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20274500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20284500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
20294500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20304500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
20314500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20324500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20334500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
20344500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20354500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20364500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
20374500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20384500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20394500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
20404500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20414500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20424500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
20434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20444500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20454500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
20464500.3604: SUPR3HardenedMain: Calling TrustedMain (00007ffdc50016c0)...
20474500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
20484500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
20494500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
20504500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
20514500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
20524500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20534500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
20544500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
20554500.3604: supR3HardenedDllNotificationCallback: load 00007ffe17f70000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
20564500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
20574500.3604: supR3HardenedDllNotificationCallback: load 00007ffe16510000 LB 0x0078a000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
20584500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
20594500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1abd0000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
20604500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20614500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
20624500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
20634500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20644500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19690000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
20654500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20664500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
20674500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
20684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20704500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20714500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20724500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20734500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20744500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20764500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20774500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20784500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
20794500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
20804500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
20814500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20824500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20834500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
20844500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20854500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20864500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20874500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20894500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
20904500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20914500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
20934500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20944500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20954500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
20964500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
20974500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
20984500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
20994500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21004500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21014500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
21024500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
21034500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
21044500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
21054500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21064500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
21074500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
21084500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
21094500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
21104500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
21114500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
21124500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21134500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21144500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21154500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21164500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21174500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21184500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21194500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21204500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21214500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21234500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
21244500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21254500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21264500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21274500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21284500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21294500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21314500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21324500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21344500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21354500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
21364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21374500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21384500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21394500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21404500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21434500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21444500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21454500.3604: supR3HardenedDllNotificationCallback: load 00007ffdc6d20000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
21464500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21474500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6d20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
21484500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
21494500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
21504500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
21514500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
21524500.3604: supR3HardenedDllNotificationCallback: load 00007ffe16fb0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
21534500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
21544500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21554500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21564500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21574500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21584500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21594500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
21604500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
21614500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a0 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21624500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
21634500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
21644500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=008FC60BD6BD131F2BA2F8399DCDDB004781856F
21654500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21664500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
21674500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
21684500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21694500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21704500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
21714500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
21724500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
21734500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21744500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21764500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21774500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21784500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21794500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21804500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21814500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21824500.3604: supR3HardenedDllNotificationCallback: load 00007ffe15e30000 LB 0x0009f000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
21834500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21844500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15e30000 'C:\WINDOWS\system32\uxtheme.dll'
21854500.3604: \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Owner is administrators group.
21864500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
21874500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'userenv.dll'.
21884500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
21894500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21904500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
21914500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
21924500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
21934500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
21944500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
21954500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
21964500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
21974500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll) WinVerifyTrust
21984500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
21994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
22004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
22014500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000630 pwszName=\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
22024500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
22034500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
22044500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3034B43023697EC11C2CC7A826C7023D130AF0F
22054500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
22064500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22074500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22084500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22094500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll'
22104500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22114500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22124500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
22134500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
22144500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll) WinVerifyTrust
22154500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
22164500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22174500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22184500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
22194500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22204500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22214500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22244500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
22254500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22264500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22274500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22284500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22294500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22304500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
22314500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22324500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22344500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
22364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
22374500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22384500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22394500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22404500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22424500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22444500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22454500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22464500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
22474500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22484500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
22494500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
22504500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22514500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22524500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22534500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22544500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22554500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
22564500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
22574500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22584500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22594500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22604500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
22614500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
22624500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22634500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22644500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
22654500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
22664500.3604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll)
22674500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll
22684500.3604: supR3HardenedDllNotificationCallback: load 00007ffe18550000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
22694500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
22704500.3604: supR3HardenedDllNotificationCallback: load 00007ffe125a0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
22714500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
22724500.3604: supR3HardenedDllNotificationCallback: load 00007ffe096f0000 LB 0x001a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\gdiplus.dll [fFlags=0x0]
22734500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll [avoiding WinVerifyTrust]
22744500.3604: supR3HardenedDllNotificationCallback: load 00007ffdc3420000 LB 0x00153000 C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [fFlags=0x0]
22754500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
22764500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3420000 'C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll'
22774500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll
22784500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
22794500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
22804500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3034B43023697EC11C2CC7A826C7023D130AF0F
22814500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22824500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22834500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22844500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22854500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
22864500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22874500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
22894500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
22904500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll'
22914500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22924500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.153_none_faea9b3576185fd4\GdiPlus.dll'
22934500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'C:\WINDOWS\system32\user32.dll'
22944500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22954500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22964500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
22974500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22984500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22994500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1abd0000 'C:\WINDOWS\system32\SHCore.dll'
23004500.3604: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
23014500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
23024500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
23034500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23044500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\system32\winmm.dll'
23054500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
23064500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23074500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c200000 'C:\WINDOWS\system32\winmm.dll'
23084500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
23094500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23104500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
23114500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23124500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23134500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15e30000 'C:\WINDOWS\system32\uxtheme.dll'
23144500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23154500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23164500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\system32\advapi32.dll'
23174500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
23184500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23194500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18550000 'C:\WINDOWS\system32\userenv.dll'
23204500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
23214500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23224500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a630000 'C:\WINDOWS\System32\kernel32.dll'
23234500.3604: supR3HardenedDllNotificationCallback: load 00007ffe19040000 LB 0x000a8000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
23244500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23254500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
23264500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
23274500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23284500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23294500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23304500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23314500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23324500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
23334500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23344500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
23354500.33c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
23364500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23374500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23384500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23394500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23404500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23414500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23424500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23434500.33c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
23444500.33c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23454500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23464500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23474500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23484500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23494500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23504500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23514500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23524500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23534500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23544500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23554500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23564500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23574500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23584500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
23594500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23604500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23614500.33c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23624500.33c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23634500.33c0: supR3HardenedDllNotificationCallback: load 00007ffdc3e10000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23644500.33c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23654500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23664500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
23674500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23684500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23694500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23704500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
23714500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23724500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23734500.33c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23744500.33c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
23754500.33c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23764500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23774500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23784500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23794500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23804500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23814500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23824500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23834500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23844500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23854500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23864500.33c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
23874500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23884500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23894500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23904500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23914500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23924500.33c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23934500.33c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23944500.33c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23954500.33c0: supR3HardenedDllNotificationCallback: load 00007ffdc6be0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
23964500.33c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23974500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6be0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
23984500.33c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23994500.33c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24004500.33c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ad00000 'C:\Windows\System32\oleaut32.dll'
24014500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a190000 'C:\WINDOWS\system32\gdi32.dll'
24024500.4058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24034500.4058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24044500.4058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24054500.4058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24064500.4058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24074500.4058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
24084500.4058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24094500.4058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24104500.4058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24114500.4058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24124500.4058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24134500.4058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24144500.4058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24154500.4058: supR3HardenedDllNotificationCallback: load 00007ffe0c3e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
24164500.4058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24174500.4058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c3e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
24184500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24194500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24204500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
24214500.3604: supR3HardenedDllNotificationCallback: load 00007ffe1a6f0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
24224500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24234500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
24244500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
24254500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
24264500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
24274500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
24284500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
24294500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24314500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
24324500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24334500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24344500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
24354500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24364500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24374500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24384500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24394500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24404500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24414500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24424500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24444500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
24454500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a68 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24464500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
24474500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
24484500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60362572FA6AF1A9FE25C7CF141D4B6757457357
24494500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24504500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24514500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
24524500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24534500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24544500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
24554500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
24564500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
24574500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24584500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
24594500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
24604500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24614500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24624500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
24634500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
24644500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
24654500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
24664500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
24674500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
24684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
24694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
24704500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
24714500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24724500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24734500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
24744500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24754500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24764500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24774500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
24784500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
24794500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
24804500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
24814500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24824500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24834500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24844500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24854500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
24864500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
24874500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
24884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
24894500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
24904500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24914500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
24924500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
24934500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
24944500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24954500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24964500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24974500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24984500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
24994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25004500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25014500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25024500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25034500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25044500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25054500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
25064500.3604: supR3HardenedDllNotificationCallback: load 00007ffe170f0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
25074500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
25084500.3604: supR3HardenedDllNotificationCallback: load 00007ffe14cf0000 LB 0x00263000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
25094500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25104500.3604: supR3HardenedDllNotificationCallback: load 00007ffe14f60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
25114500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25124500.3604: supR3HardenedDllNotificationCallback: load 00007ffde6970000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
25134500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25144500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a190000 'C:\WINDOWS\System32\gdi32.dll'
25154500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6970000 'C:\WINDOWS\system32\dataexchange.dll'
25164500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
25174500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
25184500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
25194500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
25204500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
25214500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0b4b0000 LB 0x00202000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
25224500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
25234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
25244500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
25254500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
25264500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25274500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25284500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25294500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25304500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25314500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
25324500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
25334500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
25344500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
25354500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25364500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25374500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1abd0000 'C:\WINDOWS\system32\Shcore.dll'
25384500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25394500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
25404500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
25414500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
25424500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
25434500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
25444500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
25454500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25464500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
25474500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
25484500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
25494500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
25504500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
25514500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25524500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
25534500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
25544500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
25554500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
25564500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
25574500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
25584500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
25594500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
25604500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
25614500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
25624500.3604: supR3HardenedDllNotificationCallback: load 00007ffe173c0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
25634500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
25644500.3604: supR3HardenedDllNotificationCallback: load 00007ffe15bb0000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
25654500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
25664500.3604: supR3HardenedDllNotificationCallback: load 00007ffe154d0000 LB 0x00156000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
25674500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
25684500.3604: supR3HardenedDllNotificationCallback: load 00007ffe15850000 LB 0x0035a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
25694500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
25704500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0ee50000 LB 0x000fc000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
25714500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
25724500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
25734500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
25744500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
25754500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25764500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25774500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25784500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25794500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25804500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25814500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25824500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25834500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25844500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25854500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
25864500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
25874500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25884500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25894500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25904500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25914500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25924500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25934500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25944500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25954500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25964500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25974500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
25994500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
26004500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
26014500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26024500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26034500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26044500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26054500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26064500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26074500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26084500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26094500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
26104500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26114500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26124500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
26134500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26144500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
26154500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26164500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26174500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
26184500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26194500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26204500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
26214500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26224500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26234500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
26244500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
26254500.3604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26264500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
26274500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
26284500.3604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26294500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ff0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
26304500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
26314500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26324500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe191e0000 'api-ms-win-core-com-l1-1-0.dll'
26334500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19e60000 'C:\WINDOWS\system32\ole32.dll'
26344500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
26354500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26364500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a6f0000 'C:\WINDOWS\System32\MSCTF.dll'
26374500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19e60000 'C:\WINDOWS\System32\ole32.dll'
26384500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1ad00000 'C:\WINDOWS\System32\OLEAUT32.dll'
26394500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b08 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26404500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
26414500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
26424500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46BE18D02EFADA6E2F926AE4B4C307765628F960
26434500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26444500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26454500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
26464500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26474500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26484500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
26494500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
26504500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
26514500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26524500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26534500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26544500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26554500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
26564500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
26574500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EE8CE12BD1BE2D5C631FB945E56CB8B6B41928B
26584500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26594500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26604500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
26614500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26624500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26634500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
26644500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26654500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26664500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26674500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
26684500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26694500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26704500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26714500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26724500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26734500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26744500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26754500.3604: supR3HardenedDllNotificationCallback: load 00007ffe11ef0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
26764500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26774500.3604: supR3HardenedDllNotificationCallback: load 00007ffe11520000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
26784500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26794500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
26804500.3604: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26814500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
26824500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11520000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
26834500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b78 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26844500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
26854500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
26864500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC2897B72ED5F23C46FCCABE8804053C8A2F56D
26874500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
26884500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
26894500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
26904500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26914500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26924500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
26934500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
26944500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26954500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26964500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26974500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26984500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26994500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27004500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27014500.3604: supR3HardenedDllNotificationCallback: load 00007ffe10230000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
27024500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
27034500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10230000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
27044500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
27054500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27064500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-0.dll'
27074500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
27084500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27094500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
27104500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b70 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27114500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
27124500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
27134500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97DB456414A6404D40FC68397CEC149031102AB1
27144500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27154500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27164500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
27174500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27184500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27194500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
27204500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
27214500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27224500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
27234500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
27244500.3604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
27254500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27264500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27274500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27284500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27294500.3604: supR3HardenedDllNotificationCallback: load 00007ffe10300000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
27304500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
27314500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe10300000 'C:\WINDOWS\system32\wbem\fastprox.dll'
27324500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba8 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
27334500.3604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
27344500.3604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
27354500.3604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5EADECC72051B192313442AC435D4D342659B45
27364500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27374500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27384500.3604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.113.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
27394500.3604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27404500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27414500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
27424500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
27434500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
27444500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27454500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27464500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27474500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27484500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27494500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
27504500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0ff10000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
27514500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
27524500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0ff10000 'C:\WINDOWS\System32\amsi.dll'
27534500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
27544500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
27554500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
27564500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
27574500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
27584500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll) WinVerifyTrust
27594500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
27604500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27614500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27624500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27634500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27644500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27654500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27664500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27674500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
27684500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0fe80000 LB 0x00046000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll [fFlags=0x0]
27694500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MpOAV.dll
27704500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
27714500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27724500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
27734500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
27744500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27754500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
27764500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
27774500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27784500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-synch-l1-2-0'
27794500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
27804500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27814500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-fibers-l1-1-1'
27824500.3604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
27834500.3604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27844500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe187f0000 'api-ms-win-core-localization-l1-2-1'
27854500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
27864500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27874500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
27884500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
27894500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27904500.3604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27914500.3604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27924500.3604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
27934500.3604: supR3HardenedDllNotificationCallback: load 00007ffe11640000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
27944500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
27954500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11640000 'C:\WINDOWS\system32\version.dll'
27964500.3604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
27974500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
27984500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0fe80000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpOav.dll'
27994500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28004500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28014500.3604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
28024500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1a870000 'C:\WINDOWS\System32\ADVAPI32.dll'
28034500.4e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28044500.4e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28054500.4e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28064500.4e24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
28074500.4e24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28084500.4e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28094500.4e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28104500.4e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28114500.4e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28124500.4e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28134500.4e24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28144500.4e24: supR3HardenedDllNotificationCallback: load 00007ffdb8950000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
28154500.4e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28164500.4e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb8950000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28174500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28184500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c98 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
28194500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
28204500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
28214500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C55CF6F88F96953426D647BA94686B330A7EFFC1
28224500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28234500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28244500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04111~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
28254500.1a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28264500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
28274500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
28284500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
28294500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
28304500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
28314500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
28324500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
28334500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
28344500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
28354500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
28364500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
28374500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c2c pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
28384500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
28394500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
28404500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B64F747647B0A9013075359279CF6522F7C12CDE
28414500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28424500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28434500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
28444500.1a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28454500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) WinVerifyTrust
28464500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
28474500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28484500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28494500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28504500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28514500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28524500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
28534500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
28544500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
28554500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
28564500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28574500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
28584500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
28594500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
28604500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
28614500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
28624500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
28634500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
28644500.1a54: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
28654500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
28664500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
28674500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28684500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28694500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28704500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28714500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
28724500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
28734500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28744500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
28754500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
28764500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
28774500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28784500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28794500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
28804500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28814500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28824500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28834500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28844500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
28854500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
28864500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
28874500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28884500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28894500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28904500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28914500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28924500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
28934500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
28944500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
28954500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe18b20000 LB 0x0004d000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
28964500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
28974500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe11a50000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
28984500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
28994500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe1a1c0000 LB 0x00467000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
29004500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
29014500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe0f660000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
29024500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
29034500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdcbba0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
29044500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
29054500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbba0000 'C:\Windows\System32\NetSetupShim.dll'
29064500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29074500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29084500.1a54: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
29094500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29104500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29114500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29124500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
29134500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
29144500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
29154500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
29164500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
29174500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
29184500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
29194500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29204500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29214500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29224500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
29234500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
29244500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
29254500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29264500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29274500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29284500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29294500.1a54: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
29304500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
29314500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
29324500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29334500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29344500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29354500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29364500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
29374500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29384500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29394500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29404500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29414500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
29424500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29434500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
29444500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
29454500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe1acf0000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
29464500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
29474500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe11cd0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
29484500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
29494500.1a54: supR3HardenedDllNotificationCallback: load 00007ffde5330000 LB 0x000c9000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
29504500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
29514500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde5330000 'C:\Windows\System32\NetSetupEngine.dll'
29524500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29534500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
29544500.1a54: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
29554500.4f68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29564500.4f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29574500.4f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29584500.4f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
29594500.4f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
29604500.4f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29614500.4f68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
29624500.4f68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29634500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29644500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29654500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29664500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29674500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29684500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29694500.4f68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29704500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29714500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29724500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29734500.4f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29744500.4f68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29754500.4f68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29764500.4f68: supR3HardenedDllNotificationCallback: load 00007ffe0c120000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
29774500.4f68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29784500.4f68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c120000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
29794500.28bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
29804500.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29814500.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29824500.28bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29834500.28bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
29844500.28bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29854500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29864500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29874500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29884500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29894500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29904500.28bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29914500.28bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
29924500.28bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29934500.28bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29944500.28bc: supR3HardenedDllNotificationCallback: load 00007ffe0c110000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
29954500.28bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29964500.28bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0c110000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
29974500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\Shell32.dll'
29984500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29994500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30004500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb8950000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30014500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30024500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30034500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30044500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30054500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30064500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
30074500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
30084500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30094500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30104500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30114500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30124500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30134500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30144500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30154500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30164500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30174500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30184500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30194500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30204500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30214500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdcbf30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30224500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30234500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbf30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
30244500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdcbf30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30254500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc0 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30264500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012328d0
30274500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012328d0
30284500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8401D407AEA23766BB4FE6F0EB51772C5540EF0D
30294500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30304500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
30314500.1a54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.153.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
30324500.1a54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30334500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
30344500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
30354500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30364500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
30374500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
30384500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30394500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
30404500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
30414500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
30424500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30434500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30444500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30454500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe11e00000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
30464500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30474500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdd1f70000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
30484500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30494500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd1f70000 'C:\WINDOWS\system32\WinHvPlatform.dll'
30504500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30514500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30524500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe11e00000 'C:\WINDOWS\system32\vid.dll'
30534500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30544500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
30554500.1a54: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
30564500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
30574500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30584500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30594500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1af50000 'C:\WINDOWS\system32\NTDLL.DLL'
30604500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30614500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30624500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30634500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30644500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30654500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
30664500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
30674500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30684500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
30694500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
30704500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
30714500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
30724500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
30734500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
30744500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
30754500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
30764500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30774500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18b70000 'C:\WINDOWS\System32\crypt32.dll'
30784500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
30794500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
30804500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30814500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30824500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30834500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30844500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
30854500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30864500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30874500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30884500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30894500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30904500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
30914500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
30924500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
30934500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30944500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30954500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
30964500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30974500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
30984500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
30994500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31004500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31014500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31024500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31034500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31044500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31054500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31064500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31074500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
31084500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31094500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
31104500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31114500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31124500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31134500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31144500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31154500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31164500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31174500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31184500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31194500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31204500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31214500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31224500.1a54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31234500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31244500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31254500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31264500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31274500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31284500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31294500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31304500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
31314500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31324500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31334500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
31344500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdcbcf0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
31354500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31364500.1a54: supR3HardenedDllNotificationCallback: load 00007ffd959a0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
31374500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31384500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe17a70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
31394500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
31404500.1a54: supR3HardenedDllNotificationCallback: load 00007ffd96200000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
31414500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
31424500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd96200000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
31434500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31444500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31454500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31464500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31474500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdcbf30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31484500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31494500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbf30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
31504500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31514500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
31524500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31534500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
31544500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31554500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31564500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31574500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd959a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
31584500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31594500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31604500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31614500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31624500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
31634500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31644500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31654500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31664500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31674500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31684500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31694500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31704500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdf8bf0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
31714500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31724500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf8bf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
31734500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31744500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31754500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31764500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31774500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
31784500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31794500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31804500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31814500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31824500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31834500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31844500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31854500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdf2710000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
31864500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31874500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2710000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
31884500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31894500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
31904500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31914500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31924500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
31934500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31944500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31954500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31964500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31974500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31984500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31994500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32004500.1a54: supR3HardenedDllNotificationCallback: load 00007ffded280000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
32014500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32024500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffded280000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
32034500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32044500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32054500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32064500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32074500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
32084500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32094500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32104500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32114500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32124500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32134500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32144500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32154500.1a54: supR3HardenedDllNotificationCallback: load 00007ffdecaf0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
32164500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32174500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdecaf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
32184500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32194500.41a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32204500.41a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32214500.41a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32224500.41a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32234500.41a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
32244500.41a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32254500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32264500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32274500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32284500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32294500.41a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32304500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32314500.41a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32324500.41a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32334500.41a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32344500.41a4: supR3HardenedDllNotificationCallback: load 00007ffdec040000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
32354500.41a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32364500.41a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec040000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
32374500.440c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32384500.440c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32394500.440c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32404500.440c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
32414500.440c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32424500.440c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
32434500.440c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32444500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32454500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32464500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32474500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32484500.440c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32494500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32504500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32514500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32524500.440c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32534500.440c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32544500.440c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32554500.440c: supR3HardenedDllNotificationCallback: load 00007ffdf92b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
32564500.440c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32574500.440c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf92b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32584500.3d94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
32594500.3d94: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32604500.3d94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32614500.3d94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32624500.3d94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32634500.3d94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32644500.3d94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
32654500.3d94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32664500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32674500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32684500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32694500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32704500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32714500.3d94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32724500.3d94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32734500.3d94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32744500.3d94: supR3HardenedDllNotificationCallback: load 00007ffdf3080000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32754500.3d94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32764500.3d94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3080000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32774500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32784500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32794500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32804500.1a54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32814500.1a54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
32824500.1a54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32834500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32844500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32854500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32864500.1a54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32874500.1a54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32884500.1a54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32894500.1a54: supR3HardenedDllNotificationCallback: load 00007ffe125f0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
32904500.1a54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32914500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe125f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
32924500.1a54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17710000 'C:\WINDOWS\system32\rsaenh.dll'
32934500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32944500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32954500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32964500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32974500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32984500.3604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19720000 'C:\WINDOWS\system32\shell32.dll'
32994500.3d94: supR3HardenedDllNotificationCallback: Unload 00007ffdf3080000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
33004500.440c: supR3HardenedDllNotificationCallback: Unload 00007ffdf92b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
33014500.41a4: supR3HardenedDllNotificationCallback: Unload 00007ffdec040000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
33024500.28bc: supR3HardenedDllNotificationCallback: Unload 00007ffe0c110000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
33034500.4f68: supR3HardenedDllNotificationCallback: Unload 00007ffe0c120000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
33044500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdecaf0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
33054500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffded280000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
33064500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdf2710000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
33074500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdf8bf0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
33084500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdcbf30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
33094500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffd96200000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
33104500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffdcbcf0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
33114500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffd959a0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
33124500.1a54: supR3HardenedDllNotificationCallback: Unload 00007ffe17a70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
33134500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe0c3e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
33144500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe10230000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
33154500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffde6970000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
33164500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
33174500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
33184500.3604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
33194500.3604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
33204500.3604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
33214500.3604: supR3HardenedDllNotificationCallback: load 00007ffe0ed30000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
33224500.3604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
33234500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe14cf0000 LB 0x00263000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
33244500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe170f0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
33254500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe14f60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
33264500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe0b4b0000 LB 0x00202000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
33274500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe10300000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
33284500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffdc6be0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
33294500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe11520000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
33304500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe11ef0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
33314500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffdc3e10000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33324500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffdcbba0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
33334500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe11a50000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
33344500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe1a1c0000 LB 0x00467000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
33354500.3604: supR3HardenedDllNotificationCallback: Unload 00007ffe0f660000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
33364500.3604: Terminating the normal way: rcExit=0
333720a8.52f4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 28504 ms, the end);
333832f8.6bc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 29229 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy