VirtualBox

Ticket #19660: VBoxHardening_log.txt

File VBoxHardening_log.txt, 439.7 KB (added by k00000, 4 years ago)
Line 
130d0.369c: Log file opened: 6.0.20r137117 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
230d0.369c: \SystemRoot\System32\ntdll.dll:
330d0.369c: CreationTime: 2020-04-24T15:38:30.807338400Z
430d0.369c: LastWriteTime: 2020-03-31T05:56:05.198151300Z
530d0.369c: ChangeTime: 2020-05-29T16:05:27.617177600Z
630d0.369c: FileAttributes: 0x20
730d0.369c: Size: 0x1dd0a8
830d0.369c: NT Headers: 0xe0
930d0.369c: Timestamp: 0x20af46db
1030d0.369c: Machine: 0x8664 - amd64
1130d0.369c: Timestamp: 0x20af46db
1230d0.369c: Image Version: 10.0
1330d0.369c: SizeOfImage: 0x1e0000 (1966080)
1430d0.369c: Resource Dir: 0x174000 LB 0x6a288
1530d0.369c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1630d0.369c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1730d0.369c: ProductName: Microsoft® Windows® Operating System
1830d0.369c: ProductVersion: 10.0.16299.1806
1930d0.369c: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
2030d0.369c: FileDescription: NT Layer DLL
2130d0.369c: \SystemRoot\System32\kernel32.dll:
2230d0.369c: CreationTime: 2020-04-24T15:42:20.253248900Z
2330d0.369c: LastWriteTime: 2020-03-31T05:55:52.543130300Z
2430d0.369c: ChangeTime: 2020-05-29T16:05:27.390841000Z
2530d0.369c: FileAttributes: 0x20
2630d0.369c: Size: 0xab808
2730d0.369c: NT Headers: 0xe8
2830d0.369c: Timestamp: 0x6edcef78
2930d0.369c: Machine: 0x8664 - amd64
3030d0.369c: Timestamp: 0x6edcef78
3130d0.369c: Image Version: 10.0
3230d0.369c: SizeOfImage: 0xae000 (712704)
3330d0.369c: Resource Dir: 0xac000 LB 0x520
3430d0.369c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3530d0.369c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3630d0.369c: ProductName: Microsoft® Windows® Operating System
3730d0.369c: ProductVersion: 10.0.16299.1806
3830d0.369c: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
3930d0.369c: FileDescription: Windows NT BASE API Client DLL
4030d0.369c: \SystemRoot\System32\KernelBase.dll:
4130d0.369c: CreationTime: 2020-04-24T15:37:18.886112000Z
4230d0.369c: LastWriteTime: 2020-03-31T05:56:40.319829900Z
4330d0.369c: ChangeTime: 2020-05-29T16:05:27.638832100Z
4430d0.369c: FileAttributes: 0x20
4530d0.369c: Size: 0x265c70
4630d0.369c: NT Headers: 0xf0
4730d0.369c: Timestamp: 0x5b835ca5
4830d0.369c: Machine: 0x8664 - amd64
4930d0.369c: Timestamp: 0x5b835ca5
5030d0.369c: Image Version: 10.0
5130d0.369c: SizeOfImage: 0x266000 (2514944)
5230d0.369c: Resource Dir: 0x245000 LB 0x548
5330d0.369c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5430d0.369c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5530d0.369c: ProductName: Microsoft® Windows® Operating System
5630d0.369c: ProductVersion: 10.0.16299.1806
5730d0.369c: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
5830d0.369c: FileDescription: Windows NT BASE API Client DLL
5930d0.369c: \SystemRoot\System32\apisetschema.dll:
6030d0.369c: CreationTime: 2018-11-08T12:03:43.347058300Z
6130d0.369c: LastWriteTime: 2018-07-18T03:26:42.333897700Z
6230d0.369c: ChangeTime: 2020-05-29T16:05:27.845755200Z
6330d0.369c: FileAttributes: 0x20
6430d0.369c: Size: 0x1b3b8
6530d0.369c: NT Headers: 0xc8
6630d0.369c: Timestamp: 0x35fd1902
6730d0.369c: Machine: 0x8664 - amd64
6830d0.369c: Timestamp: 0x35fd1902
6930d0.369c: Image Version: 10.0
7030d0.369c: SizeOfImage: 0x1c000 (114688)
7130d0.369c: Resource Dir: 0x1b000 LB 0x408
7230d0.369c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7330d0.369c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7430d0.369c: ProductName: Microsoft® Windows® Operating System
7530d0.369c: ProductVersion: 10.0.16299.579
7630d0.369c: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
7730d0.369c: FileDescription: ApiSet Schema DLL
7830d0.369c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7930d0.369c: supR3HardenedWinFindAdversaries: 0x20
8030d0.369c: \SystemRoot\System32\drivers\mfeavfk.sys:
8130d0.369c: CreationTime: 2019-11-13T16:57:52.101358800Z
8230d0.369c: LastWriteTime: 2019-11-13T16:57:42.179230700Z
8330d0.369c: ChangeTime: 2019-11-13T16:57:42.179230700Z
8430d0.369c: FileAttributes: 0x20
8530d0.369c: Size: 0x5cf58
8630d0.369c: NT Headers: 0xf0
8730d0.369c: Timestamp: 0x5d0ab6bc
8830d0.369c: Machine: 0x8664 - amd64
8930d0.369c: Timestamp: 0x5d0ab6bc
9030d0.369c: Image Version: 0.0
9130d0.369c: SizeOfImage: 0x5d000 (380928)
9230d0.369c: Resource Dir: 0x5b000 LB 0x758
9330d0.369c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
9430d0.369c: [Raw version resource data: 0x5b110 LB 0x334, codepage 0x0 (reserved 0x0)]
9530d0.369c: ProductName: SYSCORE
9630d0.369c: ProductVersion: 19.5.0.169
9730d0.369c: FileVersion: SYSCORE.19.5.0.169
9830d0.369c: PrivateBuild: SYSCORE.19.5.0.169 F15,F16,F19
9930d0.369c: FileDescription: Anti-Virus File System Filter Driver
10030d0.369c: \SystemRoot\System32\drivers\mfefirek.sys:
10130d0.369c: CreationTime: 2019-11-13T16:57:42.436699300Z
10230d0.369c: LastWriteTime: 2019-11-13T16:57:42.442715200Z
10330d0.369c: ChangeTime: 2019-11-13T16:57:53.033781700Z
10430d0.369c: FileAttributes: 0x20
10530d0.369c: Size: 0x7e758
10630d0.369c: NT Headers: 0xe0
10730d0.369c: Timestamp: 0x5d0ab71a
10830d0.369c: Machine: 0x8664 - amd64
10930d0.369c: Timestamp: 0x5d0ab71a
11030d0.369c: Image Version: 0.0
11130d0.369c: SizeOfImage: 0x80000 (524288)
11230d0.369c: Resource Dir: 0x7c000 LB 0x388
11330d0.369c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11430d0.369c: [Raw version resource data: 0x7c060 LB 0x328, codepage 0x0 (reserved 0x0)]
11530d0.369c: ProductName: SYSCORE
11630d0.369c: ProductVersion: 19.5.0.169
11730d0.369c: FileVersion: SYSCORE.19.5.0.169
11830d0.369c: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
11930d0.369c: FileDescription: McAfee Core Firewall Engine Driver
12030d0.369c: \SystemRoot\System32\drivers\mfehidk.sys:
12130d0.369c: CreationTime: 2019-11-13T16:57:42.045167000Z
12230d0.369c: LastWriteTime: 2019-11-13T16:57:42.058238300Z
12330d0.369c: ChangeTime: 2019-11-13T16:57:51.715283200Z
12430d0.369c: FileAttributes: 0x20
12530d0.369c: Size: 0xf2158
12630d0.369c: NT Headers: 0x108
12730d0.369c: Timestamp: 0x5d0ab680
12830d0.369c: Machine: 0x8664 - amd64
12930d0.369c: Timestamp: 0x5d0ab680
13030d0.369c: Image Version: 0.0
13130d0.369c: SizeOfImage: 0xfc000 (1032192)
13230d0.369c: Resource Dir: 0xf8000 LB 0x758
13330d0.369c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
13430d0.369c: [Raw version resource data: 0xf8110 LB 0x320, codepage 0x0 (reserved 0x0)]
13530d0.369c: ProductName: SYSCORE
13630d0.369c: ProductVersion: 19.5.0.169
13730d0.369c: FileVersion: SYSCORE.19.5.0.169
13830d0.369c: PrivateBuild: SYSCORE.19.5.0.169 F14,F15,F16,F18,F20
13930d0.369c: FileDescription: McAfee Link Driver
14030d0.369c: \SystemRoot\System32\drivers\mfencbdc.sys:
14130d0.369c: CreationTime: 2019-11-14T15:22:41.695377800Z
14230d0.369c: LastWriteTime: 2019-11-14T15:18:19.756987000Z
14330d0.369c: ChangeTime: 2019-11-14T15:22:43.104654900Z
14430d0.369c: FileAttributes: 0x20
14530d0.369c: Size: 0x89f58
14630d0.369c: NT Headers: 0xe0
14730d0.369c: Timestamp: 0x5cc9b996
14830d0.369c: Machine: 0x8664 - amd64
14930d0.369c: Timestamp: 0x5cc9b996
15030d0.369c: Image Version: 0.0
15130d0.369c: SizeOfImage: 0x8d000 (577536)
15230d0.369c: Resource Dir: 0x8b000 LB 0x3d8
15330d0.369c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15430d0.369c: [Raw version resource data: 0x8b060 LB 0x378, codepage 0x0 (reserved 0x0)]
15530d0.369c: ProductName: Anti-Malware Core
15630d0.369c: ProductVersion: 19.5.0
15730d0.369c: FileVersion: Anti-Malware Core.19.5.0.68.x64
15830d0.369c: PrivateBuild: Anti-Malware Core.19.5.0.68.x64
15930d0.369c: FileDescription: Event Driver
16030d0.369c: \SystemRoot\System32\drivers\mfewfpk.sys:
16130d0.369c: CreationTime: 2019-11-13T16:57:42.087280800Z
16230d0.369c: LastWriteTime: 2019-11-13T16:57:42.090315600Z
16330d0.369c: ChangeTime: 2019-11-13T16:57:50.729644700Z
16430d0.369c: FileAttributes: 0x20
16530d0.369c: Size: 0x3df58
16630d0.369c: NT Headers: 0xf0
16730d0.369c: Timestamp: 0x5d0ab68f
16830d0.369c: Machine: 0x8664 - amd64
16930d0.369c: Timestamp: 0x5d0ab68f
17030d0.369c: Image Version: 0.0
17130d0.369c: SizeOfImage: 0x59000 (364544)
17230d0.369c: Resource Dir: 0x57000 LB 0x380
17330d0.369c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
17430d0.369c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
17530d0.369c: ProductName: SYSCORE
17630d0.369c: ProductVersion: 19.5.0.169
17730d0.369c: FileVersion: SYSCORE.19.5.0.169
17830d0.369c: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
17930d0.369c: FileDescription: Anti-Virus Mini-Firewall Driver
18030d0.369c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
18130d0.369c: Calling main()
18230d0.369c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
18330d0.369c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
18430d0.369c: SUPR3HardenedMain: Respawn #1
18530d0.369c: System32: \Device\HarddiskVolume4\Windows\System32
18630d0.369c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
18730d0.369c: KnownDllPath: C:\windows\System32
18830d0.369c: supR3HardenedWinInit: Performing a limited self purification...
18930d0.369c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
19030d0.369c: *0000000000000000-0000000000dbffff 0x0001/0x0000 0x0000000
19130d0.369c: *0000000000dc0000-0000000000dcffff 0x0004/0x0004 0x0040000
19230d0.369c: *0000000000dd0000-0000000000dd0fff 0x0004/0x0004 0x0020000
19330d0.369c: 0000000000dd1000-0000000000ddffff 0x0001/0x0000 0x0000000
19430d0.369c: *0000000000de0000-0000000000df8fff 0x0002/0x0002 0x0040000
19530d0.369c: 0000000000df9000-0000000000dfffff 0x0001/0x0000 0x0000000
19630d0.369c: *0000000000e00000-0000000000eb6fff 0x0000/0x0004 0x0020000
19730d0.369c: 0000000000eb7000-0000000000eb9fff 0x0004/0x0004 0x0020000
19830d0.369c: 0000000000eba000-0000000000ffffff 0x0000/0x0004 0x0020000
19930d0.369c: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
20030d0.369c: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
20130d0.369c: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
20230d0.369c: *0000000001100000-0000000001103fff 0x0002/0x0002 0x0040000
20330d0.369c: 0000000001104000-000000000110ffff 0x0001/0x0000 0x0000000
20430d0.369c: *0000000001110000-0000000001110fff 0x0004/0x0004 0x0020000
20530d0.369c: 0000000001111000-000000000111ffff 0x0001/0x0000 0x0000000
20630d0.369c: *0000000001120000-000000000311ffff 0x0000/0x0004 0x0020000
20730d0.369c: 0000000003120000-0000000003120fff 0x0004/0x0004 0x0020000
20830d0.369c: 0000000003121000-000000000314ffff 0x0001/0x0000 0x0000000
20930d0.369c: *0000000003150000-0000000003150fff 0x0002/0x0004 0x0020000
21030d0.369c: 0000000003151000-0000000003151fff 0x0020/0x0004 0x0020000 !!
21130d0.369c: 0000000003152000-000000000315ffff 0x0001/0x0000 0x0000000
21230d0.369c: *0000000003160000-0000000003160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
21330d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000003160000 LB 0x1000 (base 0000000003160000) - 'umppc11206.dll'
21430d0.369c: 0000000003161000-0000000003168fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
21530d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000003161000 LB 0x8000 (base 0000000003160000) - 'umppc11206.dll'
21630d0.369c: 0000000003169000-000000000316cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
21730d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000003169000 LB 0x4000 (base 0000000003160000) - 'umppc11206.dll'
21830d0.369c: 000000000316d000-000000000316efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
21930d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000000316d000 LB 0x2000 (base 0000000003160000) - 'umppc11206.dll'
22030d0.369c: 000000000316f000-000000000316ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
22130d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000000000316f000 LB 0x1000 (base 0000000003160000) - 'umppc11206.dll'
22230d0.369c: 0000000003170000-0000000003171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc11206.dll
22330d0.369c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000003170000 LB 0x2000 (base 0000000003160000) - 'umppc11206.dll'
22430d0.369c: 0000000003172000-000000000317ffff 0x0001/0x0000 0x0000000
22530d0.369c: *0000000003180000-0000000003181fff 0x0004/0x0004 0x0020000
22630d0.369c: 0000000003182000-00000000031b1fff 0x0000/0x0004 0x0020000
22730d0.369c: 00000000031b2000-00000000031dffff 0x0001/0x0000 0x0000000
22830d0.369c: *00000000031e0000-00000000031e4fff 0x0004/0x0004 0x0020000
22930d0.369c: 00000000031e5000-00000000032dffff 0x0000/0x0004 0x0020000
23030d0.369c: *00000000032e0000-00000000033a4fff 0x0002/0x0002 0x0040000
23130d0.369c: 00000000033a5000-000000000340ffff 0x0001/0x0000 0x0000000
23230d0.369c: *0000000003410000-0000000003411fff 0x0004/0x0004 0x0020000
23330d0.369c: 0000000003412000-000000000341ffff 0x0000/0x0004 0x0020000
23430d0.369c: *0000000003420000-000000000343cfff 0x0004/0x0004 0x0020000
23530d0.369c: 000000000343d000-000000000351ffff 0x0000/0x0004 0x0020000
23630d0.369c: 0000000003520000-000000000356ffff 0x0001/0x0000 0x0000000
23730d0.369c: *0000000003570000-000000000357efff 0x0004/0x0004 0x0020000
23830d0.369c: 000000000357f000-000000000357ffff 0x0000/0x0004 0x0020000
23930d0.369c: *0000000003580000-0000000003586fff 0x0000/0x0004 0x0020000
24030d0.369c: 0000000003587000-0000000003767fff 0x0004/0x0004 0x0020000
24130d0.369c: 0000000003768000-0000000003768fff 0x0000/0x0004 0x0020000
24230d0.369c: 0000000003769000-000000007ffdffff 0x0001/0x0000 0x0000000
24330d0.369c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
24430d0.369c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
24530d0.369c: 000000007fff0000-00007ff6393effff 0x0001/0x0000 0x0000000
24630d0.369c: *00007ff6393f0000-00007ff6393f4fff 0x0002/0x0002 0x0040000
24730d0.369c: 00007ff6393f5000-00007ff6394effff 0x0000/0x0002 0x0040000
24830d0.369c: *00007ff6394f0000-00007ff639512fff 0x0002/0x0002 0x0040000
24930d0.369c: 00007ff639513000-00007ff639c3ffff 0x0001/0x0000 0x0000000
25030d0.369c: *00007ff639c40000-00007ff639c40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25130d0.369c: 00007ff639c41000-00007ff639cb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25230d0.369c: 00007ff639cb6000-00007ff639cb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25330d0.369c: 00007ff639cb7000-00007ff639cfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25430d0.369c: 00007ff639cff000-00007ff639d01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25530d0.369c: 00007ff639d02000-00007ff639d04fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25630d0.369c: 00007ff639d05000-00007ff639d07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25730d0.369c: 00007ff639d08000-00007ff639d08fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25830d0.369c: 00007ff639d09000-00007ff639d0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25930d0.369c: 00007ff639d0b000-00007ff639d0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26030d0.369c: 00007ff639d0c000-00007ff639d54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26130d0.369c: 00007ff639d55000-00007ff90b99ffff 0x0001/0x0000 0x0000000
26230d0.369c: *00007ff90b9a0000-00007ff90b9a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26330d0.369c: 00007ff90b9a1000-00007ff90ba8dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26430d0.369c: 00007ff90ba8e000-00007ff90bbcffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26530d0.369c: 00007ff90bbd0000-00007ff90bbd3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26630d0.369c: 00007ff90bbd4000-00007ff90bbd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26730d0.369c: 00007ff90bbd5000-00007ff90bc05fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
26830d0.369c: 00007ff90bc06000-00007ff90dddffff 0x0001/0x0000 0x0000000
26930d0.369c: *00007ff90dde0000-00007ff90dde0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27030d0.369c: 00007ff90dde1000-00007ff90de52fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27130d0.369c: 00007ff90de53000-00007ff90de83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27230d0.369c: 00007ff90de84000-00007ff90de84fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27330d0.369c: 00007ff90de85000-00007ff90de85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27430d0.369c: 00007ff90de86000-00007ff90de8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27530d0.369c: 00007ff90de8e000-00007ff90f4cffff 0x0001/0x0000 0x0000000
27630d0.369c: *00007ff90f4d0000-00007ff90f4d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27730d0.369c: 00007ff90f4d1000-00007ff90f5e2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27830d0.369c: 00007ff90f5e3000-00007ff90f628fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27930d0.369c: 00007ff90f629000-00007ff90f629fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28030d0.369c: 00007ff90f62a000-00007ff90f62bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28130d0.369c: 00007ff90f62c000-00007ff90f630fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28230d0.369c: 00007ff90f631000-00007ff90f6affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28330d0.369c: 00007ff90f6b0000-00007ffffffdffff 0x0001/0x0000 0x0000000
28430d0.369c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
28530d0.369c: kernel32.dll: timestamp 0x6edcef78 (rc=VINF_SUCCESS)
28630d0.369c: kernelbase.dll: timestamp 0x5b835ca5 (rc=VINF_SUCCESS)
28730d0.369c: VirtualBoxVM.exe: timestamp 0x5e8f449f (rc=VINF_SUCCESS)
28830d0.369c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
28930d0.369c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
29030d0.369c: ntdll.dll: Differences in section #1 (.text) between file and memory:
29130d0.369c: 00007ff90f570183 / 0x00a0183: b8 != e9
29230d0.369c: 00007ff90f570184 / 0x00a0184: 07 != 5d
29330d0.369c: 00007ff90f570185 / 0x00a0185: 00 != 19
29430d0.369c: 00007ff90f570186 / 0x00a0186: 00 != 07
29530d0.369c: 00007ff90f570243 / 0x00a0243: b8 != e9
29630d0.369c: 00007ff90f570244 / 0x00a0244: 0d != a1
29730d0.369c: 00007ff90f570245 / 0x00a0245: 00 != 18
29830d0.369c: 00007ff90f570246 / 0x00a0246: 00 != 07
29930d0.369c: 00007ff90f5703a3 / 0x00a03a3: b8 != e9
30030d0.369c: 00007ff90f5703a4 / 0x00a03a4: 18 != 47
30130d0.369c: 00007ff90f5703a5 / 0x00a03a5: 00 != 17
30230d0.369c: 00007ff90f5703a6 / 0x00a03a6: 00 != 07
30330d0.369c: 00007ff90f570423 / 0x00a0423: b8 != e9
30430d0.369c: 00007ff90f570424 / 0x00a0424: 1c != c0
30530d0.369c: 00007ff90f570425 / 0x00a0425: 00 != 16
30630d0.369c: 00007ff90f570426 / 0x00a0426: 00 != 07
30730d0.369c: 00007ff90f570543 / 0x00a0543: b8 != e9
30830d0.369c: 00007ff90f570544 / 0x00a0544: 25 != a2
30930d0.369c: 00007ff90f570545 / 0x00a0545: 00 != 15
31030d0.369c: 00007ff90f570546 / 0x00a0546: 00 != 07
31130d0.369c: 00007ff90f5705a3 / 0x00a05a3: b8 != e9
31230d0.369c: 00007ff90f5705a4 / 0x00a05a4: 28 != 4d
31330d0.369c: 00007ff90f5705a5 / 0x00a05a5: 00 != 15
31430d0.369c: 00007ff90f5705a6 / 0x00a05a6: 00 != 07
31530d0.369c: 00007ff90f5705e3 / 0x00a05e3: b8 != e9
31630d0.369c: 00007ff90f5705e4 / 0x00a05e4: 2a != 0c
31730d0.369c: 00007ff90f5705e5 / 0x00a05e5: 00 != 15
31830d0.369c: 00007ff90f5705e6 / 0x00a05e6: 00 != 07
31930d0.369c: 00007ff90f5707e3 / 0x00a07e3: b8 != e9
32030d0.369c: 00007ff90f5707e4 / 0x00a07e4: 3a != 04
32130d0.369c: 00007ff90f5707e5 / 0x00a07e5: 00 != 13
32230d0.369c: 00007ff90f5707e6 / 0x00a07e6: 00 != 07
32330d0.369c: 00007ff90f570883 / 0x00a0883: b8 != e9
32430d0.369c: 00007ff90f570884 / 0x00a0884: 3f != 65
32530d0.369c: 00007ff90f570885 / 0x00a0885: 00 != 12
32630d0.369c: 00007ff90f570886 / 0x00a0886: 00 != 07
32730d0.369c: 00007ff90f570943 / 0x00a0943: b8 != e9
32830d0.369c: 00007ff90f570944 / 0x00a0944: 45 != 9f
32930d0.369c: 00007ff90f570945 / 0x00a0945: 00 != 11
33030d0.369c: 00007ff90f570946 / 0x00a0946: 00 != 07
33130d0.369c: 00007ff90f570aa3 / 0x00a0aa3: b8 != e9
33230d0.369c: 00007ff90f570aa4 / 0x00a0aa4: 50 != 46
33330d0.369c: 00007ff90f570aa5 / 0x00a0aa5: 00 != 10
33430d0.369c: 00007ff90f570aa6 / 0x00a0aa6: 00 != 07
33530d0.369c: 00007ff90f570ae3 / 0x00a0ae3: b8 != e9
33630d0.369c: 00007ff90f570ae4 / 0x00a0ae4: 52 != 08
33730d0.369c: 00007ff90f570ae5 / 0x00a0ae5: 00 != 10
33830d0.369c: 00007ff90f570ae6 / 0x00a0ae6: 00 != 07
33930d0.369c: Restored 0x2000 bytes of original file content at 00007ff90f56edee
34030d0.369c: ntdll.dll: Differences in section #1 (.text) between file and memory:
34130d0.369c: 00007ff90f571dd3 / 0x00a1dd3: b8 != e9
34230d0.369c: 00007ff90f571dd4 / 0x00a1dd4: ea != 1b
34330d0.369c: 00007ff90f571dd5 / 0x00a1dd5: 00 != fd
34430d0.369c: 00007ff90f571dd6 / 0x00a1dd6: 00 != 06
34530d0.369c: 00007ff90f572bf3 / 0x00a2bf3: b8 != e9
34630d0.369c: 00007ff90f572bf4 / 0x00a2bf4: 5b != ee
34730d0.369c: 00007ff90f572bf5 / 0x00a2bf5: 01 != ee
34830d0.369c: 00007ff90f572bf6 / 0x00a2bf6: 00 != 06
34930d0.369c: Restored 0x2000 bytes of original file content at 00007ff90f570dee
35030d0.369c: ntdll.dll: Differences in section #1 (.text) between file and memory:
35130d0.369c: 00007ff90f5730b3 / 0x00a30b3: b8 != e9
35230d0.369c: 00007ff90f5730b4 / 0x00a30b4: 81 != 3a
35330d0.369c: 00007ff90f5730b5 / 0x00a30b5: 01 != ea
35430d0.369c: 00007ff90f5730b6 / 0x00a30b6: 00 != 06
35530d0.369c: 00007ff90f5736d3 / 0x00a36d3: b8 != e9
35630d0.369c: 00007ff90f5736d4 / 0x00a36d4: b2 != 19
35730d0.369c: 00007ff90f5736d5 / 0x00a36d5: 01 != e4
35830d0.369c: 00007ff90f5736d6 / 0x00a36d6: 00 != 06
35930d0.369c: 00007ff90f5738d3 / 0x00a38d3: b8 != e9
36030d0.369c: 00007ff90f5738d4 / 0x00a38d4: c2 != 13
36130d0.369c: 00007ff90f5738d5 / 0x00a38d5: 01 != e2
36230d0.369c: 00007ff90f5738d6 / 0x00a38d6: 00 != 06
36330d0.369c: Restored 0xe82 bytes of original file content at 00007ff90f572dee
36430d0.369c: ntdll.dll: Differences in section #1 (.text) between file and memory:
36530d0.369c: 00007ff90f5e1ae2 / 0x0111ae2: 00 != 51
36630d0.369c: 00007ff90f5e1ae3 / 0x0111ae3: 00 != 51
36730d0.369c: 00007ff90f5e1ae4 / 0x0111ae4: 00 != 51
36830d0.369c: 00007ff90f5e1ae5 / 0x0111ae5: 00 != 51
36930d0.369c: 00007ff90f5e1ae6 / 0x0111ae6: 00 != 51
37030d0.369c: 00007ff90f5e1ae7 / 0x0111ae7: 00 != 51
37130d0.369c: 00007ff90f5e1ae8 / 0x0111ae8: 00 != 51
37230d0.369c: 00007ff90f5e1ae9 / 0x0111ae9: 00 != 51
37330d0.369c: 00007ff90f5e1aea / 0x0111aea: 00 != 51
37430d0.369c: 00007ff90f5e1aeb / 0x0111aeb: 00 != 51
37530d0.369c: 00007ff90f5e1aec / 0x0111aec: 00 != 51
37630d0.369c: 00007ff90f5e1aed / 0x0111aed: 00 != 51
37730d0.369c: 00007ff90f5e1aee / 0x0111aee: 00 != 51
37830d0.369c: 00007ff90f5e1aef / 0x0111aef: 00 != 51
37930d0.369c: 00007ff90f5e1af0 / 0x0111af0: 00 != 51
38030d0.369c: 00007ff90f5e1af1 / 0x0111af1: 00 != 51
38130d0.369c: 00007ff90f5e1af2 / 0x0111af2: 00 != 51
38230d0.369c: 00007ff90f5e1af3 / 0x0111af3: 00 != 51
38330d0.369c: 00007ff90f5e1af4 / 0x0111af4: 00 != 51
38430d0.369c: 00007ff90f5e1af5 / 0x0111af5: 00 != ff
38530d0.369c: 00007ff90f5e1af6 / 0x0111af6: 00 != 25
38630d0.369c: 00007ff90f5e1afb / 0x0111afb: 00 != 20
38730d0.369c: 00007ff90f5e1afc / 0x0111afc: 00 != 6f
38830d0.369c: 00007ff90f5e1afd / 0x0111afd: 00 != 16
38930d0.369c: 00007ff90f5e1afe / 0x0111afe: 00 != 03
39030d0.369c: Restored 0x57b bytes of original file content at 00007ff90f5e1a85
39130d0.369c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=4
39230d0.369c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
39330d0.369c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
39430d0.369c: supR3HardNtEnableThreadCreationEx:
39530d0.369c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90f548de0 pvNtTerminateThread=00007ff90f570b00
39630d0.369c: supR3HardenedWinDoReSpawn(1): New child 2a84.3d70 [kernel32].
39730d0.369c: supR3HardNtChildGatherData: PebBaseAddress=00000000009ac000 cbPeb=0x388
39830d0.369c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff90f4d0000 uNtDllChildAddr=00007ff90f4d0000
39930d0.369c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff90f548de0
40030d0.369c: supR3HardenedWinSetupChildInit: Start child.
40130d0.369c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
40230d0.369c: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 63 sleeps
40330d0.369c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
40430d0.369c: *0000000000000000-00000000006effff 0x0001/0x0000 0x0000000
40530d0.369c: *00000000006f0000-000000000070ffff 0x0004/0x0004 0x0020000
40630d0.369c: *0000000000710000-0000000000728fff 0x0002/0x0002 0x0040000
40730d0.369c: 0000000000729000-000000000072ffff 0x0001/0x0000 0x0000000
40830d0.369c: *0000000000730000-0000000000733fff 0x0002/0x0002 0x0040000
40930d0.369c: 0000000000734000-000000000073ffff 0x0001/0x0000 0x0000000
41030d0.369c: *0000000000740000-0000000000740fff 0x0004/0x0004 0x0020000
41130d0.369c: 0000000000741000-00000000007fffff 0x0001/0x0000 0x0000000
41230d0.369c: *0000000000800000-00000000009abfff 0x0000/0x0004 0x0020000
41330d0.369c: 00000000009ac000-00000000009aefff 0x0004/0x0004 0x0020000
41430d0.369c: 00000000009af000-00000000009fffff 0x0000/0x0004 0x0020000
41530d0.369c: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
41630d0.369c: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
41730d0.369c: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
41830d0.369c: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
41930d0.369c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
42030d0.369c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
42130d0.369c: 000000007fff0000-00007ff63961ffff 0x0001/0x0000 0x0000000
42230d0.369c: *00007ff639620000-00007ff639642fff 0x0002/0x0002 0x0040000
42330d0.369c: 00007ff639643000-00007ff639c3ffff 0x0001/0x0000 0x0000000
42430d0.369c: *00007ff639c40000-00007ff639c40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42530d0.369c: 00007ff639c41000-00007ff639cb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42630d0.369c: 00007ff639cb6000-00007ff639cb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42730d0.369c: 00007ff639cb7000-00007ff639cfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42830d0.369c: 00007ff639cff000-00007ff639cfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42930d0.369c: 00007ff639d00000-00007ff639d00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43030d0.369c: 00007ff639d01000-00007ff639d05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43130d0.369c: 00007ff639d06000-00007ff639d06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43230d0.369c: 00007ff639d07000-00007ff639d07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43330d0.369c: 00007ff639d08000-00007ff639d0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43430d0.369c: 00007ff639d0c000-00007ff639d54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43530d0.369c: 00007ff639d55000-00007ff90f4cffff 0x0001/0x0000 0x0000000
43630d0.369c: *00007ff90f4d0000-00007ff90f4d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
43730d0.369c: 00007ff90f4d1000-00007ff90f5e2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
43830d0.369c: 00007ff90f5e3000-00007ff90f628fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
43930d0.369c: 00007ff90f629000-00007ff90f630fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
44030d0.369c: 00007ff90f631000-00007ff90f63efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
44130d0.369c: 00007ff90f63f000-00007ff90f63ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
44230d0.369c: 00007ff90f640000-00007ff90f642fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
44330d0.369c: 00007ff90f643000-00007ff90f6affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
44430d0.369c: 00007ff90f6b0000-00007ffffffdffff 0x0001/0x0000 0x0000000
44530d0.369c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
44630d0.369c: supR3HardNtChildPurify: Done after 520 ms and 0 fixes (loop #0).
4472a84.3d70: Log file opened: 6.0.20r137117 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
4482a84.3d70: supR3HardenedVmProcessInit: uNtDllAddr=00007ff90f4d0000 g_uNtVerCombined=0xa03fab00
4492a84.3d70: ntdll.dll: timestamp 0x20af46db (rc=VINF_SUCCESS)
4502a84.3d70: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1966080 allocation)
45130d0.369c: supR3HardNtEnableThreadCreationEx:
4522a84.3d70: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4532a84.3d70: System32: \Device\HarddiskVolume4\Windows\System32
4542a84.3d70: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
4552a84.3d70: KnownDllPath: C:\windows\System32
4562a84.3d70: supR3HardenedVmProcessInit: Opening vboxdrv stub...
4572a84.3d70: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4582a84.3d70: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4592a84.3d70: Registered Dll notification callback with NTDLL.
4602a84.3d70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
4612a84.3d70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
4622a84.3d70: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4632a84.3d70: supR3HardenedDllNotificationCallback: load 00007ff90b9a0000 LB 0x00266000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
4642a84.3d70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
4652a84.3d70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4662a84.3d70: supR3HardenedDllNotificationCallback: load 00007ff90dde0000 LB 0x000ae000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
4672a84.3d70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4682a84.3d70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dde0000 'C:\windows\System32\KERNEL32.DLL'
4692a84.3d70: supR3HardenedDllNotificationCallback: load 00007ff639c40000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
4702a84.3d70: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4712a84.3d70: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4722a84.3d70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4732a84.3d70: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007ff90f4ed2c0 enmState=3 -> supR3HardenedWinDummyApcRoutine
4742a84.3d70: supR3HardenedWinDummyApcRoutine: pvArg1=ffffd00014f1ba20 pvArg2=0000000000000000 pvArg3=0000000000000000
4752a84.3d70: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000751000 enmState=3 -> supR3HardenedWinDummyApcRoutine
4762a84.3d70: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000700000 pvArg2=ffffd00022572090 pvArg3=0000000000700000
4772a84.3d70: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90f548de0 pvNtTerminateThread=00007ff90f570b00
47830d0.369c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
4792a84.3d70: \SystemRoot\System32\ntdll.dll:
4802a84.3d70: CreationTime: 2020-04-24T15:38:30.807338400Z
4812a84.3d70: LastWriteTime: 2020-03-31T05:56:05.198151300Z
4822a84.3d70: ChangeTime: 2020-05-29T16:05:27.617177600Z
4832a84.3d70: FileAttributes: 0x20
4842a84.3d70: Size: 0x1dd0a8
4852a84.3d70: NT Headers: 0xe0
4862a84.3d70: Timestamp: 0x20af46db
4872a84.3d70: Machine: 0x8664 - amd64
4882a84.3d70: Timestamp: 0x20af46db
4892a84.3d70: Image Version: 10.0
4902a84.3d70: SizeOfImage: 0x1e0000 (1966080)
4912a84.3d70: Resource Dir: 0x174000 LB 0x6a288
4922a84.3d70: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4932a84.3d70: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4942a84.3d70: ProductName: Microsoft® Windows® Operating System
4952a84.3d70: ProductVersion: 10.0.16299.1806
4962a84.3d70: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
4972a84.3d70: FileDescription: NT Layer DLL
4982a84.3d70: \SystemRoot\System32\kernel32.dll:
4992a84.3d70: CreationTime: 2020-04-24T15:42:20.253248900Z
5002a84.3d70: LastWriteTime: 2020-03-31T05:55:52.543130300Z
5012a84.3d70: ChangeTime: 2020-05-29T16:05:27.390841000Z
5022a84.3d70: FileAttributes: 0x20
5032a84.3d70: Size: 0xab808
5042a84.3d70: NT Headers: 0xe8
5052a84.3d70: Timestamp: 0x6edcef78
5062a84.3d70: Machine: 0x8664 - amd64
5072a84.3d70: Timestamp: 0x6edcef78
5082a84.3d70: Image Version: 10.0
5092a84.3d70: SizeOfImage: 0xae000 (712704)
5102a84.3d70: Resource Dir: 0xac000 LB 0x520
5112a84.3d70: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5122a84.3d70: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5132a84.3d70: ProductName: Microsoft® Windows® Operating System
5142a84.3d70: ProductVersion: 10.0.16299.1806
5152a84.3d70: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
5162a84.3d70: FileDescription: Windows NT BASE API Client DLL
5172a84.3d70: \SystemRoot\System32\KernelBase.dll:
5182a84.3d70: CreationTime: 2020-04-24T15:37:18.886112000Z
5192a84.3d70: LastWriteTime: 2020-03-31T05:56:40.319829900Z
5202a84.3d70: ChangeTime: 2020-05-29T16:05:27.638832100Z
5212a84.3d70: FileAttributes: 0x20
5222a84.3d70: Size: 0x265c70
5232a84.3d70: NT Headers: 0xf0
5242a84.3d70: Timestamp: 0x5b835ca5
5252a84.3d70: Machine: 0x8664 - amd64
5262a84.3d70: Timestamp: 0x5b835ca5
5272a84.3d70: Image Version: 10.0
5282a84.3d70: SizeOfImage: 0x266000 (2514944)
5292a84.3d70: Resource Dir: 0x245000 LB 0x548
5302a84.3d70: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5312a84.3d70: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5322a84.3d70: ProductName: Microsoft® Windows® Operating System
5332a84.3d70: ProductVersion: 10.0.16299.1806
5342a84.3d70: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
5352a84.3d70: FileDescription: Windows NT BASE API Client DLL
5362a84.3d70: \SystemRoot\System32\apisetschema.dll:
5372a84.3d70: CreationTime: 2018-11-08T12:03:43.347058300Z
5382a84.3d70: LastWriteTime: 2018-07-18T03:26:42.333897700Z
5392a84.3d70: ChangeTime: 2020-05-29T16:05:27.845755200Z
5402a84.3d70: FileAttributes: 0x20
5412a84.3d70: Size: 0x1b3b8
5422a84.3d70: NT Headers: 0xc8
5432a84.3d70: Timestamp: 0x35fd1902
5442a84.3d70: Machine: 0x8664 - amd64
5452a84.3d70: Timestamp: 0x35fd1902
5462a84.3d70: Image Version: 10.0
5472a84.3d70: SizeOfImage: 0x1c000 (114688)
5482a84.3d70: Resource Dir: 0x1b000 LB 0x408
5492a84.3d70: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5502a84.3d70: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5512a84.3d70: ProductName: Microsoft® Windows® Operating System
5522a84.3d70: ProductVersion: 10.0.16299.579
5532a84.3d70: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
5542a84.3d70: FileDescription: ApiSet Schema DLL
5552a84.3d70: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5562a84.3d70: supR3HardenedWinFindAdversaries: 0x20
5572a84.3d70: \SystemRoot\System32\drivers\mfeavfk.sys:
5582a84.3d70: CreationTime: 2019-11-13T16:57:52.101358800Z
5592a84.3d70: LastWriteTime: 2019-11-13T16:57:42.179230700Z
5602a84.3d70: ChangeTime: 2019-11-13T16:57:42.179230700Z
5612a84.3d70: FileAttributes: 0x20
5622a84.3d70: Size: 0x5cf58
5632a84.3d70: NT Headers: 0xf0
5642a84.3d70: Timestamp: 0x5d0ab6bc
5652a84.3d70: Machine: 0x8664 - amd64
5662a84.3d70: Timestamp: 0x5d0ab6bc
5672a84.3d70: Image Version: 0.0
5682a84.3d70: SizeOfImage: 0x5d000 (380928)
5692a84.3d70: Resource Dir: 0x5b000 LB 0x758
5702a84.3d70: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5712a84.3d70: [Raw version resource data: 0x5b110 LB 0x334, codepage 0x0 (reserved 0x0)]
5722a84.3d70: ProductName: SYSCORE
5732a84.3d70: ProductVersion: 19.5.0.169
5742a84.3d70: FileVersion: SYSCORE.19.5.0.169
5752a84.3d70: PrivateBuild: SYSCORE.19.5.0.169 F15,F16,F19
5762a84.3d70: FileDescription: Anti-Virus File System Filter Driver
5772a84.3d70: \SystemRoot\System32\drivers\mfefirek.sys:
5782a84.3d70: CreationTime: 2019-11-13T16:57:42.436699300Z
5792a84.3d70: LastWriteTime: 2019-11-13T16:57:42.442715200Z
5802a84.3d70: ChangeTime: 2019-11-13T16:57:53.033781700Z
5812a84.3d70: FileAttributes: 0x20
5822a84.3d70: Size: 0x7e758
5832a84.3d70: NT Headers: 0xe0
5842a84.3d70: Timestamp: 0x5d0ab71a
5852a84.3d70: Machine: 0x8664 - amd64
5862a84.3d70: Timestamp: 0x5d0ab71a
5872a84.3d70: Image Version: 0.0
5882a84.3d70: SizeOfImage: 0x80000 (524288)
5892a84.3d70: Resource Dir: 0x7c000 LB 0x388
5902a84.3d70: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5912a84.3d70: [Raw version resource data: 0x7c060 LB 0x328, codepage 0x0 (reserved 0x0)]
5922a84.3d70: ProductName: SYSCORE
5932a84.3d70: ProductVersion: 19.5.0.169
5942a84.3d70: FileVersion: SYSCORE.19.5.0.169
5952a84.3d70: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
5962a84.3d70: FileDescription: McAfee Core Firewall Engine Driver
5972a84.3d70: \SystemRoot\System32\drivers\mfehidk.sys:
5982a84.3d70: CreationTime: 2019-11-13T16:57:42.045167000Z
5992a84.3d70: LastWriteTime: 2019-11-13T16:57:42.058238300Z
6002a84.3d70: ChangeTime: 2019-11-13T16:57:51.715283200Z
6012a84.3d70: FileAttributes: 0x20
6022a84.3d70: Size: 0xf2158
6032a84.3d70: NT Headers: 0x108
6042a84.3d70: Timestamp: 0x5d0ab680
6052a84.3d70: Machine: 0x8664 - amd64
6062a84.3d70: Timestamp: 0x5d0ab680
6072a84.3d70: Image Version: 0.0
6082a84.3d70: SizeOfImage: 0xfc000 (1032192)
6092a84.3d70: Resource Dir: 0xf8000 LB 0x758
6102a84.3d70: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6112a84.3d70: [Raw version resource data: 0xf8110 LB 0x320, codepage 0x0 (reserved 0x0)]
6122a84.3d70: ProductName: SYSCORE
6132a84.3d70: ProductVersion: 19.5.0.169
6142a84.3d70: FileVersion: SYSCORE.19.5.0.169
6152a84.3d70: PrivateBuild: SYSCORE.19.5.0.169 F14,F15,F16,F18,F20
6162a84.3d70: FileDescription: McAfee Link Driver
6172a84.3d70: \SystemRoot\System32\drivers\mfencbdc.sys:
6182a84.3d70: CreationTime: 2019-11-14T15:22:41.695377800Z
6192a84.3d70: LastWriteTime: 2019-11-14T15:18:19.756987000Z
6202a84.3d70: ChangeTime: 2019-11-14T15:22:43.104654900Z
6212a84.3d70: FileAttributes: 0x20
6222a84.3d70: Size: 0x89f58
6232a84.3d70: NT Headers: 0xe0
6242a84.3d70: Timestamp: 0x5cc9b996
6252a84.3d70: Machine: 0x8664 - amd64
6262a84.3d70: Timestamp: 0x5cc9b996
6272a84.3d70: Image Version: 0.0
6282a84.3d70: SizeOfImage: 0x8d000 (577536)
6292a84.3d70: Resource Dir: 0x8b000 LB 0x3d8
6302a84.3d70: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6312a84.3d70: [Raw version resource data: 0x8b060 LB 0x378, codepage 0x0 (reserved 0x0)]
6322a84.3d70: ProductName: Anti-Malware Core
6332a84.3d70: ProductVersion: 19.5.0
6342a84.3d70: FileVersion: Anti-Malware Core.19.5.0.68.x64
6352a84.3d70: PrivateBuild: Anti-Malware Core.19.5.0.68.x64
6362a84.3d70: FileDescription: Event Driver
6372a84.3d70: \SystemRoot\System32\drivers\mfewfpk.sys:
6382a84.3d70: CreationTime: 2019-11-13T16:57:42.087280800Z
6392a84.3d70: LastWriteTime: 2019-11-13T16:57:42.090315600Z
6402a84.3d70: ChangeTime: 2019-11-13T16:57:50.729644700Z
6412a84.3d70: FileAttributes: 0x20
6422a84.3d70: Size: 0x3df58
6432a84.3d70: NT Headers: 0xf0
6442a84.3d70: Timestamp: 0x5d0ab68f
6452a84.3d70: Machine: 0x8664 - amd64
6462a84.3d70: Timestamp: 0x5d0ab68f
6472a84.3d70: Image Version: 0.0
6482a84.3d70: SizeOfImage: 0x59000 (364544)
6492a84.3d70: Resource Dir: 0x57000 LB 0x380
6502a84.3d70: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6512a84.3d70: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
6522a84.3d70: ProductName: SYSCORE
6532a84.3d70: ProductVersion: 19.5.0.169
6542a84.3d70: FileVersion: SYSCORE.19.5.0.169
6552a84.3d70: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
6562a84.3d70: FileDescription: Anti-Virus Mini-Firewall Driver
6572a84.3d70: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6582a84.3d70: Calling main()
6592a84.3d70: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6602a84.3d70: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6612a84.3d70: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6622a84.3d70: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6632a84.3d70: SUPR3HardenedMain: Respawn #2
6642a84.3d70: supR3HardNtEnableThreadCreationEx:
6652a84.3d70: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
6662a84.3d70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
6672a84.3d70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
6682a84.3d70: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6692a84.3d70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f4d0000 'C:\windows\System32\ntdll.dll'
6702a84.3d70: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90f548de0 pvNtTerminateThread=00007ff90f570b00
6712a84.3d70: supR3HardenedWinDoReSpawn(2): New child 2520.1d40 [kernel32].
6722a84.3d70: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
6732a84.3d70: supR3HardNtChildGatherData: PebBaseAddress=0000000000d4c000 cbPeb=0x388
6742a84.3d70: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff90f4d0000 uNtDllChildAddr=00007ff90f4d0000
6752a84.3d70: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff90f548de0
6762a84.3d70: supR3HardenedWinSetupChildInit: Start child.
6772a84.3d70: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
6782a84.3d70: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 63 sleeps
6792a84.3d70: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6802a84.3d70: *0000000000000000-0000000000adffff 0x0001/0x0000 0x0000000
6812a84.3d70: *0000000000ae0000-0000000000afffff 0x0004/0x0004 0x0020000
6822a84.3d70: *0000000000b00000-0000000000b18fff 0x0002/0x0002 0x0040000
6832a84.3d70: 0000000000b19000-0000000000b1ffff 0x0001/0x0000 0x0000000
6842a84.3d70: *0000000000b20000-0000000000b23fff 0x0002/0x0002 0x0040000
6852a84.3d70: 0000000000b24000-0000000000b2ffff 0x0001/0x0000 0x0000000
6862a84.3d70: *0000000000b30000-0000000000b30fff 0x0004/0x0004 0x0020000
6872a84.3d70: 0000000000b31000-0000000000bfffff 0x0001/0x0000 0x0000000
6882a84.3d70: *0000000000c00000-0000000000d4bfff 0x0000/0x0004 0x0020000
6892a84.3d70: 0000000000d4c000-0000000000d4efff 0x0004/0x0004 0x0020000
6902a84.3d70: 0000000000d4f000-0000000000dfffff 0x0000/0x0004 0x0020000
6912a84.3d70: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
6922a84.3d70: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
6932a84.3d70: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
6942a84.3d70: 0000000000f00000-000000007ffdffff 0x0001/0x0000 0x0000000
6952a84.3d70: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6962a84.3d70: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
6972a84.3d70: 000000007fff0000-00007ff639bbffff 0x0001/0x0000 0x0000000
6982a84.3d70: *00007ff639bc0000-00007ff639be2fff 0x0002/0x0002 0x0040000
6992a84.3d70: 00007ff639be3000-00007ff639c3ffff 0x0001/0x0000 0x0000000
7002a84.3d70: *00007ff639c40000-00007ff639c40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7012a84.3d70: 00007ff639c41000-00007ff639cb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7022a84.3d70: 00007ff639cb6000-00007ff639cb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7032a84.3d70: 00007ff639cb7000-00007ff639cfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7042a84.3d70: 00007ff639cff000-00007ff639cfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7052a84.3d70: 00007ff639d00000-00007ff639d00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7062a84.3d70: 00007ff639d01000-00007ff639d05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7072a84.3d70: 00007ff639d06000-00007ff639d06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7082a84.3d70: 00007ff639d07000-00007ff639d07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7092a84.3d70: 00007ff639d08000-00007ff639d0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7102a84.3d70: 00007ff639d0c000-00007ff639d54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7112a84.3d70: 00007ff639d55000-00007ff90f4cffff 0x0001/0x0000 0x0000000
7122a84.3d70: *00007ff90f4d0000-00007ff90f4d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7132a84.3d70: 00007ff90f4d1000-00007ff90f5e2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7142a84.3d70: 00007ff90f5e3000-00007ff90f628fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7152a84.3d70: 00007ff90f629000-00007ff90f630fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7162a84.3d70: 00007ff90f631000-00007ff90f63efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7172a84.3d70: 00007ff90f63f000-00007ff90f63ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7182a84.3d70: 00007ff90f640000-00007ff90f642fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7192a84.3d70: 00007ff90f643000-00007ff90f6affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7202a84.3d70: 00007ff90f6b0000-00007ffffffdffff 0x0001/0x0000 0x0000000
7212a84.3d70: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
7222a84.3d70: VirtualBoxVM.exe: timestamp 0x5e8f449f (rc=VINF_SUCCESS)
7232a84.3d70: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7242a84.3d70: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
7252a84.3d70: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
7262a84.3d70: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
7272a84.3d70: supR3HardNtEnableThreadCreationEx:
7282520.1d40: Log file opened: 6.0.20r137117 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
7292520.1d40: supR3HardenedVmProcessInit: uNtDllAddr=00007ff90f4d0000 g_uNtVerCombined=0xa03fab00
7302520.1d40: ntdll.dll: timestamp 0x20af46db (rc=VINF_SUCCESS)
7312520.1d40: New simple heap: #1 0000000001000000 LB 0x400000 (for 1966080 allocation)
7322520.1d40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7332520.1d40: System32: \Device\HarddiskVolume4\Windows\System32
7342520.1d40: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
7352520.1d40: KnownDllPath: C:\windows\System32
7362520.1d40: supR3HardenedVmProcessInit: Opening vboxdrv...
7372520.1d40: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7382520.1d40: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7392520.1d40: Registered Dll notification callback with NTDLL.
7402520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
7412520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
7422520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7432520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b9a0000 LB 0x00266000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
7442520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
7452520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7462520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90dde0000 LB 0x000ae000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
7472520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dde0000 'C:\windows\System32\KERNEL32.DLL'
7492520.1d40: supR3HardenedDllNotificationCallback: load 00007ff639c40000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
7502520.1d40: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7512520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7522520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7532520.1d40: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007ff90f4ed2c0 enmState=4 -> supR3HardenedWinDummyApcRoutine
7542520.1d40: supR3HardenedWinDummyApcRoutine: pvArg1=ffffd00014f1ba20 pvArg2=0000000000000000 pvArg3=0000000000000000
7552520.1d40: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000b41000 enmState=4 -> supR3HardenedWinDummyApcRoutine
7562520.1d40: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000af0000 pvArg2=ffffd00022572090 pvArg3=0000000000af0000
7572520.1d40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff90f548de0 pvNtTerminateThread=00007ff90f570b00
7582a84.3d70: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 103 ms.
7592520.1d40: \SystemRoot\System32\ntdll.dll:
7602520.1d40: CreationTime: 2020-04-24T15:38:30.807338400Z
7612520.1d40: LastWriteTime: 2020-03-31T05:56:05.198151300Z
7622520.1d40: ChangeTime: 2020-05-29T16:05:27.617177600Z
7632520.1d40: FileAttributes: 0x20
7642520.1d40: Size: 0x1dd0a8
7652520.1d40: NT Headers: 0xe0
7662520.1d40: Timestamp: 0x20af46db
7672520.1d40: Machine: 0x8664 - amd64
7682520.1d40: Timestamp: 0x20af46db
7692520.1d40: Image Version: 10.0
7702520.1d40: SizeOfImage: 0x1e0000 (1966080)
7712520.1d40: Resource Dir: 0x174000 LB 0x6a288
7722520.1d40: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7732520.1d40: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7742520.1d40: ProductName: Microsoft® Windows® Operating System
7752520.1d40: ProductVersion: 10.0.16299.1806
7762520.1d40: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
7772520.1d40: FileDescription: NT Layer DLL
7782520.1d40: \SystemRoot\System32\kernel32.dll:
7792520.1d40: CreationTime: 2020-04-24T15:42:20.253248900Z
7802520.1d40: LastWriteTime: 2020-03-31T05:55:52.543130300Z
7812520.1d40: ChangeTime: 2020-05-29T16:05:27.390841000Z
7822520.1d40: FileAttributes: 0x20
7832520.1d40: Size: 0xab808
7842520.1d40: NT Headers: 0xe8
7852520.1d40: Timestamp: 0x6edcef78
7862520.1d40: Machine: 0x8664 - amd64
7872520.1d40: Timestamp: 0x6edcef78
7882520.1d40: Image Version: 10.0
7892520.1d40: SizeOfImage: 0xae000 (712704)
7902520.1d40: Resource Dir: 0xac000 LB 0x520
7912520.1d40: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7922520.1d40: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7932520.1d40: ProductName: Microsoft® Windows® Operating System
7942520.1d40: ProductVersion: 10.0.16299.1806
7952520.1d40: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
7962520.1d40: FileDescription: Windows NT BASE API Client DLL
7972520.1d40: \SystemRoot\System32\KernelBase.dll:
7982520.1d40: CreationTime: 2020-04-24T15:37:18.886112000Z
7992520.1d40: LastWriteTime: 2020-03-31T05:56:40.319829900Z
8002520.1d40: ChangeTime: 2020-05-29T16:05:27.638832100Z
8012520.1d40: FileAttributes: 0x20
8022520.1d40: Size: 0x265c70
8032520.1d40: NT Headers: 0xf0
8042520.1d40: Timestamp: 0x5b835ca5
8052520.1d40: Machine: 0x8664 - amd64
8062520.1d40: Timestamp: 0x5b835ca5
8072520.1d40: Image Version: 10.0
8082520.1d40: SizeOfImage: 0x266000 (2514944)
8092520.1d40: Resource Dir: 0x245000 LB 0x548
8102520.1d40: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8112520.1d40: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
8122520.1d40: ProductName: Microsoft® Windows® Operating System
8132520.1d40: ProductVersion: 10.0.16299.1806
8142520.1d40: FileVersion: 10.0.16299.1806 (WinBuild.160101.0800)
8152520.1d40: FileDescription: Windows NT BASE API Client DLL
8162520.1d40: \SystemRoot\System32\apisetschema.dll:
8172520.1d40: CreationTime: 2018-11-08T12:03:43.347058300Z
8182520.1d40: LastWriteTime: 2018-07-18T03:26:42.333897700Z
8192520.1d40: ChangeTime: 2020-05-29T16:05:27.845755200Z
8202520.1d40: FileAttributes: 0x20
8212520.1d40: Size: 0x1b3b8
8222520.1d40: NT Headers: 0xc8
8232520.1d40: Timestamp: 0x35fd1902
8242520.1d40: Machine: 0x8664 - amd64
8252520.1d40: Timestamp: 0x35fd1902
8262520.1d40: Image Version: 10.0
8272520.1d40: SizeOfImage: 0x1c000 (114688)
8282520.1d40: Resource Dir: 0x1b000 LB 0x408
8292520.1d40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8302520.1d40: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
8312520.1d40: ProductName: Microsoft® Windows® Operating System
8322520.1d40: ProductVersion: 10.0.16299.579
8332520.1d40: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
8342520.1d40: FileDescription: ApiSet Schema DLL
8352520.1d40: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8362520.1d40: supR3HardenedWinFindAdversaries: 0x20
8372520.1d40: \SystemRoot\System32\drivers\mfeavfk.sys:
8382520.1d40: CreationTime: 2019-11-13T16:57:52.101358800Z
8392520.1d40: LastWriteTime: 2019-11-13T16:57:42.179230700Z
8402520.1d40: ChangeTime: 2019-11-13T16:57:42.179230700Z
8412520.1d40: FileAttributes: 0x20
8422520.1d40: Size: 0x5cf58
8432520.1d40: NT Headers: 0xf0
8442520.1d40: Timestamp: 0x5d0ab6bc
8452520.1d40: Machine: 0x8664 - amd64
8462520.1d40: Timestamp: 0x5d0ab6bc
8472520.1d40: Image Version: 0.0
8482520.1d40: SizeOfImage: 0x5d000 (380928)
8492520.1d40: Resource Dir: 0x5b000 LB 0x758
8502520.1d40: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
8512520.1d40: [Raw version resource data: 0x5b110 LB 0x334, codepage 0x0 (reserved 0x0)]
8522520.1d40: ProductName: SYSCORE
8532520.1d40: ProductVersion: 19.5.0.169
8542520.1d40: FileVersion: SYSCORE.19.5.0.169
8552520.1d40: PrivateBuild: SYSCORE.19.5.0.169 F15,F16,F19
8562520.1d40: FileDescription: Anti-Virus File System Filter Driver
8572520.1d40: \SystemRoot\System32\drivers\mfefirek.sys:
8582520.1d40: CreationTime: 2019-11-13T16:57:42.436699300Z
8592520.1d40: LastWriteTime: 2019-11-13T16:57:42.442715200Z
8602520.1d40: ChangeTime: 2019-11-13T16:57:53.033781700Z
8612520.1d40: FileAttributes: 0x20
8622520.1d40: Size: 0x7e758
8632520.1d40: NT Headers: 0xe0
8642520.1d40: Timestamp: 0x5d0ab71a
8652520.1d40: Machine: 0x8664 - amd64
8662520.1d40: Timestamp: 0x5d0ab71a
8672520.1d40: Image Version: 0.0
8682520.1d40: SizeOfImage: 0x80000 (524288)
8692520.1d40: Resource Dir: 0x7c000 LB 0x388
8702520.1d40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8712520.1d40: [Raw version resource data: 0x7c060 LB 0x328, codepage 0x0 (reserved 0x0)]
8722520.1d40: ProductName: SYSCORE
8732520.1d40: ProductVersion: 19.5.0.169
8742520.1d40: FileVersion: SYSCORE.19.5.0.169
8752520.1d40: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
8762520.1d40: FileDescription: McAfee Core Firewall Engine Driver
8772520.1d40: \SystemRoot\System32\drivers\mfehidk.sys:
8782520.1d40: CreationTime: 2019-11-13T16:57:42.045167000Z
8792520.1d40: LastWriteTime: 2019-11-13T16:57:42.058238300Z
8802520.1d40: ChangeTime: 2019-11-13T16:57:51.715283200Z
8812520.1d40: FileAttributes: 0x20
8822520.1d40: Size: 0xf2158
8832520.1d40: NT Headers: 0x108
8842520.1d40: Timestamp: 0x5d0ab680
8852520.1d40: Machine: 0x8664 - amd64
8862520.1d40: Timestamp: 0x5d0ab680
8872520.1d40: Image Version: 0.0
8882520.1d40: SizeOfImage: 0xfc000 (1032192)
8892520.1d40: Resource Dir: 0xf8000 LB 0x758
8902520.1d40: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
8912520.1d40: [Raw version resource data: 0xf8110 LB 0x320, codepage 0x0 (reserved 0x0)]
8922520.1d40: ProductName: SYSCORE
8932520.1d40: ProductVersion: 19.5.0.169
8942520.1d40: FileVersion: SYSCORE.19.5.0.169
8952520.1d40: PrivateBuild: SYSCORE.19.5.0.169 F14,F15,F16,F18,F20
8962520.1d40: FileDescription: McAfee Link Driver
8972520.1d40: \SystemRoot\System32\drivers\mfencbdc.sys:
8982520.1d40: CreationTime: 2019-11-14T15:22:41.695377800Z
8992520.1d40: LastWriteTime: 2019-11-14T15:18:19.756987000Z
9002520.1d40: ChangeTime: 2019-11-14T15:22:43.104654900Z
9012520.1d40: FileAttributes: 0x20
9022520.1d40: Size: 0x89f58
9032520.1d40: NT Headers: 0xe0
9042520.1d40: Timestamp: 0x5cc9b996
9052520.1d40: Machine: 0x8664 - amd64
9062520.1d40: Timestamp: 0x5cc9b996
9072520.1d40: Image Version: 0.0
9082520.1d40: SizeOfImage: 0x8d000 (577536)
9092520.1d40: Resource Dir: 0x8b000 LB 0x3d8
9102520.1d40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9112520.1d40: [Raw version resource data: 0x8b060 LB 0x378, codepage 0x0 (reserved 0x0)]
9122520.1d40: ProductName: Anti-Malware Core
9132520.1d40: ProductVersion: 19.5.0
9142520.1d40: FileVersion: Anti-Malware Core.19.5.0.68.x64
9152520.1d40: PrivateBuild: Anti-Malware Core.19.5.0.68.x64
9162520.1d40: FileDescription: Event Driver
9172520.1d40: \SystemRoot\System32\drivers\mfewfpk.sys:
9182520.1d40: CreationTime: 2019-11-13T16:57:42.087280800Z
9192520.1d40: LastWriteTime: 2019-11-13T16:57:42.090315600Z
9202520.1d40: ChangeTime: 2019-11-13T16:57:50.729644700Z
9212520.1d40: FileAttributes: 0x20
9222520.1d40: Size: 0x3df58
9232520.1d40: NT Headers: 0xf0
9242520.1d40: Timestamp: 0x5d0ab68f
9252520.1d40: Machine: 0x8664 - amd64
9262520.1d40: Timestamp: 0x5d0ab68f
9272520.1d40: Image Version: 0.0
9282520.1d40: SizeOfImage: 0x59000 (364544)
9292520.1d40: Resource Dir: 0x57000 LB 0x380
9302520.1d40: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9312520.1d40: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
9322520.1d40: ProductName: SYSCORE
9332520.1d40: ProductVersion: 19.5.0.169
9342520.1d40: FileVersion: SYSCORE.19.5.0.169
9352520.1d40: PrivateBuild: SYSCORE.19.5.0.169 F17,F18
9362520.1d40: FileDescription: Anti-Virus Mini-Firewall Driver
9372520.1d40: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
9382520.1d40: Calling main()
9392520.1d40: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
9402520.1d40: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
9412520.1d40: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9422520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9432520.1d40: SUPR3HardenedMain: Final process, opening VBoxDrv...
9442520.1d40: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001000000 LB 0x400000)
9452520.1d40: supR3HardNtEnableThreadCreationEx:
9462520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9472520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
9482520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9492520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9502520.1d40: supR3HardenedDllNotificationCallback: load 00007ff905170000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
9512520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9522520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9532520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9542520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9552520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9562520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9572520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9582520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff905170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9592520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9602520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
9612520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
9622520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9632520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
9642520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
9652520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9672520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
9682520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9702520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9712520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'msasn1.dll'.
9722520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
9732520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9742520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9752520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9762520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
9772520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
9782520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9792520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9802520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
9812520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9822520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9832520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9842520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9852520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9862520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90cb10000 LB 0x0009d000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
9872520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9882520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b8b0000 LB 0x00012000 C:\windows\System32\MSASN1.dll [fFlags=0x0]
9892520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9902520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90c8a0000 LB 0x000f4000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
9912520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
9922520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
9932520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90c530000 LB 0x001ce000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
9942520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9952520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90d820000 LB 0x0011f000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
9962520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9972520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90c9a0000 LB 0x0005b000 C:\windows\System32\sechost.dll [fFlags=0x0]
9982520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9992520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
10002520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
10012520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90f3f0000 LB 0x000a1000 C:\windows\System32\advapi32.dll [fFlags=0x0]
10022520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10032520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
10042520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
10052520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
10062520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
10072520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b8d0000 LB 0x00059000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
10082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10092520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
10102520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10112520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-synch-l1-2-0'
10122520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
10132520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10142520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-fibers-l1-1-1'
10152520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
10162520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10172520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-fibers-l1-1-1'
10182520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
10192520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10202520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-synch-l1-2-0'
10212520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
10222520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10232520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-localization-l1-2-1'
10242520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\windows\system32\Wintrust.dll'
10252520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
10262520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
10272520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10282520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10292520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
10312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
10322520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10332520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10352520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10372520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10382520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10392520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10402520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10412520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b380000 LB 0x00025000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
10422520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10432520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b380000 'C:\windows\system32\bcrypt.dll'
10442520.1d40: bcrypt.dll loaded at 00007ff90b380000, BCryptOpenAlgorithmProvider at 00007ff90b3825a0, preloading providers:
10452520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
10462520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10472520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10482520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90bd60000 LB 0x00078000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
10492520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10502520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90bd60000 'C:\windows\system32\bcryptprimitives.dll'
10512520.1d40: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000035d5390)
10522520.1d40: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000035dcc60)
10532520.1d40: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000035dfa50)
10542520.1d40: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000035dfd20)
10552520.1d40: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000035dfff0)
10562520.1d40: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000035e02c0)
10572520.1d40: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000035e0590)
10582520.1d40: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000035e0860)
10592520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10602520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10612520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10622520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10632520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10642520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10652520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10662520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10672520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10682520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10692520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10712520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10722520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10742520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10752520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10772520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10782520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10792520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
10802520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
10812520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
10822520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b280000 LB 0x00017000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
10832520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10842520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
10852520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
10862520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
10872520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10882520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10892520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10902520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10912520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10922520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90ac70000 LB 0x00033000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
10932520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10942520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
10952520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
10962520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
10972520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
10982520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b270000 LB 0x0000b000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
10992520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11002520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11012520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
11022520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
11032520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11042520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dde0000 'C:\windows\System32\kernel32.dll'
11062520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11072520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
11082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11092520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\CRYPT32.dll'
11112520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90de90000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
11122520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
11132520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
11142520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11152520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11162520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
11172520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11182520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
11192520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
11202520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
11212520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90a070000 LB 0x00022000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
11222520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11232520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b820000 LB 0x0001b000 C:\windows\System32\profapi.dll [fFlags=0x0]
11242520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
11252520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
11262520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11272520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
11282520.1d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
11292520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
11302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11322520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11332520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11352520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11372520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11382520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11392520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11402520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11412520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11422520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11432520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11442520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8f78a0000 LB 0x0002f000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
11452520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11462520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11472520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11492520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11502520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11512520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11522520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11532520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11542520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11552520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11562520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11572520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11582520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11592520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11602520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11612520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11622520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11632520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11642520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11652520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11662520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11672520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11682520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11692520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11702520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11712520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11722520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11742520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\windows\System32\cryptnet.dll'
11752520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f78a0000 'C:\Windows\System32\cryptnet.dll'
11772520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11782520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11792520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
11802520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11812520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
11832520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
11842520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003656690
11852520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
11862520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=362079146A57C4F8E2D659C9D42A83D7F7869E75
11872520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11882520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11892520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d820000 'C:\windows\System32\rpcrt4.dll'
11902520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11912520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
11922520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11932520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
11942520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11952520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
11962520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11972520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
11982520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11992520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
12002520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12012520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
12022520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12032520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12042520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
12052520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12062520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12072520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12092520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12112520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_956_for_KB4550927~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
12122520.1d40: g_pfnWinVerifyTrust=00007ff90b8d6bc0
12132520.1d40: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
12142520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12152520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12162520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12172520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12182520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12192520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12202520.1d40: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
12212520.1d40: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
12222520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12232520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12242520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12252520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
12262520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12272520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12282520.1d40: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
12292520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
12302520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
12312520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
12322520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
12332520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12342520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12352520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12362520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12372520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
12382520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12392520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
12402520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12412520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12422520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12432520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
12442520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12452520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12462520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12472520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
12482520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12492520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12502520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12512520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
12522520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12532520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12542520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12552520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
12562520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12572520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12582520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12592520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
12602520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12612520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
12632520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12642520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
12652520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12662520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12672520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
12682520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
12692520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12712520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12722520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
12732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12742520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12752520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
12762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12772520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12782520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
12792520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12802520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12812520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
12822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12832520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12842520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
12852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12862520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12872520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
12882520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12892520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12902520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
12912520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12932520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12942520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
12952520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12962520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
12972520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
12982520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
12992520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
13002520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
13012520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\system32\crypt32.dll'
13022520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
13032520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
13042520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
13052520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
13062520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
13072520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
13082520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
13092520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
13102520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x735471835e8bd000 C=US, O=DXC Technology Company, OU=Security, CN=DXC Root CA
13112520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
13122520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
13132520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
13142520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
13152520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
13162520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
13172520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
13182520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
13192520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
13202520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
13212520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
13222520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
13232520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
13242520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
13252520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
13262520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
13272520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
13282520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
13292520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
13302520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
13312520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
13322520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
13332520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
13342520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
13352520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
13362520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
13372520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
13382520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
13392520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
13402520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
13412520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
13422520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
13432520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
13442520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
13452520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
13462520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
13472520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0xef31ca066595a000 C=US, O=Symantec Corporation, CN=Symantec Class 3 Internal Root CA
13482520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
13492520.1d40: supR3HardenedWinIsDesiredRootCA: Adding 0x735471835e8bd000 C=US, O=DXC Technology Company, OU=Security, CN=DXC Root CA
13502520.1d40: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=48
13512520.1d40: SUPR3HardenedMain: Load Runtime...
13522520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
13532520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13542520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
13552520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13562520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13572520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
13582520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
13592520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13602520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13612520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
13622520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
13632520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13642520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
13652520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
13662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13682520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
13692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13702520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13712520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13722520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13732520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
13742520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
13752520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13762520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
13772520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13782520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13792520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13802520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13812520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13822520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
13832520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
13842520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
13852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
13862520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13872520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13882520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
13892520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13902520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13912520.1d40: supR3HardenedDllNotificationCallback: load 000000005aa80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13922520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
13932520.1d40: supR3HardenedDllNotificationCallback: load 000000005a4d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13942520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13952520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90d1a0000 LB 0x0006c000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
13962520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
13972520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8cc8e0000 LB 0x005cb000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13982520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
13992520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14002520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14012520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14022520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14032520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14042520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14052520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14062520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14072520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14092520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14112520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14132520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14142520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14152520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14162520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14172520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14182520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14192520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14202520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14212520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14222520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14232520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14242520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14252520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14262520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14272520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14282520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14292520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14302520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14312520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14322520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14332520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14342520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14352520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14362520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14372520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14382520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14392520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14402520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14412520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14422520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14432520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14442520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14452520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14462520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14472520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14492520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14502520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14512520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14522520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14532520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14542520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14552520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14562520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14572520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14582520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14592520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14602520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14612520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14632520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14642520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14652520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14662520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14672520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14682520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14692520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14702520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14712520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14722520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14742520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14752520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14762520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14782520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14792520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14802520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14812520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14822520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14832520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14842520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14862520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14872520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14882520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14892520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14902520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14912520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14932520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14942520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14952520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14962520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14972520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14982520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14992520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15002520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15012520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15022520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15032520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15042520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15062520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15072520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15082520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15092520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15112520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15132520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15142520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15152520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15162520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15172520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15182520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15192520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15202520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15212520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15222520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15232520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15242520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15252520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15262520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15272520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15282520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15292520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15302520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15312520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15322520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15332520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15342520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15352520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15362520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15372520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15382520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15392520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15402520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15412520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15422520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15432520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15442520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15452520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15462520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15472520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15482520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15492520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15502520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15512520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15522520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15532520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15542520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15552520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15562520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15572520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15582520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15592520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15602520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15612520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15622520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15632520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15642520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15652520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15662520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15672520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15682520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15692520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15702520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15712520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15722520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15732520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15752520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc8e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
15772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
15782520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\windows\system32\Wintrust.dll'
15792520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
15802520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15812520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
15822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
15832520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
15842520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
15852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\system32\crypt32.dll'
15862520.1d40: SUPR3HardenedMain: Load TrustedMain...
15872520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
15882520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15892520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
15902520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
15912520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
15922520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
15932520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
15942520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
15952520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
15962520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
15972520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
15982520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
15992520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
16002520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
16012520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
16022520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16032520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16042520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
16062520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
16072520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
16082520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
16092520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
16102520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
16112520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16132520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16142520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16152520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16162520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
16172520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
16182520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
16192520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16202520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
16212520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
16222520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16232520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16242520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16252520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
16262520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
16272520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16282520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
16292520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16302520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
16312520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
16322520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
16332520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16372520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16382520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
16392520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16402520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16412520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16422520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
16432520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
16442520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
16452520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
16462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16472520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16482520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
16492520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
16502520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
16512520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
16522520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
16532520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
16542520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16562520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
16572520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
16582520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
16592520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
16602520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
16612520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
16622520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
16632520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
16642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16652520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16682520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
16692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16702520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16712520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16722520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
16732520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
16742520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
16752520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
16762520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16772520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16782520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
16792520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
16802520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
16812520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16822520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16832520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16842520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16852520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16862520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16872520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16882520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
16892520.1d40: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
16902520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
16912520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
16922520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
16932520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
16942520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
16952520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
16962520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
16972520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16982520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16992520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17002520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17012520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17022520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17032520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17042520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
17062520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
17072520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
17082520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17092520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17102520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
17112520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17132520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17142520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17152520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17162520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17172520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17182520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17192520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
17202520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17212520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
17222520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
17232520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17242520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
17252520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
17262520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
17272520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
17282520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
17292520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17322520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
17332520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17342520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17352520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17362520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17372520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17382520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17392520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17402520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
17412520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17422520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17442520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17452520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17462520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17472520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17482520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17492520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17502520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17512520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17522520.1d40: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
17532520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17542520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17562520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17572520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17582520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17592520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17602520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17612520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17622520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
17632520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17642520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
17652520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
17662520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
17672520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
17682520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17702520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17712520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17722520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17732520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
17742520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17752520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17762520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
17772520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17782520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17792520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17802520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17812520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17822520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17832520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17842520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17852520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17862520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17872520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17882520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17892520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17902520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17912520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
17922520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17932520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17942520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17952520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17962520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17972520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
17982520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17992520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
18002520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18012520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18022520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
18032520.1d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
18042520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
18052520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18062520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18072520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18082520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18092520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18102520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
18112520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18132520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18142520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18152520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18162520.1d40: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
18172520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
18182520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
18192520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18202520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18212520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
18222520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18232520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18242520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18252520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18262520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18272520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18282520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18292520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18302520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
18312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18322520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18332520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
18342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18362520.1d40: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
18372520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18382520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18392520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
18402520.1d40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
18412520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
18422520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18442520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18452520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18472520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
18482520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18492520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18502520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18512520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18522520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18532520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18542520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18562520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18572520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18582520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18592520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
18602520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18612520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18622520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18632520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18652520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
18662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18682520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
18692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18702520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18712520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
18722520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18732520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18742520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
18752520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
18762520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
18772520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18782520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18792520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
18802520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18812520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18822520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
18832520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18842520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18852520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
18862520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18872520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18882520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18892520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18902520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18912520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
18922520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18932520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18942520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
18952520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18962520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18972520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
18982520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18992520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19002520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
19012520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19022520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19032520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19042520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
19052520.1d40: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
19062520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19072520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19082520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
19092520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
19102520.1d40: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
19112520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19132520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
19142520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19152520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19162520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19172520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19182520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19192520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
19202520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
19212520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
19222520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
19232520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
19242520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
19252520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
19262520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
19272520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19282520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19292520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
19302520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19312520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
19322520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
19332520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
19342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19362520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
19372520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
19382520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
19392520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
19402520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
19412520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19422520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19442520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19452520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19472520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19482520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19492520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19502520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19512520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19522520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19532520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19542520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
19552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19562520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19572520.1d40: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
19582520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19592520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19602520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19612520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19622520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19632520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19652520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19682520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
19692520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
19702520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19712520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19722520.1d40: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19732520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
19742520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
19752520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
19762520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
19772520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19782520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19792520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
19802520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19812520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
19822520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
19832520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
19842520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
19852520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b980000 LB 0x00020000 C:\windows\System32\win32u.dll [fFlags=0x0]
19862520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
19872520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90bcc0000 LB 0x0009b000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
19882520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
19892520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90c700000 LB 0x00192000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
19902520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
19912520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
19922520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
19932520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
19942520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
19952520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
19962520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90f2f0000 LB 0x00028000 C:\windows\System32\GDI32.dll [fFlags=0x0]
19972520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
19982520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90cfd0000 LB 0x0018f000 C:\windows\System32\USER32.dll [fFlags=0x0]
19992520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
20002520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8f95e0000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
20012520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
20022520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8f82c0000 LB 0x0011e000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
20032520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
20042520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b930000 LB 0x0004a000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
20052520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
20062520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
20072520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90ccc0000 LB 0x00306000 C:\windows\System32\combase.dll [fFlags=0x0]
20082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
20092520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90db60000 LB 0x000a6000 C:\windows\System32\shcore.dll [fFlags=0x0]
20102520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20112520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
20122520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
20132520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
20142520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
20152520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90cab0000 LB 0x00051000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
20162520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20172520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
20182520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
20192520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
20202520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
20212520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b890000 LB 0x00011000 C:\windows\System32\kernel.appcore.dll [fFlags=0x0]
20222520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
20232520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
20242520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
20252520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
20262520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b840000 LB 0x0004c000 C:\windows\System32\powrprof.dll [fFlags=0x0]
20272520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
20282520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
20292520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
20302520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90bde0000 LB 0x0074a000 C:\windows\System32\windows.storage.dll [fFlags=0x0]
20312520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20322520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
20332520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
20342520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
20352520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
20362520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
20372520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90deb0000 LB 0x0143d000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
20382520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
20392520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90d6d0000 LB 0x00149000 C:\windows\System32\ole32.dll [fFlags=0x0]
20402520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20412520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8f61c0000 LB 0x0001b000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
20422520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
20432520.1d40: supR3HardenedDllNotificationCallback: load 0000000059b00000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
20442520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20452520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8c2e30000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
20462520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20472520.1d40: supR3HardenedDllNotificationCallback: load 0000000059590000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
20482520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
20492520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90f320000 LB 0x000c4000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
20502520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
20512520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8c3430000 LB 0x02388000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
20522520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
20532520.1d40: supR3HardenedDllNotificationCallback: load 000000005a470000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
20542520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20552520.1d40: supR3HardenedDllNotificationCallback: load 00007ff9048e0000 LB 0x0002a000 C:\windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
20562520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
20572520.1d40: supR3HardenedDllNotificationCallback: load 00007ff904940000 LB 0x00023000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
20582520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
20592520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8d82e0000 LB 0x00189000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
20602520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
20612520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20632520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20642520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20652520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20662520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20672520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20682520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20692520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20702520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20712520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20722520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20732520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20752520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20762520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20772520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20782520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20792520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20802520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20812520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20822520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20832520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20842520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20852520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20862520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20872520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20882520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20892520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20902520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20912520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20932520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20942520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20952520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
20962520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
20972520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
20982520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
20992520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21002520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21012520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
21022520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21032520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
21042520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21052520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21062520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21072520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21082520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21092520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21102520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21112520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21132520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21142520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21152520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21162520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
21172520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21182520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
21192520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21202520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21212520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21222520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21232520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21242520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21252520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21262520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21272520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21282520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
21292520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21302520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
21312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21322520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21332520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21372520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21382520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21392520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
21402520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21412520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21422520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
21432520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21442520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
21452520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21472520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21482520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21492520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21502520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21512520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21522520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
21532520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21542520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
21552520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21562520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dde0000 'C:\windows\System32\kernel32.dll'
21572520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21582520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21592520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21602520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21612520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21632520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21642520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21652520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21662520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21672520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21682520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21692520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21702520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21712520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21722520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21732520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21752520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21762520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21772520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21782520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21792520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21802520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21812520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21822520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21832520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21842520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
21852520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21862520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
21872520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21882520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21892520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21902520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21912520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21932520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21942520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21952520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21962520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21972520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21982520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21992520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22002520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22012520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22022520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22032520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22042520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22052520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22062520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22072520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22082520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22092520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22102520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22112520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22132520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22142520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22152520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22162520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22172520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22182520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22192520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22202520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22212520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22222520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22232520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22242520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22252520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
22262520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
22272520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-string-l1-1-0'
22282520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22292520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22302520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22312520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22322520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22332520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22342520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22352520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22362520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22372520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22382520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22392520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22402520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22412520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22422520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22432520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22442520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22452520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22462520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22472520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22482520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22492520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22502520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22512520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22522520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22532520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22542520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22552520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22562520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22572520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22582520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22592520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22602520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22612520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22622520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22632520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22642520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22652520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22662520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22672520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22682520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22692520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22702520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22712520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22722520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22732520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22742520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22752520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22762520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22782520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22792520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22802520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22812520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22822520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22832520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22842520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22852520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22862520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22872520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22882520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22892520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22902520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22912520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22922520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22932520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22942520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22952520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22962520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
22972520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
22982520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-datetime-l1-1-1'
22992520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
23002520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
23012520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
23022520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
23032520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
23042520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
23052520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
23062520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
23072520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
23082520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
23092520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
23102520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
23112520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
23122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
23132520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
23142520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
23152520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
23162520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
23172520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
23182520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
23192520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23202520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23212520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23222520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
23232520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23242520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
23252520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
23262520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
23272520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
23282520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
23292520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
23302520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
23312520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
23322520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
23332520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
23342520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
23352520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
23362520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
23372520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
23382520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
23392520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
23402520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
23412520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
23422520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
23432520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
23442520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
23452520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
23462520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
23472520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
23482520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
23492520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
23502520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
23512520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
23522520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
23532520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23542520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23552520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23562520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
23572520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23582520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
23592520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
23602520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
23612520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
23622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
23632520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
23642520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
23652520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
23662520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
23672520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
23682520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23692520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-localization-obsolete-l1-2-0'
23702520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
23712520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
23722520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
23732520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
23742520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
23752520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
23762520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
23772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
23782520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
23792520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
23802520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
23812520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
23822520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
23832520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
23842520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
23852520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
23862520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
23872520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
23882520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
23892520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
23902520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23912520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23922520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23932520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
23942520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23952520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
23962520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
23972520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
23982520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
23992520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
24002520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
24012520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
24022520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
24032520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
24042520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
24052520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
24062520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
24072520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
24082520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
24092520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
24102520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
24112520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
24122520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
24132520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
24142520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
24152520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
24162520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
24172520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
24182520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
24192520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
24202520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
24212520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
24222520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
24232520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
24242520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
24252520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24262520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
24272520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
24282520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
24292520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
24302520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
24312520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
24322520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
24332520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
24342520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
24352520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
24362520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
24372520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
24382520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
24392520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
24402520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
24412520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
24422520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
24432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24442520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24452520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
24462520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
24472520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
24482520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24492520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24502520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
24512520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
24522520.1d40: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
24532520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24542520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90d170000 LB 0x0002d000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
24552520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
24562520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d170000 'C:\windows\system32\IMM32.DLL'
24572520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
24582520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
24592520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
24602520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
24612520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
24622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
24632520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
24642520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
24652520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
24662520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
24672520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
24682520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
24692520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
24702520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
24712520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
24722520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
24732520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
24742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
24752520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
24762520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
24772520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
24782520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
24792520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
24802520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24812520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
24822520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
24832520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
24842520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
24852520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
24862520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
24872520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
24882520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
24892520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
24902520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
24912520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
24922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
24932520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
24942520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
24952520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
24962520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
24972520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
24982520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
24992520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
25002520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
25012520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
25022520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
25032520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
25042520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
25052520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
25062520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
25072520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
25082520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
25092520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
25102520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
25112520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
25122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
25132520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
25142520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
25152520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
25162520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
25172520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
25182520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
25192520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
25202520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
25212520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
25222520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
25232520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
25242520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
25252520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
25262520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
25272520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
25282520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
25292520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
25302520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25312520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f3f0000 'C:\windows\System32\ADVAPI32.DLL'
25322520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
25332520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
25342520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
25352520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
25362520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
25372520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
25382520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
25392520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
25402520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
25412520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
25422520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
25432520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
25442520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
25452520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
25462520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
25472520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
25482520.1d40: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
25492520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
25502520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
25512520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
25522520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
25532520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
25542520.1d40: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
25552520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
25562520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
25572520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
25582520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
25592520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
25602520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
25612520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
25622520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
25632520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
25642520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
25652520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
25662520.1d40: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
25672520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
25682520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d82e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
25692520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25712520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
25722520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
25752520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
25782520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25792520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25802520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
25812520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25832520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
25842520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25862520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
25872520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25882520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25892520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
25902520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25912520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
25932520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
25942520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
25952520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
25962520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0012AE95A21D7E6ABECFE12EE1BFBF231CEDAEB0
25972520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
25982520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
25992520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
26002520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26012520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
26022520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26032520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26042520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
26052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26062520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26072520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
26082520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26092520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
26102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26112520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26122520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
26132520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26142520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26152520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
26162520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26172520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26182520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
26192520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26202520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26212520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
26222520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26232520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26242520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
26252520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26262520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26272520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
26282520.1d40: SUPR3HardenedMain: Calling TrustedMain (00007ff8d82e16c0)...
26292520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26302520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
26312520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
26322520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26332520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
26342520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
26352520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26362520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
26372520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
26382520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
26392520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
26402520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
26412520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
26422520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
26432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26442520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26452520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
26462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
26472520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
26482520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
26492520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
26502520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
26512520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26522520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26532520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
26542520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26562520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
26572520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26582520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26592520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26602520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26612520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26622520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
26632520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26652520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
26662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26682520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26702520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26712520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26722520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26732520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26742520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
26752520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8e7ca0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
26762520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
26772520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e7ca0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
26782520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005dc pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
26792520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
26802520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
26812520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86C241B10A6558ACD09DD7A5B8E6E2277C8E4613
26822520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
26832520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26842520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
26852520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
26862520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4556812~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
26872520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26882520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26892520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
26902520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
26912520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
26922520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
26932520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26942520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26952520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26962520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26972520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26982520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26992520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27002520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27012520.1d40: supR3HardenedDllNotificationCallback: load 00007ff906610000 LB 0x00095000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
27022520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27032520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906610000 'C:\windows\system32\uxtheme.dll'
27042520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cfd0000 'C:\windows\system32\user32.dll'
27052520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
27062520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27072520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
27082520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
27092520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27102520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90db60000 'C:\windows\system32\SHCore.dll'
27112520.1d40: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
27122520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
27132520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27142520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
27152520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
27162520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
27172520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
27182520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
27192520.1d40: supR3HardenedDllNotificationCallback: load 00007ff909a60000 LB 0x0002a000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
27202520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
27212520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27222520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27232520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27242520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27252520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
27262520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27272520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27282520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
27292520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27312520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
27322520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
27332520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
27342520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
27352520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27362520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\system32\winmm.dll'
27372520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
27382520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27392520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\system32\winmm.dll'
27402520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
27412520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27422520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
27432520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27442520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27452520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906610000 'C:\windows\system32\uxtheme.dll'
27462520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
27472520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f3f0000 'C:\windows\system32\advapi32.dll'
27492520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
27502520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
27512520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
27522520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
27532520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
27542520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
27552520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
27562520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
27572520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
27582520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27592520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27602520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
27612520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27622520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
27632520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90b750000 LB 0x00029000 C:\windows\system32\userenv.dll [fFlags=0x0]
27642520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
27652520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b750000 'C:\windows\system32\userenv.dll'
27662520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27672520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27682520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dde0000 'C:\windows\System32\kernel32.dll'
27692520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90ca10000 LB 0x0009e000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
27702520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27712520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
27722520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
27732520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
27742520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27752520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27762520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27772520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27782520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
27792520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
27802520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
27812520.3b4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
27822520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
27832520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27842520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27852520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27862520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
27872520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27882520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27892520.3b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
27902520.3b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
27912520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27922520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27932520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
27942520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27952520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27962520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
27972520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27982520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27992520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
28002520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28012520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28022520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28032520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28042520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
28052520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28062520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28072520.3b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28082520.3b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
28092520.3b4c: supR3HardenedDllNotificationCallback: load 00007ff8d7790000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
28102520.3b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
28112520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7790000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
28122520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
28132520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28142520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28152520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28162520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
28172520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
28182520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
28192520.3b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
28202520.3b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
28212520.3b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
28222520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28232520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28242520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28252520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28262520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28272520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28282520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28292520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
28302520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
28312520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
28322520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
28332520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28342520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28352520.3b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
28362520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28372520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28382520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28392520.3b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28402520.3b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28412520.3b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
28422520.3b4c: supR3HardenedDllNotificationCallback: load 00007ff8f72e0000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
28432520.3b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
28442520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f72e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
28452520.3b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28462520.3b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28472520.3b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f320000 'C:\Windows\System32\oleaut32.dll'
28482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f2f0000 'C:\windows\system32\gdi32.dll'
28492520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
28502520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28512520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
28522520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90dc10000 LB 0x00168000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
28532520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28542520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
28552520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
28562520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
28572520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
28582520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'advapi32.dll'.
28592520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
28602520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
28612520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28622520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28632520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
28642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
28652520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
28662520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28672520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28682520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28692520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28702520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28712520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28722520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28732520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28742520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28752520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
28762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
28772520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
28782520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009dc pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
28792520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
28802520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
28812520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A99D466E6CAE45D002B9BE91D7720AC95A65BFAA
28822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
28832520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
28842520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_844_for_KB4556812~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
28852520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28862520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28872520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
28882520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
28892520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
28902520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
28912520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
28922520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
28932520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
28942520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
28952520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
28962520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
28972520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
28982520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
28992520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
29002520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
29012520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
29022520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
29032520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29042520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29052520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
29062520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
29072520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
29082520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
29092520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
29102520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29112520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
29122520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
29132520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
29142520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
29152520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29162520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29172520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
29182520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
29192520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
29202520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
29212520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29222520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29232520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
29242520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
29252520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
29262520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
29272520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
29282520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
29292520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
29302520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29312520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
29322520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
29332520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
29342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
29372520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
29382520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
29392520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29402520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29412520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29422520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
29432520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
29442520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
29452520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
29462520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90a5a0000 LB 0x000af000 C:\windows\system32\dxgi.dll [fFlags=0x0]
29472520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
29482520.1d40: supR3HardenedDllNotificationCallback: load 00007ff905710000 LB 0x002e2000 C:\windows\system32\d3d11.dll [fFlags=0x0]
29492520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
29502520.1d40: supR3HardenedDllNotificationCallback: load 00007ff9049a0000 LB 0x00142000 C:\windows\system32\dcomp.dll [fFlags=0x0]
29512520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
29522520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8e9120000 LB 0x0004f000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
29532520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
29542520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
29552520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29562520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f2f0000 'C:\windows\System32\gdi32.dll'
29572520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9120000 'C:\windows\system32\dataexchange.dll'
29582520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29592520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
29602520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
29612520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
29622520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
29632520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
29642520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
29652520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29662520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
29672520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
29682520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
29692520.1d40: supR3HardenedDllNotificationCallback: load 00007ff909b50000 LB 0x00020000 C:\windows\system32\RMCLIENT.dll [fFlags=0x0]
29702520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
29712520.1d40: supR3HardenedDllNotificationCallback: load 00007ff909ba0000 LB 0x00180000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
29722520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
29732520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29742520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29752520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29762520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29772520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29782520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29792520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
29802520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
29812520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
29822520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
29832520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29842520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29852520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
29862520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
29872520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
29882520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29892520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29902520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
29912520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
29922520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
29932520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
29942520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
29952520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
29962520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
29972520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29982520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90db60000 'C:\windows\system32\Shcore.dll'
29992520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30002520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
30012520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
30022520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
30032520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
30042520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30052520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
30062520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
30072520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
30082520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
30092520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30102520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
30112520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
30122520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
30132520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
30142520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
30152520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
30162520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
30172520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
30182520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
30192520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
30202520.1d40: supR3HardenedDllNotificationCallback: load 00007ff90a8c0000 LB 0x00031000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
30212520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
30222520.1d40: supR3HardenedDllNotificationCallback: load 00007ff904800000 LB 0x000dc000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
30232520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
30242520.1d40: supR3HardenedDllNotificationCallback: load 00007ff905490000 LB 0x00136000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
30252520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
30262520.1d40: supR3HardenedDllNotificationCallback: load 00007ff901240000 LB 0x002ee000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
30272520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
30282520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8fd620000 LB 0x00098000 C:\windows\System32\TextInputFramework.dll [fFlags=0x0]
30292520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
30302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
30312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
30322520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
30332520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
30362520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
30372520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
30382520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30392520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30402520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30412520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30422520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
30432520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
30442520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
30452520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
30462520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
30472520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
30482520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30492520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30502520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
30512520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
30522520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
30532520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
30542520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
30552520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
30562520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30572520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30582520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
30592520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
30602520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30612520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
30622520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
30632520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
30642520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
30652520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
30662520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
30672520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
30682520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
30692520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
30702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
30712520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
30722520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
30732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
30742520.1d40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
30752520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
30762520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30772520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f320000 'C:\windows\System32\OLEAUT32.DLL'
30782520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
30792520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30802520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cfd0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
30812520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
30822520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30832520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cfd0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
30842520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
30852520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30862520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ccc0000 'api-ms-win-core-com-l1-1-0.dll'
30872520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
30882520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30892520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90dc10000 'C:\windows\System32\MSCTF.dll'
30902520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
30912520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30922520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
30932520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
30942520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
30952520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30962520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d6d0000 'C:\windows\System32\ole32.dll'
30972520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90f320000 'C:\windows\System32\OLEAUT32.dll'
30982520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
30992520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
31002520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
31012520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
31022520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
31032520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
31042520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_934_for_KB4550927~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
31052520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31062520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31072520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
31082520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
31092520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
31102520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31112520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
31122520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
31132520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31142520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
31152520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
31162520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
31172520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
31182520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
31192520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
31202520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31212520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31222520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
31232520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
31242520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
31252520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31262520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31272520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31282520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31292520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31302520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31312520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31322520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31332520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31342520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
31352520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
31362520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
31372520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31382520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31392520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31402520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31412520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31422520.1d40: supR3HardenedDllNotificationCallback: load 00007ff901720000 LB 0x00081000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
31432520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31442520.1d40: supR3HardenedDllNotificationCallback: load 00007ff900d00000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
31452520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31462520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
31472520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31482520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
31492520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff900d00000 'C:\windows\system32\wbem\wbemprox.dll'
31502520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31512520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
31522520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
31532520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3E3EC800057E0E9FAFD03419437E41507961923
31542520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
31552520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
31562520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_934_for_KB4550927~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
31572520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31582520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31592520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31602520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
31612520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31622520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31632520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31642520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31652520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31662520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31672520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31682520.1d40: supR3HardenedDllNotificationCallback: load 00007ff9004d0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
31692520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9004d0000 'C:\windows\system32\wbem\wbemsvc.dll'
31712520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
31722520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31732520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-localization-l1-2-0.dll'
31742520.1d40: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
31752520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31762520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b9a0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
31772520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
31782520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
31792520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
31802520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
31812520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
31822520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
31832520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
31842520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31852520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31862520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
31872520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
31882520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
31892520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
31902520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
31912520.1d40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31922520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31932520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31942520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31952520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
31962520.1d40: supR3HardenedDllNotificationCallback: load 00007ff9004f0000 LB 0x000f0000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
31972520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
31982520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9004f0000 'C:\windows\system32\wbem\fastprox.dll'
31992520.2f44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32002520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32012520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
32022520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32032520.2f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
32042520.2f44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32052520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32062520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32072520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
32082520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
32092520.2f44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32102520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
32112520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32122520.2f44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
32132520.2f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
32142520.2f44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32152520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32162520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32172520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32182520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32192520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32202520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32212520.2f44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32222520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32232520.2f44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32242520.2f44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32252520.2f44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32262520.2f44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32272520.2f44: supR3HardenedDllNotificationCallback: load 000000005a2c0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
32282520.2f44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32292520.2f44: supR3HardenedDllNotificationCallback: load 00007ff8c2af0000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
32302520.2f44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32312520.2f44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c2af0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32322520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32332520.3b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32342520.3b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32352520.3b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32362520.3b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32372520.3b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
32382520.3b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
32392520.3b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32402520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32412520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32422520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32432520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32442520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32452520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32462520.3b04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32472520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32482520.3b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32492520.3b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32502520.3b04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32512520.3b04: supR3HardenedDllNotificationCallback: load 00007ff8f92e0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
32522520.3b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32532520.3b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f92e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
32542520.3b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90cfd0000 'C:\windows\system32\User32.dll'
32552520.2284: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32562520.2284: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32572520.2284: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32582520.2284: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32592520.2284: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
32602520.2284: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
32612520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32622520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32632520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32642520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32652520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32662520.2284: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32672520.2284: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32682520.2284: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
32692520.2284: supR3HardenedDllNotificationCallback: load 00007ff8f8ce0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
32702520.2284: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
32712520.2284: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
32722520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\Shell32.dll'
32732520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32742520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32752520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32762520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32772520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32782520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
32792520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
32802520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
32812520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
32822520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
32832520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
32842520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
32852520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
32862520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
32872520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
32882520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
32892520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
32902520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
32912520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
32922520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
32932520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32942520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32952520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32962520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32972520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
32982520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
32992520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33002520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33012520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
33022520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33032520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
33042520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
33052520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
33062520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
33072520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33082520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33092520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
33102520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
33112520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33122520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33132520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
33142520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33152520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33162520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33172520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33182520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
33192520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33202520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33212520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33222520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
33232520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33242520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
33252520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
33262520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33272520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33282520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33292520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33302520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
33312520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33322520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33332520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33342520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
33352520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
33362520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
33372520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
33382520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
33392520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33402520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33412520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33422520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33432520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33442520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33452520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33462520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33472520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33482520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
33492520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33502520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
33512520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33522520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33532520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33542520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33552520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33562520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33572520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33582520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
33592520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
33602520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33612520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
33622520.3010: supR3HardenedDllNotificationCallback: load 00007ff90d210000 LB 0x0044e000 C:\windows\System32\SETUPAPI.dll [fFlags=0x0]
33632520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
33642520.3010: supR3HardenedDllNotificationCallback: load 00007ff8f5b50000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
33652520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
33662520.3010: supR3HardenedDllNotificationCallback: load 00007ff8f64a0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
33672520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33682520.3010: supR3HardenedDllNotificationCallback: load 00007ff90ae00000 LB 0x00039000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
33692520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
33702520.3010: supR3HardenedDllNotificationCallback: load 00007ff8c2110000 LB 0x009df000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
33712520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
33722520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c2110000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
33732520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33742520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
33752520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33762520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7790000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
33772520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33782520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33792520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33802520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f64a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
33812520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33822520.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
33832520.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33842520.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
33852520.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33862520.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
33872520.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33882520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33892520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33902520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33912520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33922520.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33932520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33942520.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33952520.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33962520.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33972520.377c: supR3HardenedDllNotificationCallback: load 00007ff8f8cc0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
33982520.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33992520.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
34002520.1c4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34012520.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34022520.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
34032520.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
34042520.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
34052520.1c4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
34062520.1c4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
34072520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34082520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34092520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
34102520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
34112520.1c4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
34122520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
34132520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
34142520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34152520.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34162520.1c4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34172520.1c4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
34182520.1c4c: supR3HardenedDllNotificationCallback: load 00007ff8f7e60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
34192520.1c4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
34202520.1c4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f7e60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
34212520.2f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34222520.2f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34232520.2f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
34242520.2f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
34252520.2f40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
34262520.2f40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
34272520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34282520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34292520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
34302520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
34312520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34322520.2f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34332520.2f40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34342520.2f40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
34352520.2f40: supR3HardenedDllNotificationCallback: load 00007ff8f7e50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
34362520.2f40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
34372520.2f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f7e50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
34382520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
34392520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34402520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ae00000 'C:\windows\system32\Iphlpapi.dll'
34412520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34422520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
34432520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
34442520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
34452520.3010: supR3HardenedDllNotificationCallback: load 00007ff90d6c0000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
34462520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
34472520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
34482520.3010: supR3HardenedDllNotificationCallback: load 00007ff905c90000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
34492520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
34502520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34512520.3010: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
34522520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
34532520.3010: supR3HardenedDllNotificationCallback: load 00007ff905b90000 LB 0x00016000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
34542520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
34552520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34562520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
34572520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
34582520.3010: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
34592520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
34602520.3010: supR3HardenedDllNotificationCallback: load 00007ff905a70000 LB 0x0001a000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
34612520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
34622520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c70 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
34632520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
34642520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
34652520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
34662520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
34672520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
34682520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
34692520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
34702520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
34712520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
34722520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34732520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34742520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34752520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34762520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
34772520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
34782520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
34792520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34802520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34812520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34822520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
34832520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_956_for_KB4550927~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
34842520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34852520.3010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
34862520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
34872520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
34882520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
34892520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
34902520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34912520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
34922520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_956_for_KB4550927~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
34932520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34942520.3010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
34952520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34962520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
34972520.3010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
34982520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
34992520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35002520.3010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
35012520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35022520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35032520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35042520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
35052520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
35062520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
35072520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
35082520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35092520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
35102520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
35112520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35122520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35132520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35142520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
35152520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
35162520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
35172520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
35182520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
35192520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
35202520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35212520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35222520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35232520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35242520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35252520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35262520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35272520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35282520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
35292520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
35302520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
35312520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35322520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35332520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35342520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35352520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
35362520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
35372520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
35382520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35392520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35402520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
35412520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
35422520.3010: supR3HardenedDllNotificationCallback: load 00007ff90b630000 LB 0x00027000 C:\windows\System32\DEVOBJ.dll [fFlags=0x0]
35432520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
35442520.3010: supR3HardenedDllNotificationCallback: load 00007ff901010000 LB 0x001b1000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
35452520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
35462520.3010: supR3HardenedDllNotificationCallback: load 00007ff9011d0000 LB 0x0006f000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
35472520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35482520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9011d0000 'C:\windows\System32\MMDevApi.dll'
35492520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000109c pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
35502520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
35512520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
35522520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
35532520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35542520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35552520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
35562520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35572520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35582520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
35592520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
35602520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
35612520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
35622520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35632520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35642520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35652520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35662520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35672520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35682520.3010: supR3HardenedDllNotificationCallback: load 00007ff8d7550000 LB 0x0008f000 C:\windows\System32\dsound.dll [fFlags=0x0]
35692520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35702520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35712520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35722520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\System32\dsound.dll'
35732520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\System32\dsound.dll'
35742520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35752520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35762520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
35772520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35782520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35792520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9011d0000 'C:\windows\System32\MMDEVAPI.DLL'
35802520.11b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35812520.11b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35822520.11b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
35832520.11b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
35842520.11b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
35852520.11b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
35862520.11b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
35872520.11b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
35882520.11b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
35892520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
35902520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
35912520.11b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
35922520.11b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
35932520.11b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
35942520.11b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
35952520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35962520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35972520.11b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35982520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35992520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
36002520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36012520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36022520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
36032520.11b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
36042520.11b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
36052520.11b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36062520.11b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
36072520.11b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36082520.11b0: supR3HardenedDllNotificationCallback: load 00007ff903a00000 LB 0x0000a000 C:\windows\SYSTEM32\AVRT.dll [fFlags=0x0]
36092520.11b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36102520.11b0: supR3HardenedDllNotificationCallback: load 00007ff8ea590000 LB 0x00122000 C:\windows\System32\AUDIOSES.DLL [fFlags=0x0]
36112520.11b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
36122520.11b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea590000 'C:\windows\System32\AUDIOSES.DLL'
36132520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
36142520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
36152520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
36162520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001178 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36172520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
36182520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
36192520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
36202520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
36212520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
36222520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
36232520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36242520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36252520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
36262520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
36272520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
36282520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
36292520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36302520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
36312520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
36322520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36332520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
36342520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
36352520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
36362520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
36372520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36382520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
36392520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36402520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36412520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
36422520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36432520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36442520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36452520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36462520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36472520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36482520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36492520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36502520.3010: supR3HardenedDllNotificationCallback: load 00007ff905150000 LB 0x00009000 C:\windows\SYSTEM32\ksuser.dll [fFlags=0x0]
36512520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36522520.3010: supR3HardenedDllNotificationCallback: load 00007ff8e5ca0000 LB 0x00042000 C:\windows\System32\wdmaud.drv [fFlags=0x0]
36532520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36542520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36552520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36562520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36572520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36582520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36592520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36602520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36612520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36622520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36632520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36642520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36652520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36662520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36672520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36682520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36692520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36702520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36712520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36722520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36732520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5ca0000 'C:\windows\System32\wdmaud.drv'
36742520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011bc pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
36752520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
36762520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
36772520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
36782520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
36792520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
36802520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
36812520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36822520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36832520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
36842520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
36852520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
36862520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
36872520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36882520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
36892520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
36902520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
36912520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
36922520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
36932520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
36942520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
36952520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36962520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
36972520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
36982520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36992520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
37002520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
37012520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37022520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37032520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37042520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37052520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37062520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37072520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
37082520.3010: supR3HardenedDllNotificationCallback: load 00007ff8f9440000 LB 0x0001c000 C:\windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
37092520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
37102520.3010: supR3HardenedDllNotificationCallback: load 00007ff9047e0000 LB 0x0000c000 C:\windows\System32\msacm32.drv [fFlags=0x0]
37112520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37122520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37132520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37142520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37152520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37162520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37172520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37182520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37192520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37202520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37212520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37222520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37232520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37242520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37252520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37262520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37272520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37282520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37292520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37302520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37312520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37322520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37332520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9047e0000 'C:\windows\System32\msacm32.drv'
37342520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b0 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
37352520.3010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
37362520.3010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
37372520.3010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
37382520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
37392520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
37402520.3010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
37412520.3010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37422520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37432520.3010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
37442520.3010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
37452520.3010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
37462520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
37472520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
37482520.3010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
37492520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37502520.3010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37512520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37522520.3010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
37532520.3010: supR3HardenedDllNotificationCallback: load 00007ff9039e0000 LB 0x0000a000 C:\windows\System32\midimap.dll [fFlags=0x0]
37542520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
37552520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9039e0000 'C:\windows\System32\midimap.dll'
37562520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
37572520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37582520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9039e0000 'C:\windows\System32\midimap.dll'
37592520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
37602520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37612520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9039e0000 'C:\windows\System32\midimap.dll'
37622520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
37632520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37642520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9039e0000 'C:\windows\System32\midimap.dll'
37652520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37662520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37672520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37682520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37692520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37702520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37712520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37722520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
37732520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37742520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37752520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37762520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37772520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37782520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
37792520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37802520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
37812520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37822520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37832520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37842520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37852520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37862520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
37872520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
37882520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
37892520.1e40: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
37902520.1e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
37912520.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
37922520.1e40: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000010c0 (hFile=0000000000001204) with 0xc0000022 -> STATUS_TRUST_FAILURE
37932520.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
37942520.1e40: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001204 (hFile=00000000000010c0) with 0xc0000022 -> STATUS_TRUST_FAILURE
37952520.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
37962520.1e40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
37972520.1e40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
37982520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
37992520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\CRYPT32.dll'
38002520.1e40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AA8963C9F5E5DC6B00EAAD3C097F646B1260B1D
38012520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
38022520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
38032520.1e40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_963_for_KB4556812~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
38042520.1e40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38052520.1e40: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
38062520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
38072520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
38082520.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
38092520.1e40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
38102520.1e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
38112520.1e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
38122520.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38132520.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38142520.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
38152520.1e40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
38162520.1e40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
38172520.1e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38182520.1e40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
38192520.1e40: supR3HardenedDllNotificationCallback: load 00007ff90b0b0000 LB 0x00066000 C:\windows\system32\mswsock.dll [fFlags=0x0]
38202520.1e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
38212520.1e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b0b0000 'C:\windows\system32\mswsock.dll'
38222520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
38232520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38242520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
38252520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38262520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38272520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38282520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38292520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38302520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38312520.30ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
38322520.30ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
38332520.30ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\CRYPT32.dll'
38342520.30ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
38352520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38362520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
38372520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
38382520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
38392520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
38402520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'textinputframework.dll'.
38412520.30ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
38422520.30ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
38432520.30ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
38442520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
38452520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
38462520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
38472520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
38482520.30ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
38492520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
38502520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
38512520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
38522520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
38532520.30ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
38542520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
38552520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
38562520.30ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
38572520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38582520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38592520.30ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
38602520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38612520.30ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38622520.30ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
38632520.30ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
38642520.30ec: supR3HardenedDllNotificationCallback: load 00007ff8fd6c0000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
38652520.30ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
38662520.30ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd6c0000 'C:\Windows\System32\Windows.UI.dll'
38672520.37f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
38682520.37f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
38692520.37f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff903a00000 'C:\windows\System32\avrt.dll'
38702520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
38712520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90deb0000 'C:\windows\system32\shell32.dll'
38722520.2590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
38732520.2590: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38742520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
38752520.2590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
38762520.2590: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38772520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38782520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38792520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38802520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38812520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38822520.2590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
38832520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001434 pwszName=\Device\HarddiskVolume4\Windows\System32\ninput.dll
38842520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003656690
38852520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003656690
38862520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8d0000 'C:\Windows\System32\WINTRUST.DLL'
38872520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\CRYPT32.dll'
38882520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2ED02DC41E28BA3551A449FBB9D3BA2BB179EEEC
38892520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ac70000 'C:\windows\system32\rsaenh.dll'
38902520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c530000 'C:\windows\System32\crypt32.dll'
38912520.1d40: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4556812~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\ninput.dll'
38922520.1d40: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38932520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38942520.1d40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'oleaut32.dll'.
38952520.1d40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ninput.dll) WinVerifyTrust
38962520.1d40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ninput.dll
38972520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
38982520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
38992520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
39002520.1d40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
39012520.1d40: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Ninput.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39022520.1d40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
39032520.1d40: supR3HardenedDllNotificationCallback: load 00007ff8f1890000 LB 0x00063000 C:\windows\system32\Ninput.dll [fFlags=0x0]
39042520.1d40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
39052520.1d40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1890000 'C:\windows\system32\Ninput.dll'
39062520.1010: supR3HardenedDllNotificationCallback: Unload 00007ff8fd6c0000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
39072520.3010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
39082520.3010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39092520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
39102520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39112520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39122520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39132520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39142520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39152520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39162520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d7550000 'C:\windows\system32\dsound.dll'
39172520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39182520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39192520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39202520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39212520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'
39222520.3010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904940000 'C:\windows\System32\winmm.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy