VirtualBox

Ticket #19699: VBoxHardening.log

File VBoxHardening.log, 385.2 KB (added by Johan1974, 4 years ago)

VBOX Hardening Logifle

Line 
13a60.3a64: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
23a60.3a64: \SystemRoot\System32\ntdll.dll:
33a60.3a64: CreationTime: 2020-03-03T11:41:35.605689100Z
43a60.3a64: LastWriteTime: 2020-03-03T11:41:35.635319900Z
53a60.3a64: ChangeTime: 2020-03-03T12:31:49.337223600Z
63a60.3a64: FileAttributes: 0x20
73a60.3a64: Size: 0x1e8458
83a60.3a64: NT Headers: 0xd8
93a60.3a64: Timestamp: 0x64d10ee0
103a60.3a64: Machine: 0x8664 - amd64
113a60.3a64: Timestamp: 0x64d10ee0
123a60.3a64: Image Version: 10.0
133a60.3a64: SizeOfImage: 0x1f0000 (2031616)
143a60.3a64: Resource Dir: 0x17f000 LB 0x6f310
153a60.3a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163a60.3a64: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173a60.3a64: ProductName: Microsoft® Windows® Operating System
183a60.3a64: ProductVersion: 10.0.18362.657
193a60.3a64: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
203a60.3a64: FileDescription: NT Layer DLL
213a60.3a64: \SystemRoot\System32\kernel32.dll:
223a60.3a64: CreationTime: 2020-03-03T11:41:12.718195400Z
233a60.3a64: LastWriteTime: 2020-03-03T11:41:12.728198400Z
243a60.3a64: ChangeTime: 2020-03-03T12:31:41.370376000Z
253a60.3a64: FileAttributes: 0x20
263a60.3a64: Size: 0xb0570
273a60.3a64: NT Headers: 0xe8
283a60.3a64: Timestamp: 0xd0cecc10
293a60.3a64: Machine: 0x8664 - amd64
303a60.3a64: Timestamp: 0xd0cecc10
313a60.3a64: Image Version: 10.0
323a60.3a64: SizeOfImage: 0xb2000 (729088)
333a60.3a64: Resource Dir: 0xb0000 LB 0x520
343a60.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353a60.3a64: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363a60.3a64: ProductName: Microsoft® Windows® Operating System
373a60.3a64: ProductVersion: 10.0.18362.329
383a60.3a64: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
393a60.3a64: FileDescription: Windows NT BASE API Client DLL
403a60.3a64: \SystemRoot\System32\KernelBase.dll:
413a60.3a64: CreationTime: 2020-03-03T11:41:36.355693900Z
423a60.3a64: LastWriteTime: 2020-03-03T11:41:36.425261200Z
433a60.3a64: ChangeTime: 2020-03-03T12:31:47.790717900Z
443a60.3a64: FileAttributes: 0x20
453a60.3a64: Size: 0x2a3508
463a60.3a64: NT Headers: 0xf0
473a60.3a64: Timestamp: 0xf96f12ee
483a60.3a64: Machine: 0x8664 - amd64
493a60.3a64: Timestamp: 0xf96f12ee
503a60.3a64: Image Version: 10.0
513a60.3a64: SizeOfImage: 0x2a3000 (2764800)
523a60.3a64: Resource Dir: 0x27d000 LB 0x548
533a60.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543a60.3a64: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553a60.3a64: ProductName: Microsoft® Windows® Operating System
563a60.3a64: ProductVersion: 10.0.18362.628
573a60.3a64: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
583a60.3a64: FileDescription: Windows NT BASE API Client DLL
593a60.3a64: \SystemRoot\System32\apisetschema.dll:
603a60.3a64: CreationTime: 2019-03-19T04:43:54.837151500Z
613a60.3a64: LastWriteTime: 2019-03-19T04:43:54.837151500Z
623a60.3a64: ChangeTime: 2020-03-03T11:42:43.490706700Z
633a60.3a64: FileAttributes: 0x20
643a60.3a64: Size: 0x1d028
653a60.3a64: NT Headers: 0xc8
663a60.3a64: Timestamp: 0xd6ced080
673a60.3a64: Machine: 0x8664 - amd64
683a60.3a64: Timestamp: 0xd6ced080
693a60.3a64: Image Version: 10.0
703a60.3a64: SizeOfImage: 0x1e000 (122880)
713a60.3a64: Resource Dir: 0x1d000 LB 0x408
723a60.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733a60.3a64: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743a60.3a64: ProductName: Microsoft® Windows® Operating System
753a60.3a64: ProductVersion: 10.0.18362.1
763a60.3a64: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
773a60.3a64: FileDescription: ApiSet Schema DLL
783a60.3a64: supR3HardenedWinFindAdversaries: 0x1000
793a60.3a64: \SystemRoot\System32\drivers\vsdatant.sys:
803a60.3a64: CreationTime: 2019-11-27T14:25:40.000000000Z
813a60.3a64: LastWriteTime: 2019-11-27T14:25:40.000000000Z
823a60.3a64: ChangeTime: 2020-03-05T08:44:55.299372300Z
833a60.3a64: FileAttributes: 0x20
843a60.3a64: Size: 0x89248
853a60.3a64: NT Headers: 0xe8
863a60.3a64: Timestamp: 0x5ddd107a
873a60.3a64: Machine: 0x8664 - amd64
883a60.3a64: Timestamp: 0x5ddd107a
893a60.3a64: Image Version: 10.0
903a60.3a64: SizeOfImage: 0xad000 (708608)
913a60.3a64: Resource Dir: 0xab000 LB 0x3d0
923a60.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
933a60.3a64: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
943a60.3a64: ProductName: End Point Security
953a60.3a64: ProductVersion: R80
963a60.3a64: FileVersion: 926003501
973a60.3a64: FileDescription: ZoneAlarm Firewalling Driver
983a60.3a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
993a60.3a64: Calling main()
1003a60.3a64: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1013a60.3a64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1023a60.3a64: SUPR3HardenedMain: Respawn #1
1033a60.3a64: System32: \Device\HarddiskVolume3\Windows\System32
1043a60.3a64: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1053a60.3a64: KnownDllPath: C:\WINDOWS\System32
1063a60.3a64: supR3HardenedWinInit: Performing a limited self purification...
1073a60.3a64: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1083a60.3a64: *0000000000000000-0000000000f7ffff 0x0001/0x0000 0x0000000
1093a60.3a64: *0000000000f80000-0000000000f8ffff 0x0004/0x0004 0x0040000
1103a60.3a64: 0000000000f90000-0000000000f9ffff 0x0001/0x0000 0x0000000
1113a60.3a64: *0000000000fa0000-0000000000fbafff 0x0002/0x0002 0x0040000
1123a60.3a64: 0000000000fbb000-0000000000fbffff 0x0001/0x0000 0x0000000
1133a60.3a64: *0000000000fc0000-0000000000fc3fff 0x0002/0x0002 0x0040000
1143a60.3a64: 0000000000fc4000-0000000000fcffff 0x0001/0x0000 0x0000000
1153a60.3a64: *0000000000fd0000-0000000000fd1fff 0x0004/0x0004 0x0020000
1163a60.3a64: 0000000000fd2000-0000000000ffffff 0x0001/0x0000 0x0000000
1173a60.3a64: *0000000001000000-000000000117ffff 0x0000/0x0004 0x0020000
1183a60.3a64: 0000000001180000-0000000001182fff 0x0004/0x0004 0x0020000
1193a60.3a64: 0000000001183000-00000000011fffff 0x0000/0x0004 0x0020000
1203a60.3a64: *0000000001200000-00000000012b0fff 0x0000/0x0004 0x0020000
1213a60.3a64: 00000000012b1000-00000000012b3fff 0x0104/0x0004 0x0020000
1223a60.3a64: 00000000012b4000-00000000012fffff 0x0004/0x0004 0x0020000
1233a60.3a64: *0000000001300000-0000000001301fff 0x0004/0x0004 0x0020000
1243a60.3a64: 0000000001302000-0000000001331fff 0x0000/0x0004 0x0020000
1253a60.3a64: 0000000001332000-000000000136ffff 0x0001/0x0000 0x0000000
1263a60.3a64: *0000000001370000-0000000001375fff 0x0004/0x0004 0x0020000
1273a60.3a64: 0000000001376000-000000000146ffff 0x0000/0x0004 0x0020000
1283a60.3a64: *0000000001470000-0000000001536fff 0x0002/0x0002 0x0040000
1293a60.3a64: 0000000001537000-00000000015bffff 0x0001/0x0000 0x0000000
1303a60.3a64: *00000000015c0000-00000000015cefff 0x0004/0x0004 0x0020000
1313a60.3a64: 00000000015cf000-00000000015cffff 0x0000/0x0004 0x0020000
1323a60.3a64: *00000000015d0000-00000000015d9fff 0x0000/0x0004 0x0020000
1333a60.3a64: 00000000015da000-00000000017cafff 0x0004/0x0004 0x0020000
1343a60.3a64: 00000000017cb000-00000000017cbfff 0x0000/0x0004 0x0020000
1353a60.3a64: 00000000017cc000-00000000017cffff 0x0001/0x0000 0x0000000
1363a60.3a64: *00000000017d0000-00000000017ecfff 0x0004/0x0004 0x0020000
1373a60.3a64: 00000000017ed000-00000000018cffff 0x0000/0x0004 0x0020000
1383a60.3a64: 00000000018d0000-000000007ffdffff 0x0001/0x0000 0x0000000
1393a60.3a64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1403a60.3a64: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
1413a60.3a64: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
1423a60.3a64: 000000007ffe3000-00007ff4ec71ffff 0x0001/0x0000 0x0000000
1433a60.3a64: *00007ff4ec720000-00007ff4ec724fff 0x0002/0x0002 0x0040000
1443a60.3a64: 00007ff4ec725000-00007ff4ec81ffff 0x0000/0x0002 0x0040000
1453a60.3a64: *00007ff4ec820000-00007ff5ec83ffff 0x0000/0x0004 0x0020000
1463a60.3a64: *00007ff5ec840000-00007ff5ee83ffff 0x0000/0x0004 0x0020000
1473a60.3a64: 00007ff5ee840000-00007ff5ee840fff 0x0004/0x0004 0x0020000
1483a60.3a64: 00007ff5ee841000-00007ff5ee84ffff 0x0001/0x0000 0x0000000
1493a60.3a64: *00007ff5ee850000-00007ff5ee850fff 0x0002/0x0002 0x0040000
1503a60.3a64: 00007ff5ee851000-00007ff5ee85ffff 0x0001/0x0000 0x0000000
1513a60.3a64: *00007ff5ee860000-00007ff5ee882fff 0x0002/0x0002 0x0040000
1523a60.3a64: 00007ff5ee883000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
1533a60.3a64: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1543a60.3a64: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1553a60.3a64: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1563a60.3a64: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1573a60.3a64: 00007ff72fee0000-00007ff72fee2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1583a60.3a64: 00007ff72fee3000-00007ff72fee5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1593a60.3a64: 00007ff72fee6000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1603a60.3a64: 00007ff72fee9000-00007ff72fee9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1613a60.3a64: 00007ff72feea000-00007ff72feebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1623a60.3a64: 00007ff72feec000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1633a60.3a64: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1643a60.3a64: 00007ff72ff36000-00007fff15caffff 0x0001/0x0000 0x0000000
1653a60.3a64: *00007fff15cb0000-00007fff15cb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1663a60.3a64: 00007fff15cb1000-00007fff15db5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1673a60.3a64: 00007fff15db6000-00007fff15f17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1683a60.3a64: 00007fff15f18000-00007fff15f1bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1693a60.3a64: 00007fff15f1c000-00007fff15f1cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1703a60.3a64: 00007fff15f1d000-00007fff15f52fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1713a60.3a64: 00007fff15f53000-00007fff176fffff 0x0001/0x0000 0x0000000
1723a60.3a64: *00007fff17700000-00007fff17700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1733a60.3a64: 00007fff17701000-00007fff17775fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1743a60.3a64: 00007fff17776000-00007fff177a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1753a60.3a64: 00007fff177a8000-00007fff177a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1763a60.3a64: 00007fff177a9000-00007fff177a9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1773a60.3a64: 00007fff177aa000-00007fff177b1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1783a60.3a64: 00007fff177b2000-00007fff1807ffff 0x0001/0x0000 0x0000000
1793a60.3a64: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1803a60.3a64: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1813a60.3a64: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1823a60.3a64: 00007fff181df000-00007fff181dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1833a60.3a64: 00007fff181e0000-00007fff181e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1843a60.3a64: 00007fff181e2000-00007fff181eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1853a60.3a64: 00007fff181eb000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1863a60.3a64: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
1873a60.3a64: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
1883a60.3a64: kernelbase.dll: timestamp 0xf96f12ee (rc=VINF_SUCCESS)
1893a60.3a64: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
1903a60.3a64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1913a60.3a64: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1923a60.3a64: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1933a60.3a64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1943a60.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1953a60.3a64: supR3HardNtEnableThreadCreationEx:
1963a60.3a64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
1973a60.3a64: supR3HardenedWinDoReSpawn(1): New child 3b98.3b9c [kernel32].
1983a60.3a64: supR3HardNtChildGatherData: PebBaseAddress=000000000048f000 cbPeb=0x388
1993a60.3a64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff18080000 uNtDllChildAddr=00007fff18080000
2003a60.3a64: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff180f17f0
2013a60.3a64: supR3HardenedWinSetupChildInit: Initial context:
202 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72fe27900 rdx=000000000048f000
203 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
204 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
205 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
206 rip=00007fff180eceb0 rsp=00000000006ff808 rbp=0000000000000000 ctxflags=0010001b
207 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
208 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
209 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
210 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
211 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2123a60.3a64: supR3HardenedWinSetupChildInit: Start child.
2133a60.3a64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2143a60.3a64: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 32 sleeps
2153a60.3a64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2163a60.3a64: *0000000000000000-000000000030ffff 0x0001/0x0000 0x0000000
2173a60.3a64: *0000000000310000-000000000032ffff 0x0004/0x0004 0x0020000
2183a60.3a64: *0000000000330000-000000000034afff 0x0002/0x0002 0x0040000
2193a60.3a64: 000000000034b000-000000000034ffff 0x0001/0x0000 0x0000000
2203a60.3a64: *0000000000350000-0000000000353fff 0x0002/0x0002 0x0040000
2213a60.3a64: 0000000000354000-000000000035ffff 0x0001/0x0000 0x0000000
2223a60.3a64: *0000000000360000-0000000000361fff 0x0004/0x0004 0x0020000
2233a60.3a64: 0000000000362000-00000000003fffff 0x0001/0x0000 0x0000000
2243a60.3a64: *0000000000400000-000000000048efff 0x0000/0x0004 0x0020000
2253a60.3a64: 000000000048f000-0000000000491fff 0x0004/0x0004 0x0020000
2263a60.3a64: 0000000000492000-00000000005fffff 0x0000/0x0004 0x0020000
2273a60.3a64: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
2283a60.3a64: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
2293a60.3a64: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
2303a60.3a64: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
2313a60.3a64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2323a60.3a64: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
2333a60.3a64: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
2343a60.3a64: 000000007ffe3000-00007ff5c1faffff 0x0001/0x0000 0x0000000
2353a60.3a64: *00007ff5c1fb0000-00007ff5c1fb0fff 0x0002/0x0002 0x0040000
2363a60.3a64: 00007ff5c1fb1000-00007ff5c1fbffff 0x0001/0x0000 0x0000000
2373a60.3a64: *00007ff5c1fc0000-00007ff5c1fe2fff 0x0002/0x0002 0x0040000
2383a60.3a64: 00007ff5c1fe3000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
2393a60.3a64: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2403a60.3a64: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2413a60.3a64: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2423a60.3a64: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2433a60.3a64: 00007ff72fee0000-00007ff72fee0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2443a60.3a64: 00007ff72fee1000-00007ff72fee1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2453a60.3a64: 00007ff72fee2000-00007ff72fee6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2463a60.3a64: 00007ff72fee7000-00007ff72fee7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2473a60.3a64: 00007ff72fee8000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2483a60.3a64: 00007ff72fee9000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2493a60.3a64: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2503a60.3a64: 00007ff72ff36000-00007fff1807ffff 0x0001/0x0000 0x0000000
2513a60.3a64: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2523a60.3a64: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2533a60.3a64: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2543a60.3a64: 00007fff181df000-00007fff181eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2553a60.3a64: 00007fff181eb000-00007fff181f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2563a60.3a64: 00007fff181fa000-00007fff181fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2573a60.3a64: 00007fff181fb000-00007fff181fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2583a60.3a64: 00007fff181fe000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2593a60.3a64: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
2603a60.3a64: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
2613b98.3b9c: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
2623b98.3b9c: supR3HardenedVmProcessInit: uNtDllAddr=00007fff18080000 g_uNtVerCombined=0xa047ba00 (stack ~00000000006ff298)
2633b98.3b9c: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
2643b98.3b9c: New simple heap: #1 0000000000800000 LB 0x400000 (for 2031616 allocation)
2653a60.3a64: supR3HardNtEnableThreadCreationEx:
2663b98.3b9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2673b98.3b9c: System32: \Device\HarddiskVolume3\Windows\System32
2683b98.3b9c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2693b98.3b9c: KnownDllPath: C:\WINDOWS\System32
2703b98.3b9c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2713b98.3b9c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2723b98.3b9c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2733b98.3b9c: Registered Dll notification callback with NTDLL.
2743b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2753b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2763b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2773b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff15cb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2783b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2793b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2803b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff17700000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2813b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2823b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\KERNEL32.DLL'
2833b98.3b9c: supR3HardenedDllNotificationCallback: load 00007ff72fe20000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2843b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2853b98.3b9c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2863b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2873b98.3b9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
2883a60.3a64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 75 ms.
2893b98.3b9c: \SystemRoot\System32\ntdll.dll:
2903b98.3b9c: CreationTime: 2020-03-03T11:41:35.605689100Z
2913b98.3b9c: LastWriteTime: 2020-03-03T11:41:35.635319900Z
2923b98.3b9c: ChangeTime: 2020-03-03T12:31:49.337223600Z
2933b98.3b9c: FileAttributes: 0x20
2943b98.3b9c: Size: 0x1e8458
2953b98.3b9c: NT Headers: 0xd8
2963b98.3b9c: Timestamp: 0x64d10ee0
2973b98.3b9c: Machine: 0x8664 - amd64
2983b98.3b9c: Timestamp: 0x64d10ee0
2993b98.3b9c: Image Version: 10.0
3003b98.3b9c: SizeOfImage: 0x1f0000 (2031616)
3013b98.3b9c: Resource Dir: 0x17f000 LB 0x6f310
3023b98.3b9c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3033b98.3b9c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3043b98.3b9c: ProductName: Microsoft® Windows® Operating System
3053b98.3b9c: ProductVersion: 10.0.18362.657
3063b98.3b9c: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
3073b98.3b9c: FileDescription: NT Layer DLL
3083b98.3b9c: \SystemRoot\System32\kernel32.dll:
3093b98.3b9c: CreationTime: 2020-03-03T11:41:12.718195400Z
3103b98.3b9c: LastWriteTime: 2020-03-03T11:41:12.728198400Z
3113b98.3b9c: ChangeTime: 2020-03-03T12:31:41.370376000Z
3123b98.3b9c: FileAttributes: 0x20
3133b98.3b9c: Size: 0xb0570
3143b98.3b9c: NT Headers: 0xe8
3153b98.3b9c: Timestamp: 0xd0cecc10
3163b98.3b9c: Machine: 0x8664 - amd64
3173b98.3b9c: Timestamp: 0xd0cecc10
3183b98.3b9c: Image Version: 10.0
3193b98.3b9c: SizeOfImage: 0xb2000 (729088)
3203b98.3b9c: Resource Dir: 0xb0000 LB 0x520
3213b98.3b9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3223b98.3b9c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3233b98.3b9c: ProductName: Microsoft® Windows® Operating System
3243b98.3b9c: ProductVersion: 10.0.18362.329
3253b98.3b9c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
3263b98.3b9c: FileDescription: Windows NT BASE API Client DLL
3273b98.3b9c: \SystemRoot\System32\KernelBase.dll:
3283b98.3b9c: CreationTime: 2020-03-03T11:41:36.355693900Z
3293b98.3b9c: LastWriteTime: 2020-03-03T11:41:36.425261200Z
3303b98.3b9c: ChangeTime: 2020-03-03T12:31:47.790717900Z
3313b98.3b9c: FileAttributes: 0x20
3323b98.3b9c: Size: 0x2a3508
3333b98.3b9c: NT Headers: 0xf0
3343b98.3b9c: Timestamp: 0xf96f12ee
3353b98.3b9c: Machine: 0x8664 - amd64
3363b98.3b9c: Timestamp: 0xf96f12ee
3373b98.3b9c: Image Version: 10.0
3383b98.3b9c: SizeOfImage: 0x2a3000 (2764800)
3393b98.3b9c: Resource Dir: 0x27d000 LB 0x548
3403b98.3b9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3413b98.3b9c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3423b98.3b9c: ProductName: Microsoft® Windows® Operating System
3433b98.3b9c: ProductVersion: 10.0.18362.628
3443b98.3b9c: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
3453b98.3b9c: FileDescription: Windows NT BASE API Client DLL
3463b98.3b9c: \SystemRoot\System32\apisetschema.dll:
3473b98.3b9c: CreationTime: 2019-03-19T04:43:54.837151500Z
3483b98.3b9c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
3493b98.3b9c: ChangeTime: 2020-03-03T11:42:43.490706700Z
3503b98.3b9c: FileAttributes: 0x20
3513b98.3b9c: Size: 0x1d028
3523b98.3b9c: NT Headers: 0xc8
3533b98.3b9c: Timestamp: 0xd6ced080
3543b98.3b9c: Machine: 0x8664 - amd64
3553b98.3b9c: Timestamp: 0xd6ced080
3563b98.3b9c: Image Version: 10.0
3573b98.3b9c: SizeOfImage: 0x1e000 (122880)
3583b98.3b9c: Resource Dir: 0x1d000 LB 0x408
3593b98.3b9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3603b98.3b9c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3613b98.3b9c: ProductName: Microsoft® Windows® Operating System
3623b98.3b9c: ProductVersion: 10.0.18362.1
3633b98.3b9c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
3643b98.3b9c: FileDescription: ApiSet Schema DLL
3653b98.3b9c: supR3HardenedWinFindAdversaries: 0x1000
3663b98.3b9c: \SystemRoot\System32\drivers\vsdatant.sys:
3673b98.3b9c: CreationTime: 2019-11-27T14:25:40.000000000Z
3683b98.3b9c: LastWriteTime: 2019-11-27T14:25:40.000000000Z
3693b98.3b9c: ChangeTime: 2020-03-05T08:44:55.299372300Z
3703b98.3b9c: FileAttributes: 0x20
3713b98.3b9c: Size: 0x89248
3723b98.3b9c: NT Headers: 0xe8
3733b98.3b9c: Timestamp: 0x5ddd107a
3743b98.3b9c: Machine: 0x8664 - amd64
3753b98.3b9c: Timestamp: 0x5ddd107a
3763b98.3b9c: Image Version: 10.0
3773b98.3b9c: SizeOfImage: 0xad000 (708608)
3783b98.3b9c: Resource Dir: 0xab000 LB 0x3d0
3793b98.3b9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3803b98.3b9c: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
3813b98.3b9c: ProductName: End Point Security
3823b98.3b9c: ProductVersion: R80
3833b98.3b9c: FileVersion: 926003501
3843b98.3b9c: FileDescription: ZoneAlarm Firewalling Driver
3853b98.3b9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3863b98.3b9c: Calling main()
3873b98.3b9c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3883b98.3b9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3893b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3903b98.3b9c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3913b98.3b9c: SUPR3HardenedMain: Respawn #2
3923b98.3b9c: supR3HardNtEnableThreadCreationEx:
3933b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff165b0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
3943b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3953b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3963b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff170f0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3973b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3983b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
3993b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
4003b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4013b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
4023b98.3b9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4033b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
4043b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
4053b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4063b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4073b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4083b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
4093b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
4103b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4113b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4123b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4133b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
4143b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4153b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4163b98.3b9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4173b98.3b9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4183b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
4193b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff173f0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4203b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4213b98.3b9c: supR3HardenedDllNotificationCallback: load 00007fff172e0000 LB 0x000a3000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
4223b98.3b9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4233b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
4243b98.3b9c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4253b98.3b9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
4263b98.3b9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4273b98.3b9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4283b98.3b9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff18080000 'C:\WINDOWS\System32\ntdll.dll'
4293b98.3b9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
4303b98.3b9c: supR3HardenedWinDoReSpawn(2): New child 3660.3664 [kernel32].
4313b98.3b9c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
4323b98.3b9c: supR3HardNtChildGatherData: PebBaseAddress=0000000000536000 cbPeb=0x388
4333b98.3b9c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff18080000 uNtDllChildAddr=00007fff18080000
4343b98.3b9c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff180f17f0
4353b98.3b9c: supR3HardenedWinSetupChildInit: Initial context:
436 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72fe27900 rdx=0000000000536000
437 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
438 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
439 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
440 rip=00007fff180eceb0 rsp=00000000006ffa48 rbp=0000000000000000 ctxflags=0010001b
441 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
442 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
443 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
444 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
445 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4463b98.3b9c: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
4473b98.3b9c: supR3HardenedWinSetupChildInit: Start child.
4483b98.3b9c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4493b98.3b9c: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 32 sleeps
4503b98.3b9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4513b98.3b9c: *0000000000000000-000000000032ffff 0x0001/0x0000 0x0000000
4523b98.3b9c: *0000000000330000-000000000034ffff 0x0004/0x0004 0x0020000
4533b98.3b9c: *0000000000350000-000000000036afff 0x0002/0x0002 0x0040000
4543b98.3b9c: 000000000036b000-000000000036ffff 0x0001/0x0000 0x0000000
4553b98.3b9c: *0000000000370000-0000000000373fff 0x0002/0x0002 0x0040000
4563b98.3b9c: 0000000000374000-000000000037ffff 0x0001/0x0000 0x0000000
4573b98.3b9c: *0000000000380000-0000000000381fff 0x0004/0x0004 0x0020000
4583b98.3b9c: 0000000000382000-00000000003fffff 0x0001/0x0000 0x0000000
4593b98.3b9c: *0000000000400000-0000000000535fff 0x0000/0x0004 0x0020000
4603b98.3b9c: 0000000000536000-0000000000538fff 0x0004/0x0004 0x0020000
4613b98.3b9c: 0000000000539000-00000000005fffff 0x0000/0x0004 0x0020000
4623b98.3b9c: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
4633b98.3b9c: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
4643b98.3b9c: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
4653b98.3b9c: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
4663b98.3b9c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4673b98.3b9c: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
4683b98.3b9c: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
4693b98.3b9c: 000000007ffe3000-00007ff56b8affff 0x0001/0x0000 0x0000000
4703b98.3b9c: *00007ff56b8b0000-00007ff56b8b0fff 0x0002/0x0002 0x0040000
4713b98.3b9c: 00007ff56b8b1000-00007ff56b8bffff 0x0001/0x0000 0x0000000
4723b98.3b9c: *00007ff56b8c0000-00007ff56b8e2fff 0x0002/0x0002 0x0040000
4733b98.3b9c: 00007ff56b8e3000-00007ff72fe1ffff 0x0001/0x0000 0x0000000
4743b98.3b9c: *00007ff72fe20000-00007ff72fe20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4753b98.3b9c: 00007ff72fe21000-00007ff72fe96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4763b98.3b9c: 00007ff72fe97000-00007ff72fe97fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4773b98.3b9c: 00007ff72fe98000-00007ff72fedffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4783b98.3b9c: 00007ff72fee0000-00007ff72fee0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4793b98.3b9c: 00007ff72fee1000-00007ff72fee1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4803b98.3b9c: 00007ff72fee2000-00007ff72fee6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4813b98.3b9c: 00007ff72fee7000-00007ff72fee7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4823b98.3b9c: 00007ff72fee8000-00007ff72fee8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4833b98.3b9c: 00007ff72fee9000-00007ff72feecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4843b98.3b9c: 00007ff72feed000-00007ff72ff35fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4853b98.3b9c: 00007ff72ff36000-00007fff1807ffff 0x0001/0x0000 0x0000000
4863b98.3b9c: *00007fff18080000-00007fff18080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4873b98.3b9c: 00007fff18081000-00007fff18197fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4883b98.3b9c: 00007fff18198000-00007fff181defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4893b98.3b9c: 00007fff181df000-00007fff181eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4903b98.3b9c: 00007fff181eb000-00007fff181f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4913b98.3b9c: 00007fff181fa000-00007fff181fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4923b98.3b9c: 00007fff181fb000-00007fff181fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4933b98.3b9c: 00007fff181fe000-00007fff1826ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4943b98.3b9c: 00007fff18270000-00007ffffffeffff 0x0001/0x0000 0x0000000
4953b98.3b9c: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
4963b98.3b9c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4973b98.3b9c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4983b98.3b9c: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
4993660.3664: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
5003660.3664: supR3HardenedVmProcessInit: uNtDllAddr=00007fff18080000 g_uNtVerCombined=0xa047ba00 (stack ~00000000006ff4d8)
5013b98.3b9c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
5023660.3664: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
5033660.3664: New simple heap: #1 0000000000800000 LB 0x400000 (for 2031616 allocation)
5043b98.3b9c: supR3HardNtEnableThreadCreationEx:
5053660.3664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5063660.3664: System32: \Device\HarddiskVolume3\Windows\System32
5073660.3664: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
5083660.3664: KnownDllPath: C:\WINDOWS\System32
5093660.3664: supR3HardenedVmProcessInit: Opening vboxdrv...
5103660.3664: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5113660.3664: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5123660.3664: Registered Dll notification callback with NTDLL.
5133660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
5143660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
5153660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5163660.3664: supR3HardenedDllNotificationCallback: load 00007fff15cb0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5173660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
5183660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
5193660.3664: supR3HardenedDllNotificationCallback: load 00007fff17700000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5203660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5213660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\KERNEL32.DLL'
5223660.3664: supR3HardenedDllNotificationCallback: load 00007ff72fe20000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5233660.3664: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5243660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5253660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5263660.3664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff180f17f0 pvNtTerminateThread=00007fff1811cb10
5273b98.3b9c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
5283660.3664: \SystemRoot\System32\ntdll.dll:
5293660.3664: CreationTime: 2020-03-03T11:41:35.605689100Z
5303660.3664: LastWriteTime: 2020-03-03T11:41:35.635319900Z
5313660.3664: ChangeTime: 2020-03-03T12:31:49.337223600Z
5323660.3664: FileAttributes: 0x20
5333660.3664: Size: 0x1e8458
5343660.3664: NT Headers: 0xd8
5353660.3664: Timestamp: 0x64d10ee0
5363660.3664: Machine: 0x8664 - amd64
5373660.3664: Timestamp: 0x64d10ee0
5383660.3664: Image Version: 10.0
5393660.3664: SizeOfImage: 0x1f0000 (2031616)
5403660.3664: Resource Dir: 0x17f000 LB 0x6f310
5413660.3664: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5423660.3664: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5433660.3664: ProductName: Microsoft® Windows® Operating System
5443660.3664: ProductVersion: 10.0.18362.657
5453660.3664: FileVersion: 10.0.18362.657 (WinBuild.160101.0800)
5463660.3664: FileDescription: NT Layer DLL
5473660.3664: \SystemRoot\System32\kernel32.dll:
5483660.3664: CreationTime: 2020-03-03T11:41:12.718195400Z
5493660.3664: LastWriteTime: 2020-03-03T11:41:12.728198400Z
5503660.3664: ChangeTime: 2020-03-03T12:31:41.370376000Z
5513660.3664: FileAttributes: 0x20
5523660.3664: Size: 0xb0570
5533660.3664: NT Headers: 0xe8
5543660.3664: Timestamp: 0xd0cecc10
5553660.3664: Machine: 0x8664 - amd64
5563660.3664: Timestamp: 0xd0cecc10
5573660.3664: Image Version: 10.0
5583660.3664: SizeOfImage: 0xb2000 (729088)
5593660.3664: Resource Dir: 0xb0000 LB 0x520
5603660.3664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5613660.3664: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5623660.3664: ProductName: Microsoft® Windows® Operating System
5633660.3664: ProductVersion: 10.0.18362.329
5643660.3664: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
5653660.3664: FileDescription: Windows NT BASE API Client DLL
5663660.3664: \SystemRoot\System32\KernelBase.dll:
5673660.3664: CreationTime: 2020-03-03T11:41:36.355693900Z
5683660.3664: LastWriteTime: 2020-03-03T11:41:36.425261200Z
5693660.3664: ChangeTime: 2020-03-03T12:31:47.790717900Z
5703660.3664: FileAttributes: 0x20
5713660.3664: Size: 0x2a3508
5723660.3664: NT Headers: 0xf0
5733660.3664: Timestamp: 0xf96f12ee
5743660.3664: Machine: 0x8664 - amd64
5753660.3664: Timestamp: 0xf96f12ee
5763660.3664: Image Version: 10.0
5773660.3664: SizeOfImage: 0x2a3000 (2764800)
5783660.3664: Resource Dir: 0x27d000 LB 0x548
5793660.3664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5803660.3664: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5813660.3664: ProductName: Microsoft® Windows® Operating System
5823660.3664: ProductVersion: 10.0.18362.628
5833660.3664: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
5843660.3664: FileDescription: Windows NT BASE API Client DLL
5853660.3664: \SystemRoot\System32\apisetschema.dll:
5863660.3664: CreationTime: 2019-03-19T04:43:54.837151500Z
5873660.3664: LastWriteTime: 2019-03-19T04:43:54.837151500Z
5883660.3664: ChangeTime: 2020-03-03T11:42:43.490706700Z
5893660.3664: FileAttributes: 0x20
5903660.3664: Size: 0x1d028
5913660.3664: NT Headers: 0xc8
5923660.3664: Timestamp: 0xd6ced080
5933660.3664: Machine: 0x8664 - amd64
5943660.3664: Timestamp: 0xd6ced080
5953660.3664: Image Version: 10.0
5963660.3664: SizeOfImage: 0x1e000 (122880)
5973660.3664: Resource Dir: 0x1d000 LB 0x408
5983660.3664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5993660.3664: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6003660.3664: ProductName: Microsoft® Windows® Operating System
6013660.3664: ProductVersion: 10.0.18362.1
6023660.3664: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
6033660.3664: FileDescription: ApiSet Schema DLL
6043660.3664: supR3HardenedWinFindAdversaries: 0x1000
6053660.3664: \SystemRoot\System32\drivers\vsdatant.sys:
6063660.3664: CreationTime: 2019-11-27T14:25:40.000000000Z
6073660.3664: LastWriteTime: 2019-11-27T14:25:40.000000000Z
6083660.3664: ChangeTime: 2020-03-05T08:44:55.299372300Z
6093660.3664: FileAttributes: 0x20
6103660.3664: Size: 0x89248
6113660.3664: NT Headers: 0xe8
6123660.3664: Timestamp: 0x5ddd107a
6133660.3664: Machine: 0x8664 - amd64
6143660.3664: Timestamp: 0x5ddd107a
6153660.3664: Image Version: 10.0
6163660.3664: SizeOfImage: 0xad000 (708608)
6173660.3664: Resource Dir: 0xab000 LB 0x3d0
6183660.3664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6193660.3664: [Raw version resource data: 0xab060 LB 0x36c, codepage 0x0 (reserved 0x0)]
6203660.3664: ProductName: End Point Security
6213660.3664: ProductVersion: R80
6223660.3664: FileVersion: 926003501
6233660.3664: FileDescription: ZoneAlarm Firewalling Driver
6243660.3664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6253660.3664: Calling main()
6263660.3664: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6273660.3664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6283660.3664: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6293660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6303660.3664: SUPR3HardenedMain: Final process, opening VBoxDrv...
6313660.3664: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
6323660.3664: supR3HardNtEnableThreadCreationEx:
6333660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6343660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6353660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6363660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6373660.3664: supR3HardenedDllNotificationCallback: load 00007ffeee730000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6383660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6393660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6403660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6413660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6423660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6433660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6443660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6463660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6473660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6483660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
6493660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6503660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
6513660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
6523660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6533660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6543660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6553660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6563660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6583660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
6593660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
6603660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6613660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6623660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6633660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
6643660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
6653660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6673660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
6683660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6693660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6703660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6713660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6723660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6733660.3664: supR3HardenedDllNotificationCallback: load 00007fff173f0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
6743660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6753660.3664: supR3HardenedDllNotificationCallback: load 00007fff14ff0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
6763660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6773660.3664: supR3HardenedDllNotificationCallback: load 00007fff15a30000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
6783660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
6793660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
6803660.3664: supR3HardenedDllNotificationCallback: load 00007fff15f90000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
6813660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6823660.3664: supR3HardenedDllNotificationCallback: load 00007fff165b0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6833660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6843660.3664: supR3HardenedDllNotificationCallback: load 00007fff15930000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
6853660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6863660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6873660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6883660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
6893660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6903660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6913660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
6923660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6933660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6943660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
6953660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6963660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6973660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
6983660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6993660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-1'
7013660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\system32\Wintrust.dll'
7023660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
7033660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
7043660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7053660.3664: supR3HardenedDllNotificationCallback: load 00007fff15f60000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
7063660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7073660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f60000 'C:\WINDOWS\system32\bcrypt.dll'
7083660.3664: bcrypt.dll loaded at 00007fff15f60000, BCryptOpenAlgorithmProvider at 00007fff15f64c70, preloading providers:
7093660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
7103660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
7113660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7123660.3664: supR3HardenedDllNotificationCallback: load 00007fff15b30000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
7133660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7143660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15b30000 'C:\WINDOWS\system32\bcryptprimitives.dll'
7153660.3664: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000d2a3d0)
7163660.3664: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000d2fad0)
7173660.3664: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000d2fdd0)
7183660.3664: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000d300d0)
7193660.3664: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000d303d0)
7203660.3664: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000d306d0)
7213660.3664: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000d309d0)
7223660.3664: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000d30cd0)
7233660.3664: supR3HardenedDllNotificationCallback: load 00007fff15c90000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
7243660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
7253660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
7263660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
7273660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
7283660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
7293660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7313660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7323660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7333660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7343660.3664: supR3HardenedDllNotificationCallback: load 00007fff142f0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
7353660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7363660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
7373660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7383660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
7393660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
7403660.3664: supR3HardenedDllNotificationCallback: load 00007fff148f0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7413660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7423660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7433660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7443660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7453660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7463660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7473660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
7483660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7493660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7503660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\System32\WINTRUST.DLL'
7513660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7523660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7533660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\CRYPT32.dll'
7543660.3664: supR3HardenedDllNotificationCallback: load 00007fff17eb0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
7553660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
7563660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
7573660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
7583660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7593660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7603660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7613660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7623660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7633660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
7643660.3664: supR3HardenedDllNotificationCallback: load 00007fff170f0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7653660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
7663660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
7673660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
7683660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7693660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7703660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
7713660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
7723660.3664: supR3HardenedDllNotificationCallback: load 00007fff139d0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
7733660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7743660.3664: supR3HardenedDllNotificationCallback: load 00007fff14fd0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
7753660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
7763660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
7773660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7783660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
7793660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
7803660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7813660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7823660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7833660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7843660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7853660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7863660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7893660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7923660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7933660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7943660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7953660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7963660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7973660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7983660.3664: supR3HardenedDllNotificationCallback: load 00007ffee9790000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
7993660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8003660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8013660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8023660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8033660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8043660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8053660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8063660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8073660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8083660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8093660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8103660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8113660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8123660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8133660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8143660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8153660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8163660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8173660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8183660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8193660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8203660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8213660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8223660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8233660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8243660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8253660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8263660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8273660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8283660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\WINDOWS\System32\cryptnet.dll'
8293660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee9790000 'C:\Windows\System32\cryptnet.dll'
8313660.3664: supR3HardenedDllNotificationCallback: load 00007fff172e0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
8323660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8333660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8343660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8353660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8363660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8373660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8403660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8413660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8433660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8443660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8453660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8463660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8473660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8483660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8493660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8503660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8513660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8523660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8533660.3664: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001514c60
8543660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
8553660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95FD49F93AE6ADF9D4DE48632E3114C0D5FFE7A0
8563660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8573660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8583660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff165b0000 'C:\WINDOWS\System32\rpcrt4.dll'
8593660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8603660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8613660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8623660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8633660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8643660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8653660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\SystemRoot\System32\ntdll.dll'
8663660.3664: g_pfnWinVerifyTrust=00007fff159361f0
8673660.3664: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8683660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8693660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8703660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8713660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8723660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8733660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8743660.3664: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
8753660.3664: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8763660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8773660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8783660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8793660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8803660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8813660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8823660.3664: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
8833660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8843660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8863660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8873660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
8883660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8893660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
8903660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
8913660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
8923660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8933660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
8943660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
8953660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8963660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8973660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8983660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8993660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9013660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
9023660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9033660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9043660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9053660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
9063660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9073660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9083660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9093660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
9103660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9113660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9123660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9133660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
9143660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9153660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9163660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9173660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
9183660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9193660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9203660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9213660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9223660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9233660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
9243660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9253660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9263660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9273660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9283660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
9293660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9313660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
9323660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9333660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9343660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
9353660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9363660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
9383660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9393660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9403660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
9413660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9433660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
9443660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9463660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
9473660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9483660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9493660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9503660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
9513660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9523660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9533660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
9543660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
9553660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
9563660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
9573660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\system32\crypt32.dll'
9583660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9593660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9603660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9613660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xbdcefb66ec78c600 C=US, ST=California, O=Kofax, OU=Atalasoft, CN=Kofax Web Capture Service
9623660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9633660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9643660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9653660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9663660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
9673660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9683660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9693660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
9703660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
9713660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
9723660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
9733660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9743660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
9753660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
9763660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
9773660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9783660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xfb700f54a232be00 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
9793660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
9803660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9813660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9823660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9833660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9843660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
9853660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
9863660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
9873660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9883660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9893660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9903660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9913660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9923660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9933660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
9943660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9953660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9963660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9973660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9983660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
9993660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10003660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10013660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10023660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10033660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
10043660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
10053660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
10063660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
10073660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
10083660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10093660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10103660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10113660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
10123660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10133660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10143660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10153660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
10163660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10173660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10183660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x9084fc5c3c87ab00 DC=local, DC=docspro, CN=docspro-VSRV01-CA
10193660.3664: supR3HardenedWinIsDesiredRootCA: Adding 0x8dd52735f63dc800 DC=local, DC=docspro, CN=Docpro CA
10203660.3664: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=62
10213660.3664: SUPR3HardenedMain: Load Runtime...
10223660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
10233660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10243660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10253660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10263660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10273660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10283660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10293660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10313660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
10323660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
10333660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10343660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
10353660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10363660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10383660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10403660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10413660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10433660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10443660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
10453660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10463660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10473660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10483660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10493660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10503660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10513660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10523660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10533660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
10543660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
10553660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
10563660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10573660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10583660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10593660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10603660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10613660.3664: supR3HardenedDllNotificationCallback: load 000000005bac0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10623660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10633660.3664: supR3HardenedDllNotificationCallback: load 000000005af40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
10643660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10653660.3664: supR3HardenedDllNotificationCallback: load 00007fff166d0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
10663660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10673660.3664: supR3HardenedDllNotificationCallback: load 00007ffece350000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10683660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10693660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10703660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10713660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10723660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10733660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10743660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10753660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10763660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10773660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10783660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10793660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10803660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10813660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10823660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10833660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10843660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10853660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10863660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10873660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10883660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10893660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10903660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10913660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10923660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10933660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10943660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10953660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10963660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10973660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10983660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10993660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11003660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11013660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11023660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11033660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11043660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11053660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11063660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11073660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11083660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11093660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11103660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11113660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11133660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11143660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11153660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11163660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11173660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11183660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11193660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11203660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11213660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11223660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11233660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11243660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11253660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11263660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11273660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11283660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11293660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11303660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11313660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11323660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11333660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11343660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11353660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11363660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11383660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11393660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11403660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11413660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11423660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11433660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11443660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11453660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11463660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11473660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11483660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11493660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11503660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11513660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11523660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11533660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11543660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11553660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11563660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11573660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11583660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11593660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11603660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11613660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11623660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11633660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11643660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11653660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11663660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11673660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11683660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11693660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11703660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11713660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11723660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11733660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11743660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11753660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11763660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11773660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11783660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11793660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11803660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11813660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11823660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11833660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11843660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11863660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11873660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11883660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11893660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11903660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11913660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11923660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11933660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11943660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11953660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11963660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11973660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11983660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11993660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12013660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12023660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12033660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12043660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12053660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12063660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12073660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12083660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12093660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12103660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12113660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12133660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12143660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12153660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12163660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12173660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12183660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12193660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12203660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12213660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12223660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12233660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12243660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12253660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12263660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12273660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12283660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12293660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12303660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12313660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12323660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12333660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12343660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12353660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12363660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12373660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12383660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12393660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12403660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12413660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12433660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12443660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12463660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
12473660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
12483660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
12493660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12503660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15930000 'C:\WINDOWS\system32\Wintrust.dll'
12513660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12523660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12533660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
12543660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
12553660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
12563660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
12573660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\system32\crypt32.dll'
12583660.3664: SUPR3HardenedMain: Load TrustedMain...
12593660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
12603660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12613660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
12623660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12633660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12643660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12653660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12663660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12673660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12683660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12693660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12703660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12713660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12723660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12733660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12743660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12753660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12763660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12773660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
12783660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
12793660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
12803660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12813660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
12823660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
12833660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12843660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12853660.3664: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ef 47 54 52 b6 1c 06 f2 a1 42 cf 9f 72 06 00 00)
12863660.3664: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
12873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12893660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
12923660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
12933660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12943660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
12953660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
12963660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12973660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12983660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12993660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
13003660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13013660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13023660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
13033660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13043660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13053660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13063660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
13073660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13093660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13103660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13113660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13123660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13133660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13143660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
13153660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13163660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
13173660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
13183660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
13193660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13213660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
13223660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
13233660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13243660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13253660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13263660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
13273660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13293660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
13303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
13313660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
13323660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
13333660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
13343660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
13353660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13363660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13403660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13413660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13433660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13443660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
13453660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13463660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13473660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13483660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13493660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13503660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13513660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13523660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
13533660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13543660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13553660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13563660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13583660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13593660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
13603660.3664: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
13613660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
13623660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
13633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13643660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13653660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13673660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13683660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13693660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
13703660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
13713660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13723660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13733660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
13743660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13753660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13763660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13773660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13783660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13793660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13803660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13813660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13823660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
13833660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13843660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13853660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13863660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13873660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13883660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13893660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13923660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13933660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13943660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13953660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13963660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13973660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13983660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13993660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14003660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14013660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14023660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14033660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14043660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14053660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14063660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14073660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14093660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14103660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14113660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14123660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14133660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14143660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14153660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14163660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14173660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14183660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14193660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14213660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14223660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14233660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14243660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14253660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14263660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14273660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14283660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14293660.3664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14303660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14313660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14323660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14333660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14343660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14353660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14363660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14393660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
14403660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
14413660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
14423660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
14433660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14443660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14453660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14463660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14473660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14483660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14493660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14503660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14513660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14523660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14533660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14543660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14553660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14563660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14583660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14593660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14603660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14613660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14623660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14643660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14653660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14673660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14683660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14693660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14703660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14713660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14723660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14733660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
14743660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14753660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14763660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14773660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14783660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14793660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
14803660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14813660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14823660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14833660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14843660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14853660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14863660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14893660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14923660.3664: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
14933660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
14943660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
14953660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14963660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14973660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14983660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14993660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15003660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15013660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15023660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15033660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15043660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15053660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15063660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15073660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15093660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15103660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15113660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15123660.3664: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
15133660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15143660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15153660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
15163660.3664: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
15173660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
15183660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15193660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15203660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15213660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15223660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15233660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15243660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15253660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15263660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15273660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15293660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15313660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15323660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15333660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15343660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15353660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15363660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15383660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15403660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15413660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15433660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15443660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
15463660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15473660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15483660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15493660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15503660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15513660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15523660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15533660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15543660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15553660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15563660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15583660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15593660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15603660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15613660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15623660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15643660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15653660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15673660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15683660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15693660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15703660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15713660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15723660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15733660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15743660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15753660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15763660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15773660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15783660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
15793660.3664: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15803660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15813660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15823660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15833660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
15843660.3664: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15853660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15863660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15873660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15893660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15903660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15923660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15933660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15943660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15953660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
15963660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15973660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15983660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15993660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16003660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
16013660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16023660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16033660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16043660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16053660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
16063660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
16073660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16093660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16103660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16113660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
16123660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
16133660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
16143660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
16153660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16163660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16173660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16183660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16193660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16213660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16223660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16233660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16243660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16253660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16263660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16273660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16283660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16293660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16313660.3664: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16323660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16333660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16343660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16353660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16363660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16373660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16403660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16413660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
16433660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
16443660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16453660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16463660.3664: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16473660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16483660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16493660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16503660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16513660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16523660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16533660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16543660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16553660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16563660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16573660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16583660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16593660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16603660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
16613660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
16623660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
16633660.3664: supR3HardenedDllNotificationCallback: load 00007fff15bb0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
16643660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16653660.3664: supR3HardenedDllNotificationCallback: load 00007fff15990000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
16663660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16673660.3664: supR3HardenedDllNotificationCallback: load 00007fff15010000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
16683660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16693660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16703660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16713660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16723660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
16733660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
16743660.3664: supR3HardenedDllNotificationCallback: load 00007fff17ee0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
16753660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16763660.3664: supR3HardenedDllNotificationCallback: load 00007fff16130000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
16773660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16783660.3664: supR3HardenedDllNotificationCallback: load 00007fff16da0000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
16793660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16803660.3664: supR3HardenedDllNotificationCallback: load 00007fff160e0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
16813660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
16823660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
16833660.3664: supR3HardenedDllNotificationCallback: load 00007fff13a50000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
16843660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
16853660.3664: supR3HardenedDllNotificationCallback: load 00007ffef8710000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16863660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16873660.3664: supR3HardenedDllNotificationCallback: load 00007ffef8810000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16883660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16893660.3664: supR3HardenedDllNotificationCallback: load 00007fff16cf0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
16903660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16913660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
16923660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
16933660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
16943660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
16953660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f50000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
16963660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
16973660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
16983660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f80000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
16993660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
17003660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
17013660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
17023660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
17033660.3664: supR3HardenedDllNotificationCallback: load 00007fff176a0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
17043660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17053660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
17063660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
17073660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
17083660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
17093660.3664: supR3HardenedDllNotificationCallback: load 00007fff14f60000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
17103660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
17113660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
17123660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
17133660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
17143660.3664: supR3HardenedDllNotificationCallback: load 00007fff151b0000 LB 0x0077f000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
17153660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
17163660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
17173660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
17183660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
17193660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
17203660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
17213660.3664: supR3HardenedDllNotificationCallback: load 00007fff177c0000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
17223660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
17233660.3664: supR3HardenedDllNotificationCallback: load 00007fff17540000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
17243660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17253660.3664: supR3HardenedDllNotificationCallback: load 00007ffefaca0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
17263660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17273660.3664: supR3HardenedDllNotificationCallback: load 000000005b550000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17283660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17293660.3664: supR3HardenedDllNotificationCallback: load 00007ffecdd50000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17303660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17313660.3664: supR3HardenedDllNotificationCallback: load 000000005afe0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17323660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
17333660.3664: supR3HardenedDllNotificationCallback: load 00007fff17190000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
17343660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17353660.3664: supR3HardenedDllNotificationCallback: load 00007ffecba30000 LB 0x02314000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
17363660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
17373660.3664: supR3HardenedDllNotificationCallback: load 000000005aee0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
17383660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17393660.3664: supR3HardenedDllNotificationCallback: load 00007fff08d40000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17403660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17413660.3664: supR3HardenedDllNotificationCallback: load 00007fff08dd0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
17423660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17433660.3664: supR3HardenedDllNotificationCallback: load 00007ffec8c30000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
17443660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
17453660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
17463660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
17473660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
17483660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
17493660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
17503660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
17513660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
17523660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
17533660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
17543660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
17553660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
17563660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
17573660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
17583660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
17593660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17603660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17613660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
17623660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
17633660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17643660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17653660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17663660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17673660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17683660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17693660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17703660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17713660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17723660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17733660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17743660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17753660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17763660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17773660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17783660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17793660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17803660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17813660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
17823660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
17833660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17843660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17853660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17863660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
17873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17893660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17913660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17923660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17933660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17943660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17953660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17963660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
17973660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17983660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
17993660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18003660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18013660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18023660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18033660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18043660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18053660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18063660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18073660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18093660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18103660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18113660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18123660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18133660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18143660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18153660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
18163660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
18173660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
18183660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
18193660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll
18203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18213660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18223660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18233660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18243660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
18253660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18263660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
18273660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18293660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
18303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18313660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18323660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18333660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18343660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18353660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18363660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18393660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18403660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18413660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18433660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18443660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18453660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18463660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18473660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18483660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18493660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18503660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18513660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
18523660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18533660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18543660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18553660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18563660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18583660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18593660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18603660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18613660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
18623660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18633660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
18643660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
18653660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
18663660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
18673660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
18683660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
18693660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
18703660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
18713660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
18723660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
18733660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
18743660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
18753660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
18763660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
18773660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
18783660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18793660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18803660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
18813660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
18823660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18833660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18843660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18853660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18863660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18873660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18883660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18893660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18903660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18913660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18923660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18933660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18943660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18953660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18963660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18973660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18983660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18993660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19003660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
19013660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
19023660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
19033660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
19043660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
19053660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
19063660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
19073660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
19083660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
19093660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
19103660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
19113660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
19123660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
19133660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
19143660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
19153660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
19163660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19173660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19183660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
19193660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
19203660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19213660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19223660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19233660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19243660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19253660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19263660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19273660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19283660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19293660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19303660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19313660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19323660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19333660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19343660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19353660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19363660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19383660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
19393660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
19403660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
19413660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-string-l1-1-0'
19433660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
19443660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
19453660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
19463660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
19473660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
19483660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
19493660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
19503660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
19513660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
19523660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
19533660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
19543660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
19553660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
19563660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
19573660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19583660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19593660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
19603660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
19613660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19623660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19633660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19643660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19653660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19663660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19673660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19683660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19693660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19703660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19713660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19723660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19733660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19743660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19753660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19763660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19773660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19783660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19793660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
19803660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
19813660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
19823660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
19833660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
19843660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
19853660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
19863660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
19873660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
19883660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
19893660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
19903660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
19913660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
19923660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
19933660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
19943660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
19953660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19963660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19973660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
19983660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
19993660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
20003660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
20013660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
20023660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
20033660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
20043660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
20053660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20063660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20073660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
20083660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
20093660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
20103660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
20113660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
20123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
20133660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
20143660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
20153660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
20163660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
20173660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
20183660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
20193660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
20203660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20213660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-datetime-l1-1-1'
20223660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
20233660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
20243660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
20253660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
20263660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
20273660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
20283660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
20293660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
20303660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
20313660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
20323660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
20333660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
20343660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
20353660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
20363660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
20373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
20383660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
20393660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
20403660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
20413660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
20423660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
20433660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
20443660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
20453660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
20463660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20473660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20483660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
20493660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
20503660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
20513660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
20523660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
20533660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
20543660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
20553660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
20563660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
20573660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
20583660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
20593660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
20603660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
20613660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
20623660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
20633660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
20643660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
20653660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
20663660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
20673660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
20683660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
20693660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
20703660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
20713660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
20723660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
20733660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
20743660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
20753660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
20763660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
20773660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
20783660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
20793660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
20803660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
20813660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
20823660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
20833660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
20843660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20853660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20863660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
20873660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
20883660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
20893660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
20903660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
20913660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
20923660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
20933660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
20943660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
20953660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
20963660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
20973660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
20983660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
20993660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-obsolete-l1-2-0'
21013660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
21023660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
21033660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
21043660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
21053660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
21063660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
21073660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
21083660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
21093660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
21103660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
21113660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
21123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
21133660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21143660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21153660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
21163660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
21173660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
21183660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
21193660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
21203660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
21213660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
21223660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
21233660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
21243660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
21253660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21263660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21273660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21283660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
21293660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
21303660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
21313660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
21323660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
21333660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
21343660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
21353660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21363660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
21373660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
21383660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
21393660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
21403660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
21413660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
21423660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
21433660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
21443660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
21453660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
21463660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
21473660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
21483660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
21493660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
21503660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
21513660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21523660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21533660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
21543660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
21553660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
21563660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
21573660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
21583660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
21593660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
21603660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
21613660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
21623660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
21633660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21643660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21653660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21663660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
21673660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
21683660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
21693660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
21703660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
21713660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
21723660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
21733660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21743660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
21753660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
21763660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
21773660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
21783660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
21793660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
21803660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
21813660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
21823660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21833660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21843660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21853660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21863660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
21873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21893660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
21903660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
21913660.3664: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
21923660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21933660.3664: supR3HardenedDllNotificationCallback: load 00007fff162d0000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
21943660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
21953660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff162d0000 'C:\WINDOWS\system32\IMM32.DLL'
21963660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
21973660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
21983660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
21993660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
22003660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
22013660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
22023660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
22033660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
22043660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
22053660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
22063660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
22073660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
22083660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
22093660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
22103660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
22113660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
22123660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22133660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22143660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
22153660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
22163660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
22173660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
22183660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
22193660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
22203660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
22213660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
22223660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22233660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22243660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
22253660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
22263660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
22273660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
22283660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
22293660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
22303660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
22313660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
22323660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
22333660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
22343660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
22353660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
22363660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
22373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
22383660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
22393660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
22403660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
22413660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
22423660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
22433660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
22443660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
22453660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
22463660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
22473660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
22483660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
22493660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
22503660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
22513660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
22523660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22533660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22543660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
22553660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
22563660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
22573660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
22583660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
22593660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
22603660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
22613660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
22623660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22633660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22643660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
22653660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
22663660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
22673660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
22683660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
22693660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
22703660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
22713660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
22723660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
22733660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
22743660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
22753660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
22763660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
22773660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22783660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
22793660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
22803660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
22813660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
22823660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
22833660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
22843660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
22853660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
22863660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
22873660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
22883660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
22893660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
22903660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
22913660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
22923660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
22933660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
22943660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
22953660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22963660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22973660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
22983660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
22993660.3664: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
23003660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
23013660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
23023660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
23033660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
23043660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
23053660.3664: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
23063660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23073660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
23083660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
23093660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
23103660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
23113660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
23123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
23133660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
23143660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
23153660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
23163660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
23173660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
23183660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
23193660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8c30000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
23203660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23213660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23223660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
23233660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23243660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23253660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
23263660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23273660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23283660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
23293660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23313660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
23323660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23333660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23343660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
23353660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23363660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23373660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
23383660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23393660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23403660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
23413660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23433660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
23443660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23463660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
23473660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23483660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23493660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'
23503660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
23513660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
23523660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
23533660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
23543660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23553660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23563660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
23573660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23583660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
23593660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23603660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23613660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
23623660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23633660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23643660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
23653660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23663660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
23673660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23683660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23693660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
23703660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23713660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23723660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
23733660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23743660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23753660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
23763660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23773660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23783660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
23793660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23803660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23813660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
23823660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
23833660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23843660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
23863660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
23873660.3664: SUPR3HardenedMain: Calling TrustedMain (00007ffec8c316c0)...
23883660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
23893660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
23903660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
23913660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23923660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
23933660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
23943660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23953660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
23963660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
23973660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
23983660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
23993660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
24003660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
24013660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24023660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24033660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24043660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24053660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24063660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24073660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24093660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24103660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24113660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24123660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
24133660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24143660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24153660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24163660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24173660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24183660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24193660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24213660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24223660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24233660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24243660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
24253660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24263660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24273660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24293660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
24303660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24313660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24323660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24333660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24343660.3664: supR3HardenedDllNotificationCallback: load 00007ffecb8a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
24353660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24363660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb8a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
24373660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ec pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24383660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
24393660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
24403660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
24413660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
24423660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
24433660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
24443660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24453660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24463660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
24473660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
24483660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
24493660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24503660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24513660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24523660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24533660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24543660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24553660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24563660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24573660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24583660.3664: supR3HardenedDllNotificationCallback: load 00007fff0f820000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
24593660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24603660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0f820000 'C:\WINDOWS\system32\uxtheme.dll'
24613660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'C:\WINDOWS\system32\user32.dll'
24623660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24633660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24643660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
24653660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
24663660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24673660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16cf0000 'C:\WINDOWS\system32\SHCore.dll'
24683660.3664: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
24693660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
24703660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24713660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24723660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08dd0000 'C:\WINDOWS\system32\winmm.dll'
24733660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24743660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24753660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff08dd0000 'C:\WINDOWS\system32\winmm.dll'
24763660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24773660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24783660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
24793660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24803660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24813660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0f820000 'C:\WINDOWS\system32\uxtheme.dll'
24823660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
24833660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24843660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\system32\advapi32.dll'
24853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
24863660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
24873660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
24883660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
24893660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
24903660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
24913660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
24923660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
24933660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
24943660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24953660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24963660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24973660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
24983660.3664: supR3HardenedDllNotificationCallback: load 00007fff14e70000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
24993660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
25003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff14e70000 'C:\WINDOWS\system32\userenv.dll'
25013660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
25023660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25033660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17700000 'C:\WINDOWS\System32\kernel32.dll'
25043660.3664: supR3HardenedDllNotificationCallback: load 00007fff17490000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
25053660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25063660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
25073660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
25083660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
25093660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25103660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25113660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25123660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25133660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
25143660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
25153660.3b94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
25163660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
25173660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25183660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25193660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25203660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25213660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25223660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25233660.3b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
25243660.3b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
25253660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25263660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25273660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
25283660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25293660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25303660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
25313660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25323660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25333660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
25343660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25353660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25363660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25373660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25383660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
25393660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25403660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25413660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25423660.3b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
25433660.3b94: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25443660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
25453660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25463660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
25473660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25483660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25493660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25503660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
25513660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25523660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25533660.3b94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
25543660.3b94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
25553660.3b94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25563660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25573660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25583660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25593660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25603660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
25613660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25623660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25633660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
25643660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25653660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25663660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
25673660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25683660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25693660.3b94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
25703660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25713660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25723660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25733660.3b94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25743660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25753660.3b94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25763660.3b94: supR3HardenedDllNotificationCallback: load 00007ffecb7b0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
25773660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25783660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb7b0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
25793660.3b94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
25803660.3b94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25813660.3b94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17190000 'C:\Windows\System32\oleaut32.dll'
25823660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17ee0000 'C:\WINDOWS\system32\gdi32.dll'
25833660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
25843660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
25863660.3664: supR3HardenedDllNotificationCallback: load 00007fff16bb0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
25873660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25883660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
25893660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
25903660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
25913660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
25923660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
25933660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
25943660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
25953660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25963660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25973660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
25983660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
25993660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
26003660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26013660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26023660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26033660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26043660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
26053660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26063660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26073660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
26083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26093660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26103660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
26113660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
26123660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
26133660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000095c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
26143660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
26153660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
26163660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
26173660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
26183660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
26193660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
26203660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26213660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26223660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
26233660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
26243660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
26253660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
26263660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
26273660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
26283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
26293660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
26303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
26313660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
26323660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
26333660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
26343660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
26353660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
26363660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
26373660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
26383660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26393660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26403660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
26413660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26423660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26433660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
26443660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
26453660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
26463660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26473660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
26483660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
26493660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
26503660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
26513660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26523660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26533660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
26543660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26553660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26563660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
26573660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26583660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26593660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26603660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26613660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
26623660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
26633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
26643660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
26653660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
26663660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26673660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
26683660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
26693660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
26703660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26713660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26723660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
26733660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26743660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26753660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26763660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26773660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26783660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
26793660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
26803660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
26813660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
26823660.3664: supR3HardenedDllNotificationCallback: load 00007fff13ae0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
26833660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
26843660.3664: supR3HardenedDllNotificationCallback: load 00007fff0e160000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
26853660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
26863660.3664: supR3HardenedDllNotificationCallback: load 00007fff0ea90000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
26873660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
26883660.3664: supR3HardenedDllNotificationCallback: load 00007ffee1e60000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
26893660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
26903660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17ee0000 'C:\WINDOWS\System32\gdi32.dll'
26913660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee1e60000 'C:\WINDOWS\system32\dataexchange.dll'
26923660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
26933660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
26943660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
26953660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
26963660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
26973660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
26983660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26993660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
27003660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
27013660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
27023660.3664: supR3HardenedDllNotificationCallback: load 00007fff131f0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
27033660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
27043660.3664: supR3HardenedDllNotificationCallback: load 00007fff12e70000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
27053660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
27063660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27073660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27083660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27093660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27103660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27113660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27123660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
27133660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27143660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27153660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
27163660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27173660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27183660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
27193660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
27203660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
27213660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
27223660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
27233660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
27243660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
27253660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
27263660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27273660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
27283660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
27293660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
27303660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27313660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16cf0000 'C:\WINDOWS\system32\Shcore.dll'
27323660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27333660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
27343660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
27353660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
27363660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
27373660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
27383660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27393660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
27403660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
27413660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
27423660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
27433660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27443660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
27453660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
27463660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
27473660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
27483660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
27493660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
27503660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
27513660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
27523660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
27533660.3664: supR3HardenedDllNotificationCallback: load 00007fff13db0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
27543660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
27553660.3664: supR3HardenedDllNotificationCallback: load 00007fff0e840000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
27563660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
27573660.3664: supR3HardenedDllNotificationCallback: load 00007fff0d1e0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
27583660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
27593660.3664: supR3HardenedDllNotificationCallback: load 00007fff07c10000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
27603660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
27613660.3664: supR3HardenedDllNotificationCallback: load 00007fff02120000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
27623660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
27633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
27643660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
27653660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
27663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27673660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27683660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27693660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27703660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
27713660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27723660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27733660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
27743660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
27753660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
27763660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
27773660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
27783660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
27793660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27803660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27813660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
27823660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
27833660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
27843660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
27853660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
27863660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
27873660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27883660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27893660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27903660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27913660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
27923660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
27933660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
27943660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
27953660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
27963660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
27973660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
27983660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
27993660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
28003660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28013660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28023660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
28033660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28043660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28053660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
28063660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
28073660.3664: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28083660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
28093660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
28103660.3664: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28113660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16130000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
28123660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
28133660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28143660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16da0000 'api-ms-win-core-com-l1-1-0.dll'
28153660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28163660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll)
28173660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll
28183660.3664: supR3HardenedDllNotificationCallback: load 00007fff01e40000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
28193660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
28203660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28213660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28223660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28233660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28243660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll'
28253660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
28263660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28273660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16bb0000 'C:\WINDOWS\System32\MSCTF.dll'
28283660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
28293660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28303660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17540000 'C:\WINDOWS\System32\ole32.dll'
28313660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
28323660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28333660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff17190000 'C:\WINDOWS\System32\OLEAUT32.dll'
28343660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
28353660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
28363660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
28373660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
28383660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28393660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28403660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
28413660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28423660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28433660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
28443660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
28453660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
28463660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
28473660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
28483660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
28493660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
28503660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
28513660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
28523660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
28533660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28543660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28553660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
28563660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28573660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28583660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
28593660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
28603660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
28613660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
28623660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28633660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28643660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
28653660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28663660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28673660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28683660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28693660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
28703660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
28713660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
28723660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
28733660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28743660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28753660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28763660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
28773660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
28783660.3664: supR3HardenedDllNotificationCallback: load 00007fff03370000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
28793660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
28803660.3664: supR3HardenedDllNotificationCallback: load 00007fff031b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
28813660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
28823660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
28833660.3664: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28843660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
28853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff031b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
28863660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000adc pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
28873660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
28883660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
28893660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
28903660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
28913660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
28923660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
28933660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28943660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28953660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
28963660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
28973660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
28983660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28993660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29003660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29013660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29023660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29033660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
29043660.3664: supR3HardenedDllNotificationCallback: load 00007fff02b80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
29053660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
29063660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02b80000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
29073660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
29083660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29093660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-0.dll'
29103660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
29113660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29123660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
29133660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
29143660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
29153660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
29163660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
29173660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
29183660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
29193660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
29203660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29213660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29223660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
29233660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
29243660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
29253660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29263660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29273660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
29283660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29293660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29303660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29313660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
29323660.3664: supR3HardenedDllNotificationCallback: load 00007fff02ba0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
29333660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
29343660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02ba0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
29353660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
29363660.3664: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
29373660.3664: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
29383660.3664: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
29393660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
29403660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
29413660.3664: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
29423660.3664: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29433660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29443660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
29453660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
29463660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
29473660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
29483660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
29493660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
29503660.3664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
29513660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29523660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29533660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29543660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29553660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29563660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
29573660.3664: supR3HardenedDllNotificationCallback: load 00007fff028d0000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
29583660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
29593660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff028d0000 'C:\WINDOWS\System32\amsi.dll'
29603660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
29613660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
29623660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
29633660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
29643660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
29653660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll) WinVerifyTrust
29663660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
29673660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29683660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29693660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29703660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29713660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29723660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29733660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29743660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
29753660.3664: supR3HardenedDllNotificationCallback: load 00007fff027f0000 LB 0x00078000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll [fFlags=0x0]
29763660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpOAV.dll
29773660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29783660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29793660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
29803660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
29813660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29823660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
29833660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29843660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29853660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-synch-l1-2-0'
29863660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
29873660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29883660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-fibers-l1-1-1'
29893660.3664: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
29903660.3664: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29913660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15cb0000 'api-ms-win-core-localization-l1-2-1'
29923660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
29933660.3664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29943660.3664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
29953660.3664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
29963660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29973660.3664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29983660.3664: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29993660.3664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
30003660.3664: supR3HardenedDllNotificationCallback: load 00007fff140e0000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
30013660.3664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
30023660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff140e0000 'C:\WINDOWS\system32\version.dll'
30033660.3664: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
30043660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
30053660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff027f0000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll'
30063660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30073660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
30083660.3664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
30093660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff172e0000 'C:\WINDOWS\System32\ADVAPI32.dll'
30103660.3860: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30113660.3860: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30123660.3860: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30133660.3860: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
30143660.3860: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30153660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30163660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30173660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30183660.3860: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30193660.3860: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30203660.3860: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30213660.3860: supR3HardenedDllNotificationCallback: load 00007ffec8770000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
30223660.3860: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30233660.3860: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30243660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30253660.3a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30263660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30273660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30283660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
30293660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
30303660.3a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30313660.3a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
30323660.3a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30333660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30343660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30353660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30363660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30373660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30383660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30393660.3a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30403660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30413660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30423660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30433660.3a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30443660.3a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30453660.3a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30463660.3a04: supR3HardenedDllNotificationCallback: load 00007ffee7230000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
30473660.3a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30483660.3a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7230000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
30493660.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30503660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30513660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30523660.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30533660.39f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
30543660.39f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30553660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30563660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30573660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30583660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30593660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30603660.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30613660.39f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30623660.39f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30633660.39f8: supR3HardenedDllNotificationCallback: load 00007ffee71e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
30643660.39f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30653660.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee71e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
30663660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
30673660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30683660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\Shell32.dll'
30693660.3828: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30703660.3828: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001514c60
30713660.3828: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001514c60
30723660.3828: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F44CBC4BAFE3CCCC07F920C1E6C13E8202CB0B4C
30733660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30743660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
30753660.3828: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
30763660.3828: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30773660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
30783660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
30793660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30803660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
30813660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
30823660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30833660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
30843660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
30853660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
30863660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30873660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30883660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30893660.3828: supR3HardenedDllNotificationCallback: load 00007ffef6c10000 LB 0x00019000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
30903660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30913660.3828: supR3HardenedDllNotificationCallback: load 00007ffec8e70000 LB 0x00024000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
30923660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
30933660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8e70000 'C:\WINDOWS\system32\WinHvPlatform.dll'
30943660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
30953660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30963660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6c10000 'C:\WINDOWS\system32\vid.dll'
30973660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
30983660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
30993660.3828: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
31003660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
31013660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31023660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31033660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff18080000 'C:\WINDOWS\system32\NTDLL.DLL'
31043660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31053660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31063660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31073660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31083660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31093660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
31103660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
31113660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31123660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31133660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
31143660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
31153660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
31163660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
31173660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
31183660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31193660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31203660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31213660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
31223660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
31233660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
31243660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31253660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31263660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31273660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31283660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
31293660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31303660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31313660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31323660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f90000 'C:\WINDOWS\System32\crypt32.dll'
31333660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31343660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
31353660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
31363660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
31373660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
31383660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31393660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31403660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31413660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31423660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31433660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
31443660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
31453660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
31463660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
31473660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
31483660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
31493660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31503660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31513660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31523660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31533660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31543660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31553660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31563660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
31573660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31583660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
31593660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
31603660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31613660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31623660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31633660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31643660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
31653660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
31663660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31673660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31683660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31693660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
31703660.3828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31713660.3828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
31723660.3828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31733660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31743660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31753660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31763660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31773660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31783660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31793660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31803660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31813660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31823660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31833660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31843660.3828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31853660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31863660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31873660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31883660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31893660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31903660.3828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31913660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31923660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
31933660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31943660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31953660.3828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
31963660.3828: supR3HardenedDllNotificationCallback: load 00007fff16740000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
31973660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31983660.3828: supR3HardenedDllNotificationCallback: load 00007ffecb2a0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
31993660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32003660.3828: supR3HardenedDllNotificationCallback: load 00007ffec7520000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
32013660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32023660.3828: supR3HardenedDllNotificationCallback: load 00007fff14490000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
32033660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
32043660.3828: supR3HardenedDllNotificationCallback: load 00007ffec7d80000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
32053660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
32063660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec7d80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
32073660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32083660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
32093660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32103660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
32113660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32123660.3828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32133660.3828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32143660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec7520000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
32153660.3828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32163660.32ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32173660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32183660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32193660.32ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32203660.32ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
32213660.32ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32223660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32233660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32243660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32253660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32263660.32ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32273660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32283660.32ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32293660.32ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32303660.32ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32313660.32ac: supR3HardenedDllNotificationCallback: load 00007ffee5830000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
32323660.32ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32333660.32ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee5830000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
32343660.3330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32353660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32363660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32373660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
32383660.3330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32393660.3330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
32403660.3330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32413660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32423660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32433660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32443660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32453660.3330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32463660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32473660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32483660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32493660.3330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32503660.3330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32513660.3330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32523660.3330: supR3HardenedDllNotificationCallback: load 00007ffee71d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
32533660.3330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32543660.3330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee71d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32553660.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff142f0000 'C:\WINDOWS\system32\rsaenh.dll'
32563660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32573660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32583660.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32593660.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
32603660.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32613660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32623660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32633660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32643660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32653660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32663660.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32673660.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32683660.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32693660.48c: supR3HardenedDllNotificationCallback: load 00007ffee56e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32703660.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32713660.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee56e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32723660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32733660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32743660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32753660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32763660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32773660.3664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff177c0000 'C:\WINDOWS\system32\shell32.dll'
32783660.48c: supR3HardenedDllNotificationCallback: Unload 00007ffee56e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
32793660.3330: supR3HardenedDllNotificationCallback: Unload 00007ffee71d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
32803660.32ac: supR3HardenedDllNotificationCallback: Unload 00007ffee5830000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
32813660.39f8: supR3HardenedDllNotificationCallback: Unload 00007ffee71e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
32823660.3a04: supR3HardenedDllNotificationCallback: Unload 00007ffee7230000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
32833660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffec7d80000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
32843660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffecb2a0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
32853660.3828: supR3HardenedDllNotificationCallback: Unload 00007ffec7520000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
32863660.3828: supR3HardenedDllNotificationCallback: Unload 00007fff16740000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
32873660.3828: supR3HardenedDllNotificationCallback: Unload 00007fff14490000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
32883660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff02b80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
32893660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffee1e60000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
32903660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff0e160000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
32913660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff13ae0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
32923660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff0ea90000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
32933660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff12e70000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
32943660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff131f0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
32953660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff02ba0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
32963660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffecb7b0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
32973660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff031b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
32983660.3664: supR3HardenedDllNotificationCallback: Unload 00007fff03370000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
32993660.3664: supR3HardenedDllNotificationCallback: Unload 00007ffecb400000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33003660.3664: Terminating the normal way: rcExit=0
33013b98.3b9c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 352031 ms, the end);
33023a60.3a64: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 352781 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy