VirtualBox

Ticket #19987: Debian-sid-dev-2020-10-21-14-21-41.log

File Debian-sid-dev-2020-10-21-14-21-41.log, 450.1 KB (added by chli, 4 years ago)
Line 
12f90.2bd0: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6100
22f90.2bd0: \SystemRoot\System32\ntdll.dll:
32f90.2bd0: CreationTime: 2020-10-20T09:19:57.041344100Z
42f90.2bd0: LastWriteTime: 2020-10-20T09:19:57.063330100Z
52f90.2bd0: ChangeTime: 2020-10-20T10:45:18.276921900Z
62f90.2bd0: FileAttributes: 0x20
72f90.2bd0: Size: 0x1ee338
82f90.2bd0: NT Headers: 0xe8
92f90.2bd0: Timestamp: 0x5b56177b
102f90.2bd0: Machine: 0x8664 - amd64
112f90.2bd0: Timestamp: 0x5b56177b
122f90.2bd0: Image Version: 10.0
132f90.2bd0: SizeOfImage: 0x1f6000 (2056192)
142f90.2bd0: Resource Dir: 0x185000 LB 0x6fd28
152f90.2bd0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162f90.2bd0: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172f90.2bd0: ProductName: Microsoft® Windows® Operating System
182f90.2bd0: ProductVersion: 10.0.19041.546
192f90.2bd0: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
202f90.2bd0: FileDescription: NT Layer DLL
212f90.2bd0: \SystemRoot\System32\kernel32.dll:
222f90.2bd0: CreationTime: 2020-10-20T09:19:33.191897600Z
232f90.2bd0: LastWriteTime: 2020-10-20T09:19:33.201889300Z
242f90.2bd0: ChangeTime: 2020-10-20T10:45:18.000421600Z
252f90.2bd0: FileAttributes: 0x20
262f90.2bd0: Size: 0xbac30
272f90.2bd0: NT Headers: 0xe8
282f90.2bd0: Timestamp: 0x2f7cc9b6
292f90.2bd0: Machine: 0x8664 - amd64
302f90.2bd0: Timestamp: 0x2f7cc9b6
312f90.2bd0: Image Version: 10.0
322f90.2bd0: SizeOfImage: 0xbd000 (774144)
332f90.2bd0: Resource Dir: 0xbb000 LB 0x520
342f90.2bd0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352f90.2bd0: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362f90.2bd0: ProductName: Microsoft® Windows® Operating System
372f90.2bd0: ProductVersion: 10.0.19041.546
382f90.2bd0: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
392f90.2bd0: FileDescription: Windows NT BASE API Client DLL
402f90.2bd0: \SystemRoot\System32\KernelBase.dll:
412f90.2bd0: CreationTime: 2020-10-20T09:19:57.722923300Z
422f90.2bd0: LastWriteTime: 2020-10-20T09:19:57.760901100Z
432f90.2bd0: ChangeTime: 2020-10-20T10:45:18.301578800Z
442f90.2bd0: FileAttributes: 0x20
452f90.2bd0: Size: 0x2c8f70
462f90.2bd0: NT Headers: 0xf0
472f90.2bd0: Timestamp: 0x1183946c
482f90.2bd0: Machine: 0x8664 - amd64
492f90.2bd0: Timestamp: 0x1183946c
502f90.2bd0: Image Version: 10.0
512f90.2bd0: SizeOfImage: 0x2c8000 (2916352)
522f90.2bd0: Resource Dir: 0x29f000 LB 0x548
532f90.2bd0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542f90.2bd0: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552f90.2bd0: ProductName: Microsoft® Windows® Operating System
562f90.2bd0: ProductVersion: 10.0.19041.572
572f90.2bd0: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
582f90.2bd0: FileDescription: Windows NT BASE API Client DLL
592f90.2bd0: \SystemRoot\System32\apisetschema.dll:
602f90.2bd0: CreationTime: 2019-12-07T09:08:13.518339400Z
612f90.2bd0: LastWriteTime: 2019-12-07T09:08:13.518339400Z
622f90.2bd0: ChangeTime: 2020-10-20T09:21:15.614312000Z
632f90.2bd0: FileAttributes: 0x20
642f90.2bd0: Size: 0x1f538
652f90.2bd0: NT Headers: 0xd0
662f90.2bd0: Timestamp: 0x31288ce0
672f90.2bd0: Machine: 0x8664 - amd64
682f90.2bd0: Timestamp: 0x31288ce0
692f90.2bd0: Image Version: 10.0
702f90.2bd0: SizeOfImage: 0x20000 (131072)
712f90.2bd0: Resource Dir: 0x1f000 LB 0x408
722f90.2bd0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732f90.2bd0: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742f90.2bd0: ProductName: Microsoft® Windows® Operating System
752f90.2bd0: ProductVersion: 10.0.19041.1
762f90.2bd0: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
772f90.2bd0: FileDescription: ApiSet Schema DLL
782f90.2bd0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792f90.2bd0: supR3HardenedWinFindAdversaries: 0x0
802f90.2bd0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
812f90.2bd0: Calling main()
822f90.2bd0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
832f90.2bd0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
842f90.2bd0: SUPR3HardenedMain: Respawn #1
852f90.2bd0: System32: \Device\HarddiskVolume2\Windows\System32
862f90.2bd0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
872f90.2bd0: KnownDllPath: C:\WINDOWS\System32
882f90.2bd0: supR3HardenedWinInit: Performing a limited self purification...
892f90.2bd0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
902f90.2bd0: *0000000000000000-000000000077ffff 0x0001/0x0000 0x0000000
912f90.2bd0: *0000000000780000-000000000078ffff 0x0004/0x0004 0x0040000
922f90.2bd0: 0000000000790000-000000000079ffff 0x0001/0x0000 0x0000000
932f90.2bd0: *00000000007a0000-00000000007bcfff 0x0002/0x0002 0x0040000
942f90.2bd0: 00000000007bd000-00000000007bffff 0x0001/0x0000 0x0000000
952f90.2bd0: *00000000007c0000-00000000007c3fff 0x0002/0x0002 0x0040000
962f90.2bd0: 00000000007c4000-00000000007cffff 0x0001/0x0000 0x0000000
972f90.2bd0: *00000000007d0000-00000000007d1fff 0x0004/0x0004 0x0020000
982f90.2bd0: 00000000007d2000-00000000007fffff 0x0001/0x0000 0x0000000
992f90.2bd0: *0000000000800000-00000000008f2fff 0x0000/0x0004 0x0020000
1002f90.2bd0: 00000000008f3000-00000000008f5fff 0x0004/0x0004 0x0020000
1012f90.2bd0: 00000000008f6000-00000000009fffff 0x0000/0x0004 0x0020000
1022f90.2bd0: *0000000000a00000-0000000000ab8fff 0x0000/0x0004 0x0020000
1032f90.2bd0: 0000000000ab9000-0000000000abbfff 0x0104/0x0004 0x0020000
1042f90.2bd0: 0000000000abc000-0000000000afffff 0x0004/0x0004 0x0020000
1052f90.2bd0: *0000000000b00000-0000000000bc8fff 0x0002/0x0002 0x0040000
1062f90.2bd0: 0000000000bc9000-0000000000beffff 0x0001/0x0000 0x0000000
1072f90.2bd0: *0000000000bf0000-0000000000bf6fff 0x0004/0x0004 0x0020000
1082f90.2bd0: 0000000000bf7000-0000000000ceffff 0x0000/0x0004 0x0020000
1092f90.2bd0: *0000000000cf0000-0000000000cf1fff 0x0004/0x0004 0x0020000
1102f90.2bd0: 0000000000cf2000-0000000000d21fff 0x0000/0x0004 0x0020000
1112f90.2bd0: 0000000000d22000-0000000000dbffff 0x0001/0x0000 0x0000000
1122f90.2bd0: *0000000000dc0000-0000000000dcefff 0x0004/0x0004 0x0020000
1132f90.2bd0: 0000000000dcf000-0000000000dcffff 0x0000/0x0004 0x0020000
1142f90.2bd0: *0000000000dd0000-0000000000dddfff 0x0000/0x0004 0x0020000
1152f90.2bd0: 0000000000dde000-0000000000fd4fff 0x0004/0x0004 0x0020000
1162f90.2bd0: 0000000000fd5000-0000000000fd5fff 0x0000/0x0004 0x0020000
1172f90.2bd0: 0000000000fd6000-0000000000fdffff 0x0001/0x0000 0x0000000
1182f90.2bd0: *0000000000fe0000-0000000000ffcfff 0x0004/0x0004 0x0020000
1192f90.2bd0: 0000000000ffd000-00000000010dffff 0x0000/0x0004 0x0020000
1202f90.2bd0: 00000000010e0000-000000007ffdffff 0x0001/0x0000 0x0000000
1212f90.2bd0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1222f90.2bd0: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
1232f90.2bd0: 000000007ffe2000-00007ff44711ffff 0x0001/0x0000 0x0000000
1242f90.2bd0: *00007ff447120000-00007ff447124fff 0x0002/0x0002 0x0040000
1252f90.2bd0: 00007ff447125000-00007ff44721ffff 0x0000/0x0002 0x0040000
1262f90.2bd0: *00007ff447220000-00007ff54723ffff 0x0000/0x0004 0x0020000
1272f90.2bd0: *00007ff547240000-00007ff54923ffff 0x0000/0x0004 0x0020000
1282f90.2bd0: 00007ff549240000-00007ff549240fff 0x0004/0x0004 0x0020000
1292f90.2bd0: 00007ff549241000-00007ff54924ffff 0x0001/0x0000 0x0000000
1302f90.2bd0: *00007ff549250000-00007ff549250fff 0x0002/0x0002 0x0040000
1312f90.2bd0: 00007ff549251000-00007ff54925ffff 0x0001/0x0000 0x0000000
1322f90.2bd0: *00007ff549260000-00007ff549282fff 0x0002/0x0002 0x0040000
1332f90.2bd0: 00007ff549283000-00007ff70639ffff 0x0001/0x0000 0x0000000
1342f90.2bd0: *00007ff7063a0000-00007ff7063a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1352f90.2bd0: 00007ff7063a1000-00007ff706417fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1362f90.2bd0: 00007ff706418000-00007ff706418fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1372f90.2bd0: 00007ff706419000-00007ff706461fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1382f90.2bd0: 00007ff706462000-00007ff706464fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1392f90.2bd0: 00007ff706465000-00007ff706467fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1402f90.2bd0: 00007ff706468000-00007ff70646afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1412f90.2bd0: 00007ff70646b000-00007ff70646bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1422f90.2bd0: 00007ff70646c000-00007ff70646dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1432f90.2bd0: 00007ff70646e000-00007ff70646efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1442f90.2bd0: 00007ff70646f000-00007ff7064b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1452f90.2bd0: 00007ff7064b8000-00007ffc1e67ffff 0x0001/0x0000 0x0000000
1462f90.2bd0: *00007ffc1e680000-00007ffc1e680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1472f90.2bd0: 00007ffc1e681000-00007ffc1e791fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1482f90.2bd0: 00007ffc1e792000-00007ffc1e909fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1492f90.2bd0: 00007ffc1e90a000-00007ffc1e90dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1502f90.2bd0: 00007ffc1e90e000-00007ffc1e90efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1512f90.2bd0: 00007ffc1e90f000-00007ffc1e947fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1522f90.2bd0: 00007ffc1e948000-00007ffc2043ffff 0x0001/0x0000 0x0000000
1532f90.2bd0: *00007ffc20440000-00007ffc20440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1542f90.2bd0: 00007ffc20441000-00007ffc204befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1552f90.2bd0: 00007ffc204bf000-00007ffc204f1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1562f90.2bd0: 00007ffc204f2000-00007ffc204f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1572f90.2bd0: 00007ffc204f3000-00007ffc204f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1582f90.2bd0: 00007ffc204f4000-00007ffc204fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1592f90.2bd0: 00007ffc204fd000-00007ffc20a6ffff 0x0001/0x0000 0x0000000
1602f90.2bd0: *00007ffc20a70000-00007ffc20a70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1612f90.2bd0: 00007ffc20a71000-00007ffc20b8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1622f90.2bd0: 00007ffc20b8c000-00007ffc20bd4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1632f90.2bd0: 00007ffc20bd5000-00007ffc20bd5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1642f90.2bd0: 00007ffc20bd6000-00007ffc20bd7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1652f90.2bd0: 00007ffc20bd8000-00007ffc20be0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1662f90.2bd0: 00007ffc20be1000-00007ffc20c65fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1672f90.2bd0: 00007ffc20c66000-00007ffffffeffff 0x0001/0x0000 0x0000000
1682f90.2bd0: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
1692f90.2bd0: kernelbase.dll: timestamp 0x1183946c (rc=VINF_SUCCESS)
1702f90.2bd0: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
1712f90.2bd0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1722f90.2bd0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1732f90.2bd0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1742f90.2bd0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1752f90.2bd0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1762f90.2bd0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1772f90.2bd0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1782f90.2bd0: supR3HardNtEnableThreadCreationEx:
1792f90.2bd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc20ae4750 pvNtTerminateThread=00007ffc20b0c7e0
1802f90.2bd0: supR3HardenedWinDoReSpawn(1): New child 2870.2d00 [kernel32].
1812f90.2bd0: supR3HardNtChildGatherData: PebBaseAddress=0000000000645000 cbPeb=0x388
1822f90.2bd0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc20a70000 uNtDllChildAddr=00007ffc20a70000
1832f90.2bd0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc20ae4750
1842f90.2bd0: supR3HardenedWinSetupChildInit: Initial context:
185 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7063a7900 rdx=0000000000645000
186 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
187 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
188 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
189 rip=00007ffc20abcea0 rsp=00000000008ffe18 rbp=0000000000000000 ctxflags=0010001b
190 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
191 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
192 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
193 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
194 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
1952f90.2bd0: supR3HardenedWinSetupChildInit: Start child.
1962f90.2bd0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1972f90.2bd0: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 17 sleeps
1982f90.2bd0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1992f90.2bd0: *0000000000000000-00000000004fffff 0x0001/0x0000 0x0000000
2002f90.2bd0: *0000000000500000-000000000051ffff 0x0004/0x0004 0x0020000
2012f90.2bd0: *0000000000520000-000000000053cfff 0x0002/0x0002 0x0040000
2022f90.2bd0: 000000000053d000-000000000053ffff 0x0001/0x0000 0x0000000
2032f90.2bd0: *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
2042f90.2bd0: 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
2052f90.2bd0: *0000000000550000-0000000000551fff 0x0004/0x0004 0x0020000
2062f90.2bd0: 0000000000552000-00000000005fffff 0x0001/0x0000 0x0000000
2072f90.2bd0: *0000000000600000-0000000000644fff 0x0000/0x0004 0x0020000
2082f90.2bd0: 0000000000645000-0000000000647fff 0x0004/0x0004 0x0020000
2092f90.2bd0: 0000000000648000-00000000007fffff 0x0000/0x0004 0x0020000
2102f90.2bd0: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
2112f90.2bd0: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
2122f90.2bd0: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
2132f90.2bd0: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
2142f90.2bd0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2152f90.2bd0: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
2162f90.2bd0: 000000007ffe2000-00007ff5e0c9ffff 0x0001/0x0000 0x0000000
2172f90.2bd0: *00007ff5e0ca0000-00007ff5e0ca0fff 0x0002/0x0002 0x0040000
2182f90.2bd0: 00007ff5e0ca1000-00007ff5e0caffff 0x0001/0x0000 0x0000000
2192f90.2bd0: *00007ff5e0cb0000-00007ff5e0cd2fff 0x0002/0x0002 0x0040000
2202f90.2bd0: 00007ff5e0cd3000-00007ff70639ffff 0x0001/0x0000 0x0000000
2212f90.2bd0: *00007ff7063a0000-00007ff7063a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2222f90.2bd0: 00007ff7063a1000-00007ff706417fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2232f90.2bd0: 00007ff706418000-00007ff706418fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2242f90.2bd0: 00007ff706419000-00007ff706461fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2252f90.2bd0: 00007ff706462000-00007ff706462fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2262f90.2bd0: 00007ff706463000-00007ff706463fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2272f90.2bd0: 00007ff706464000-00007ff706468fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2282f90.2bd0: 00007ff706469000-00007ff706469fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2292f90.2bd0: 00007ff70646a000-00007ff70646afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2302f90.2bd0: 00007ff70646b000-00007ff70646efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2312f90.2bd0: 00007ff70646f000-00007ff7064b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2322f90.2bd0: 00007ff7064b8000-00007ffc20a6ffff 0x0001/0x0000 0x0000000
2332f90.2bd0: *00007ffc20a70000-00007ffc20a70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2342f90.2bd0: 00007ffc20a71000-00007ffc20b8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2352f90.2bd0: 00007ffc20b8c000-00007ffc20bd4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2362f90.2bd0: 00007ffc20bd5000-00007ffc20be0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2372f90.2bd0: 00007ffc20be1000-00007ffc20beffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2382f90.2bd0: 00007ffc20bf0000-00007ffc20bf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2392f90.2bd0: 00007ffc20bf1000-00007ffc20bf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2402f90.2bd0: 00007ffc20bf4000-00007ffc20c65fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2412f90.2bd0: 00007ffc20c66000-00007ffffffeffff 0x0001/0x0000 0x0000000
2422f90.2bd0: supR3HardNtChildPurify: Done after 262 ms and 0 fixes (loop #0).
2432870.2d00: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
2442870.2d00: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc20a70000 g_uNtVerCombined=0xa04a6100 (stack ~00000000008ff8a8)
2452870.2d00: ntdll.dll: timestamp 0x5b56177b (rc=VINF_SUCCESS)
2462870.2d00: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2056192 allocation)
2472f90.2bd0: supR3HardNtEnableThreadCreationEx:
2482870.2d00: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2492870.2d00: System32: \Device\HarddiskVolume2\Windows\System32
2502870.2d00: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2512870.2d00: KnownDllPath: C:\WINDOWS\System32
2522870.2d00: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2532870.2d00: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2542870.2d00: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2552870.2d00: Registered Dll notification callback with NTDLL.
2562870.2d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2572870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2582870.2d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2592870.2d00: supR3HardenedDllNotificationCallback: load 00007ffc1e680000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2602870.2d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2612870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2622870.2d00: supR3HardenedDllNotificationCallback: load 00007ffc20440000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2632870.2d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2642870.2d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\KERNEL32.DLL'
2652870.2d00: supR3HardenedDllNotificationCallback: load 00007ff7063a0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2662870.2d00: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2672870.2d00: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2682870.2d00: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2692870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2702870.2d00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc20ae4750 pvNtTerminateThread=00007ffc20b0c7e0
2712f90.2bd0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 120 ms.
2722870.2d00: \SystemRoot\System32\ntdll.dll:
2732870.2d00: CreationTime: 2020-10-20T09:19:57.041344100Z
2742870.2d00: LastWriteTime: 2020-10-20T09:19:57.063330100Z
2752870.2d00: ChangeTime: 2020-10-20T10:45:18.276921900Z
2762870.2d00: FileAttributes: 0x20
2772870.2d00: Size: 0x1ee338
2782870.2d00: NT Headers: 0xe8
2792870.2d00: Timestamp: 0x5b56177b
2802870.2d00: Machine: 0x8664 - amd64
2812870.2d00: Timestamp: 0x5b56177b
2822870.2d00: Image Version: 10.0
2832870.2d00: SizeOfImage: 0x1f6000 (2056192)
2842870.2d00: Resource Dir: 0x185000 LB 0x6fd28
2852870.2d00: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2862870.2d00: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2872870.2d00: ProductName: Microsoft® Windows® Operating System
2882870.2d00: ProductVersion: 10.0.19041.546
2892870.2d00: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
2902870.2d00: FileDescription: NT Layer DLL
2912870.2d00: \SystemRoot\System32\kernel32.dll:
2922870.2d00: CreationTime: 2020-10-20T09:19:33.191897600Z
2932870.2d00: LastWriteTime: 2020-10-20T09:19:33.201889300Z
2942870.2d00: ChangeTime: 2020-10-20T10:45:18.000421600Z
2952870.2d00: FileAttributes: 0x20
2962870.2d00: Size: 0xbac30
2972870.2d00: NT Headers: 0xe8
2982870.2d00: Timestamp: 0x2f7cc9b6
2992870.2d00: Machine: 0x8664 - amd64
3002870.2d00: Timestamp: 0x2f7cc9b6
3012870.2d00: Image Version: 10.0
3022870.2d00: SizeOfImage: 0xbd000 (774144)
3032870.2d00: Resource Dir: 0xbb000 LB 0x520
3042870.2d00: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3052870.2d00: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3062870.2d00: ProductName: Microsoft® Windows® Operating System
3072870.2d00: ProductVersion: 10.0.19041.546
3082870.2d00: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
3092870.2d00: FileDescription: Windows NT BASE API Client DLL
3102870.2d00: \SystemRoot\System32\KernelBase.dll:
3112870.2d00: CreationTime: 2020-10-20T09:19:57.722923300Z
3122870.2d00: LastWriteTime: 2020-10-20T09:19:57.760901100Z
3132870.2d00: ChangeTime: 2020-10-20T10:45:18.301578800Z
3142870.2d00: FileAttributes: 0x20
3152870.2d00: Size: 0x2c8f70
3162870.2d00: NT Headers: 0xf0
3172870.2d00: Timestamp: 0x1183946c
3182870.2d00: Machine: 0x8664 - amd64
3192870.2d00: Timestamp: 0x1183946c
3202870.2d00: Image Version: 10.0
3212870.2d00: SizeOfImage: 0x2c8000 (2916352)
3222870.2d00: Resource Dir: 0x29f000 LB 0x548
3232870.2d00: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3242870.2d00: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3252870.2d00: ProductName: Microsoft® Windows® Operating System
3262870.2d00: ProductVersion: 10.0.19041.572
3272870.2d00: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
3282870.2d00: FileDescription: Windows NT BASE API Client DLL
3292870.2d00: \SystemRoot\System32\apisetschema.dll:
3302870.2d00: CreationTime: 2019-12-07T09:08:13.518339400Z
3312870.2d00: LastWriteTime: 2019-12-07T09:08:13.518339400Z
3322870.2d00: ChangeTime: 2020-10-20T09:21:15.614312000Z
3332870.2d00: FileAttributes: 0x20
3342870.2d00: Size: 0x1f538
3352870.2d00: NT Headers: 0xd0
3362870.2d00: Timestamp: 0x31288ce0
3372870.2d00: Machine: 0x8664 - amd64
3382870.2d00: Timestamp: 0x31288ce0
3392870.2d00: Image Version: 10.0
3402870.2d00: SizeOfImage: 0x20000 (131072)
3412870.2d00: Resource Dir: 0x1f000 LB 0x408
3422870.2d00: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3432870.2d00: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3442870.2d00: ProductName: Microsoft® Windows® Operating System
3452870.2d00: ProductVersion: 10.0.19041.1
3462870.2d00: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3472870.2d00: FileDescription: ApiSet Schema DLL
3482870.2d00: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3492870.2d00: supR3HardenedWinFindAdversaries: 0x0
3502870.2d00: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3512870.2d00: Calling main()
3522870.2d00: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3532870.2d00: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3542870.2d00: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3552870.2d00: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3562870.2d00: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3572870.2d00: SUPR3HardenedMain: Respawn #2
3582870.2d00: supR3HardNtEnableThreadCreationEx:
3592870.2d00: supR3HardenedDllNotificationCallback: load 00007ffc1f8e0000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
3602870.2d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
3612870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3622870.2d00: supR3HardenedDllNotificationCallback: load 00007ffc20180000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3632870.2d00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3642870.2d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
3652870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
3662870.2d00: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3672870.2d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
3682870.2d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3692870.2d00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3702870.2d00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3712870.2d00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3722870.2d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3732870.2d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20a70000 'C:\WINDOWS\System32\ntdll.dll'
3742870.2d00: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc20ae4750 pvNtTerminateThread=00007ffc20b0c7e0
3752870.2d00: supR3HardenedWinDoReSpawn(2): New child 288c.2744 [kernel32].
3762870.2d00: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3772870.2d00: supR3HardNtChildGatherData: PebBaseAddress=000000000056f000 cbPeb=0x388
3782870.2d00: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc20a70000 uNtDllChildAddr=00007ffc20a70000
3792870.2d00: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc20ae4750
3802870.2d00: supR3HardenedWinSetupChildInit: Initial context:
381 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7063a7900 rdx=000000000056f000
382 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
383 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
384 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
385 rip=00007ffc20abcea0 rsp=00000000006ffab8 rbp=0000000000000000 ctxflags=0010001b
386 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
387 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
388 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
389 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
390 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3912870.2d00: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
3922870.2d00: supR3HardenedWinSetupChildInit: Start child.
3932870.2d00: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3942870.2d00: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 17 sleeps
3952870.2d00: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3962870.2d00: *0000000000000000-000000000037ffff 0x0001/0x0000 0x0000000
3972870.2d00: *0000000000380000-000000000039ffff 0x0004/0x0004 0x0020000
3982870.2d00: *00000000003a0000-00000000003bcfff 0x0002/0x0002 0x0040000
3992870.2d00: 00000000003bd000-00000000003bffff 0x0001/0x0000 0x0000000
4002870.2d00: *00000000003c0000-00000000003c3fff 0x0002/0x0002 0x0040000
4012870.2d00: 00000000003c4000-00000000003cffff 0x0001/0x0000 0x0000000
4022870.2d00: *00000000003d0000-00000000003d1fff 0x0004/0x0004 0x0020000
4032870.2d00: 00000000003d2000-00000000003fffff 0x0001/0x0000 0x0000000
4042870.2d00: *0000000000400000-000000000056efff 0x0000/0x0004 0x0020000
4052870.2d00: 000000000056f000-0000000000571fff 0x0004/0x0004 0x0020000
4062870.2d00: 0000000000572000-00000000005fffff 0x0000/0x0004 0x0020000
4072870.2d00: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
4082870.2d00: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
4092870.2d00: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
4102870.2d00: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
4112870.2d00: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4122870.2d00: *000000007ffe1000-000000007ffe1fff 0x0002/0x0002 0x0020000
4132870.2d00: 000000007ffe2000-00007ff5d4fcffff 0x0001/0x0000 0x0000000
4142870.2d00: *00007ff5d4fd0000-00007ff5d4fd0fff 0x0002/0x0002 0x0040000
4152870.2d00: 00007ff5d4fd1000-00007ff5d4fdffff 0x0001/0x0000 0x0000000
4162870.2d00: *00007ff5d4fe0000-00007ff5d5002fff 0x0002/0x0002 0x0040000
4172870.2d00: 00007ff5d5003000-00007ff70639ffff 0x0001/0x0000 0x0000000
4182870.2d00: *00007ff7063a0000-00007ff7063a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4192870.2d00: 00007ff7063a1000-00007ff706417fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4202870.2d00: 00007ff706418000-00007ff706418fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4212870.2d00: 00007ff706419000-00007ff706461fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4222870.2d00: 00007ff706462000-00007ff706462fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4232870.2d00: 00007ff706463000-00007ff706463fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4242870.2d00: 00007ff706464000-00007ff706468fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4252870.2d00: 00007ff706469000-00007ff706469fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4262870.2d00: 00007ff70646a000-00007ff70646afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4272870.2d00: 00007ff70646b000-00007ff70646efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4282870.2d00: 00007ff70646f000-00007ff7064b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4292870.2d00: 00007ff7064b8000-00007ffc20a6ffff 0x0001/0x0000 0x0000000
4302870.2d00: *00007ffc20a70000-00007ffc20a70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4312870.2d00: 00007ffc20a71000-00007ffc20b8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4322870.2d00: 00007ffc20b8c000-00007ffc20bd4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4332870.2d00: 00007ffc20bd5000-00007ffc20be0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4342870.2d00: 00007ffc20be1000-00007ffc20beffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4352870.2d00: 00007ffc20bf0000-00007ffc20bf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4362870.2d00: 00007ffc20bf1000-00007ffc20bf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4372870.2d00: 00007ffc20bf4000-00007ffc20c65fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4382870.2d00: 00007ffc20c66000-00007ffffffeffff 0x0001/0x0000 0x0000000
4392870.2d00: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
4402870.2d00: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4412870.2d00: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4422870.2d00: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4432870.2d00: supR3HardNtChildPurify: Done after 317 ms and 0 fixes (loop #0).
444288c.2744: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
445288c.2744: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc20a70000 g_uNtVerCombined=0xa04a6100 (stack ~00000000006ff548)
446288c.2744: ntdll.dll: timestamp 0x5b56177b (rc=VINF_SUCCESS)
447288c.2744: New simple heap: #1 0000000000800000 LB 0x400000 (for 2056192 allocation)
4482870.2d00: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
4492870.2d00: supR3HardNtEnableThreadCreationEx:
450288c.2744: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
451288c.2744: System32: \Device\HarddiskVolume2\Windows\System32
452288c.2744: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
453288c.2744: KnownDllPath: C:\WINDOWS\System32
454288c.2744: supR3HardenedVmProcessInit: Opening vboxdrv...
455288c.2744: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
456288c.2744: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
457288c.2744: Registered Dll notification callback with NTDLL.
458288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
459288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
460288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
461288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e680000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
462288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
463288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
464288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20440000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
465288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
466288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\KERNEL32.DLL'
467288c.2744: supR3HardenedDllNotificationCallback: load 00007ff7063a0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
468288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
469288c.2744: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
470288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
471288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
472288c.2744: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc20ae4750 pvNtTerminateThread=00007ffc20b0c7e0
4732870.2d00: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 131 ms.
474288c.2744: \SystemRoot\System32\ntdll.dll:
475288c.2744: CreationTime: 2020-10-20T09:19:57.041344100Z
476288c.2744: LastWriteTime: 2020-10-20T09:19:57.063330100Z
477288c.2744: ChangeTime: 2020-10-20T10:45:18.276921900Z
478288c.2744: FileAttributes: 0x20
479288c.2744: Size: 0x1ee338
480288c.2744: NT Headers: 0xe8
481288c.2744: Timestamp: 0x5b56177b
482288c.2744: Machine: 0x8664 - amd64
483288c.2744: Timestamp: 0x5b56177b
484288c.2744: Image Version: 10.0
485288c.2744: SizeOfImage: 0x1f6000 (2056192)
486288c.2744: Resource Dir: 0x185000 LB 0x6fd28
487288c.2744: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
488288c.2744: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
489288c.2744: ProductName: Microsoft® Windows® Operating System
490288c.2744: ProductVersion: 10.0.19041.546
491288c.2744: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
492288c.2744: FileDescription: NT Layer DLL
493288c.2744: \SystemRoot\System32\kernel32.dll:
494288c.2744: CreationTime: 2020-10-20T09:19:33.191897600Z
495288c.2744: LastWriteTime: 2020-10-20T09:19:33.201889300Z
496288c.2744: ChangeTime: 2020-10-20T10:45:18.000421600Z
497288c.2744: FileAttributes: 0x20
498288c.2744: Size: 0xbac30
499288c.2744: NT Headers: 0xe8
500288c.2744: Timestamp: 0x2f7cc9b6
501288c.2744: Machine: 0x8664 - amd64
502288c.2744: Timestamp: 0x2f7cc9b6
503288c.2744: Image Version: 10.0
504288c.2744: SizeOfImage: 0xbd000 (774144)
505288c.2744: Resource Dir: 0xbb000 LB 0x520
506288c.2744: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
507288c.2744: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
508288c.2744: ProductName: Microsoft® Windows® Operating System
509288c.2744: ProductVersion: 10.0.19041.546
510288c.2744: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
511288c.2744: FileDescription: Windows NT BASE API Client DLL
512288c.2744: \SystemRoot\System32\KernelBase.dll:
513288c.2744: CreationTime: 2020-10-20T09:19:57.722923300Z
514288c.2744: LastWriteTime: 2020-10-20T09:19:57.760901100Z
515288c.2744: ChangeTime: 2020-10-20T10:45:18.301578800Z
516288c.2744: FileAttributes: 0x20
517288c.2744: Size: 0x2c8f70
518288c.2744: NT Headers: 0xf0
519288c.2744: Timestamp: 0x1183946c
520288c.2744: Machine: 0x8664 - amd64
521288c.2744: Timestamp: 0x1183946c
522288c.2744: Image Version: 10.0
523288c.2744: SizeOfImage: 0x2c8000 (2916352)
524288c.2744: Resource Dir: 0x29f000 LB 0x548
525288c.2744: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
526288c.2744: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
527288c.2744: ProductName: Microsoft® Windows® Operating System
528288c.2744: ProductVersion: 10.0.19041.572
529288c.2744: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
530288c.2744: FileDescription: Windows NT BASE API Client DLL
531288c.2744: \SystemRoot\System32\apisetschema.dll:
532288c.2744: CreationTime: 2019-12-07T09:08:13.518339400Z
533288c.2744: LastWriteTime: 2019-12-07T09:08:13.518339400Z
534288c.2744: ChangeTime: 2020-10-20T09:21:15.614312000Z
535288c.2744: FileAttributes: 0x20
536288c.2744: Size: 0x1f538
537288c.2744: NT Headers: 0xd0
538288c.2744: Timestamp: 0x31288ce0
539288c.2744: Machine: 0x8664 - amd64
540288c.2744: Timestamp: 0x31288ce0
541288c.2744: Image Version: 10.0
542288c.2744: SizeOfImage: 0x20000 (131072)
543288c.2744: Resource Dir: 0x1f000 LB 0x408
544288c.2744: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
545288c.2744: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
546288c.2744: ProductName: Microsoft® Windows® Operating System
547288c.2744: ProductVersion: 10.0.19041.1
548288c.2744: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
549288c.2744: FileDescription: ApiSet Schema DLL
550288c.2744: NtOpenDirectoryObject failed on \Driver: 0xc0000022
551288c.2744: supR3HardenedWinFindAdversaries: 0x0
552288c.2744: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
553288c.2744: Calling main()
554288c.2744: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
555288c.2744: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
556288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
557288c.2744: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
558288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
559288c.2744: SUPR3HardenedMain: Final process, opening VBoxDrv...
560288c.2744: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
561288c.2744: supR3HardNtEnableThreadCreationEx:
562288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
563288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
564288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
565288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
566288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
567288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc09640000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
568288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
569288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
570288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
571288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09640000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
572288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
573288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
574288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09640000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
575288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09640000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
576288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
577288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
578288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
579288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
580288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
581288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
582288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
583288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
584288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
585288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
586288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
587288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
588288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
589288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1f840000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
590288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
591288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1f8e0000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
592288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
593288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e950000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
594288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
595288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e580000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
596288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
597288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
598288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e3d0000 LB 0x0015d000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
599288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
600288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
601288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
602288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
603288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-synch-l1-2-0'
604288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
605288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
606288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-fibers-l1-1-1'
607288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
608288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
609288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-fibers-l1-1-1'
610288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
611288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
612288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-synch-l1-2-0'
613288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
614288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
615288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-localization-l1-2-1'
616288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
617288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
618288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1dee0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
619288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
620288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e950000 'C:\WINDOWS\system32\Wintrust.dll'
621288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
622288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
623288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
624288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e1f0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
625288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
626288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e1f0000 'C:\WINDOWS\system32\bcrypt.dll'
627288c.2744: bcrypt.dll loaded at 00007ffc1e1f0000, BCryptOpenAlgorithmProvider at 00007ffc1e1f51e0, preloading providers:
628288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
629288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
630288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
631288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1ea60000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
632288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
633288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ea60000 'C:\WINDOWS\system32\bcryptprimitives.dll'
634288c.2744: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000c807b0)
635288c.2744: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000c80c00)
636288c.2744: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c80f20)
637288c.2744: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c81240)
638288c.2744: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c81560)
639288c.2744: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c81880)
640288c.2744: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c81ba0)
641288c.2744: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c81ec0)
642288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
643288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
644288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1de90000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
645288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
646288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
647288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
648288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
649288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
650288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
651288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
652288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
653288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
654288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1d290000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
655288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
656288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
657288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
658288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
659288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1dad0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
660288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
661288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
662288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
663288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\kernel32.dll'
664288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
665288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
666288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e950000 'C:\WINDOWS\System32\WINTRUST.DLL'
667288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
668288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
669288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\CRYPT32.dll'
670288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1f690000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
671288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
672288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
673288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
674288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
675288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
676288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20180000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
677288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
678288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
679288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
680288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
681288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
682288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
683288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
684288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1caa0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
685288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
686288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
687288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
688288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e0f0000 LB 0x00026000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
689288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
690288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
691288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
692288c.2744: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
693288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
694288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
695288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
696288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
697288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
698288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
699288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
700288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
701288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
702288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
703288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
704288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
705288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
706288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
707288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
708288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
709288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
710288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
711288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc17ee0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
712288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
713288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
714288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
715288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
716288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
717288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
718288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
719288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
720288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
721288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
722288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
723288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
724288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
725288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
726288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
727288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
728288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
729288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
730288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
731288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
732288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
733288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
734288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
735288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
736288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
737288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
738288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
739288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
740288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
741288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\WINDOWS\System32\cryptnet.dll'
742288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
743288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ee0000 'C:\Windows\System32\cryptnet.dll'
744288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc206a0000 LB 0x000aa000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
745288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
746288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
747288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
748288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
749288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
750288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
751288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
752288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
753288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
754288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
755288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
756288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
757288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
758288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
759288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
760288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
761288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
762288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
763288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
764288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
765288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
766288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000cac0e0
767288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
768288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7156C83A907F16145EEEA84ADE6D92E3B0F66BCB
769288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
770288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
771288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f8e0000 'C:\WINDOWS\System32\rpcrt4.dll'
772288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
773288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
774288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
775288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
776288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
777288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
778288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\SystemRoot\System32\ntdll.dll'
779288c.2744: g_pfnWinVerifyTrust=00007ffc1e951da0
780288c.2744: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
781288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
782288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
783288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
784288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
785288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
786288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
787288c.2744: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
788288c.2744: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
789288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
790288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
791288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
792288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
793288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
794288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
795288c.2744: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
796288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
797288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
798288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
799288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
800288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
801288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
802288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
803288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
804288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
805288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
806288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45ECE98858B46D7A91C9972C8F2F62C2E8A43CC
807288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
808288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
809288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
810288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
811288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
812288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
813288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
814288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
815288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
816288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
817288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
818288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
819288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
820288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
821288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
822288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
823288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
824288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
825288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
826288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
827288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
828288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
829288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
830288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
831288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
832288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
833288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
834288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
835288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
836288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
837288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
838288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
839288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
840288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
841288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
842288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
843288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
844288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
845288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
846288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
847288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
848288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
849288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
850288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
851288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
852288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
853288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
854288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
855288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
856288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
857288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
858288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
859288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
860288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
861288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
862288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
863288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
864288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
865288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
866288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
867288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
868288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
869288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
870288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
871288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
872288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\system32\crypt32.dll'
873288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
874288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
875288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
876288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
877288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
878288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
879288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
880288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
881288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x97cc00ef32c71c7c CN=USB\VID_0BDA&PID_2838&MI_00 (libwdi autogenerated)
882288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xcea2375f2f7c3846 CN=Creative Element
883288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
884288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
885288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
886288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
887288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
888288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
889288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
890288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
891288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
892288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
893288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
894288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
895288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
896288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
897288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
898288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
899288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
900288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
901288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
902288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
903288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
904288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
905288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
906288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
907288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
908288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
909288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
910288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
911288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
912288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
913288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
914288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
915288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
916288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
917288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
918288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
919288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
920288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
921288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
922288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
923288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
924288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
925288c.2744: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
926288c.2744: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
927288c.2744: SUPR3HardenedMain: Load Runtime...
928288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
929288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
930288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
931288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
932288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
933288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
934288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
935288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
936288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
937288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
938288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
939288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
940288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
941288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
942288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
943288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
944288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
945288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
946288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
947288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
948288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
949288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
950288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
951288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
952288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
953288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
954288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
955288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
956288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
957288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
958288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
959288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
960288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
961288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
962288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
963288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
964288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
965288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
966288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
967288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
968288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
969288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
970288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
971288c.2744: supR3HardenedDllNotificationCallback: load 0000000061ff0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
972288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
973288c.2744: supR3HardenedDllNotificationCallback: load 0000000061470000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
974288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
975288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20110000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
976288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
977288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbe9810000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
978288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
979288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
980288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
981288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
982288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
983288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
984288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
985288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
986288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
987288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
988288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
989288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
990288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
991288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
992288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
993288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
994288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
995288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
996288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
997288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
998288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
999288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1000288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1001288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1002288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1003288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1004288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1005288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1006288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1007288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1008288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1009288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1010288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1011288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1012288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1013288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1014288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1015288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1016288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1017288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1018288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1019288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1020288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1021288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1022288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1023288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1024288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1025288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1026288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1027288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1028288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1029288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1030288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1031288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1032288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1033288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1034288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1035288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1036288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1037288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1038288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1039288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1040288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1041288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1042288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1043288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1044288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1045288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1046288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1047288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1048288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1049288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1050288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1051288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1052288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1053288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1054288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1055288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1056288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1057288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1058288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1059288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1060288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1061288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1062288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1063288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1064288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1065288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1066288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1067288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1068288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1069288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1070288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1071288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1072288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1073288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1074288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1075288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1076288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1077288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1078288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1079288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1080288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1081288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1082288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1083288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1084288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1085288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1086288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1087288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1088288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1089288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1090288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1091288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1092288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1093288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1094288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1095288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1096288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1097288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1098288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1099288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1100288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1101288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1102288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1103288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1104288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1105288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1106288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1107288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1108288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1109288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1110288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1111288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1112288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1113288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1114288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1115288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1116288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1117288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1118288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1119288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1120288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1121288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1122288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1123288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1124288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1125288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1126288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1127288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1128288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1129288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1130288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1131288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1132288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1133288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1134288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1135288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1136288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1137288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1138288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1139288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1140288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1141288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1142288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1144288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1145288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1146288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1147288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1149288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1150288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1151288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1152288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1154288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1155288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe9810000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1157288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1158288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1159288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1160288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e950000 'C:\WINDOWS\system32\Wintrust.dll'
1161288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1162288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1163288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1164288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1165288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1166288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1167288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\system32\crypt32.dll'
1168288c.2744: SUPR3HardenedMain: Load TrustedMain...
1169288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
1170288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1171288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1172288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1173288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1174288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1175288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1176288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1177288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1178288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1179288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1180288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1181288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1182288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1183288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1184288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1185288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1186288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1187288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1188288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1189288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1190288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1191288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1192288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1193288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1194288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1195288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1196288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1197288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1198288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1199288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1200288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1201288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1202288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1203288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1204288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1205288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1206288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1207288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1208288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1209288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1210288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1211288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1212288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1213288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1214288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1215288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1216288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1217288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1218288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1219288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1220288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1221288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1222288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1223288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1224288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1225288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1226288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1227288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1228288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
1229288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
1230288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
1231288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1232288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1233288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1234288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1235288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1236288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1237288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1238288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1239288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1240288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1241288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1242288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1243288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1244288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1245288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1246288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1247288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1248288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
1249288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1250288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1251288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1252288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1253288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1254288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1255288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1256288c.2744: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1257288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1258288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1259288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1260288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1261288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1262288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1263288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1264288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1265288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1266288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1267288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1268288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1269288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
1270288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1271288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1272288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
1273288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1274288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1275288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1276288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1277288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1278288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1279288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1280288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1281288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1282288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1283288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1284288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1285288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1286288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1287288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1288288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1289288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1290288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1291288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1292288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1293288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1294288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
1295288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1296288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1297288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1298288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1299288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1300288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1301288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1302288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1303288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1304288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1305288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1306288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1307288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1308288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
1309288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1310288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1311288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1312288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1313288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1314288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1315288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1316288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1317288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1318288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1319288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1320288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1321288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1322288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1323288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1324288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1325288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1326288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1327288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1328288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1329288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1330288c.2744: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1331288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1332288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1333288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1334288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1335288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1336288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1337288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1338288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1339288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1340288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1341288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1342288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
1343288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
1344288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
1345288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1346288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1347288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1348288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1349288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1350288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1351288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1352288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1353288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1354288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1355288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1356288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1357288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1358288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1359288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1360288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1361288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1362288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1363288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1364288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1365288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1366288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1367288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1368288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1369288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1370288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1371288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1372288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1373288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1374288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1375288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1376288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1377288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1378288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1379288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1380288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
1381288c.2744: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1382288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1383288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1384288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1385288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1386288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1387288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1388288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1389288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1390288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1391288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1392288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1393288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1394288c.2744: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1395288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1396288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1397288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1398288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1399288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1400288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1401288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1402288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1403288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1404288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1405288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1406288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1407288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1408288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1409288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1410288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1411288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1412288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1413288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1414288c.2744: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1415288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1416288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1417288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1418288c.2744: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1419288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1420288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1421288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1422288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1423288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1424288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1425288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1426288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1427288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1428288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1429288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1430288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1431288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1432288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1433288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1434288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1435288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1436288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1437288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1438288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1439288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1440288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
1441288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1442288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1443288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1444288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1445288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1446288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1447288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1448288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1449288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1450288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1451288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1452288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1453288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1454288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1455288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1456288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1457288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1458288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1459288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1460288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1461288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1462288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1463288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1464288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1465288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1466288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1467288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1468288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1469288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1470288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1471288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1472288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1473288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1474288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1475288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1476288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1477288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1478288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1479288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1480288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1481288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1482288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1483288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1484288c.2744: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1485288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1486288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1487288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1488288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1489288c.2744: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1490288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1491288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1492288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1493288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1494288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1495288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1496288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1497288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1498288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1499288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1500288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
1501288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1502288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1503288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1504288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1505288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1506288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1507288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1508288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1509288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1510288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1511288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1512288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1513288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1514288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1515288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1516288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1517288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1518288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
1519288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
1520288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F14F1B7D8729223C0DB5ABA6EC95E5C5A3D6D1EC
1521288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1522288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1523288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1524288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1525288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1526288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1527288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1528288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1529288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1530288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1531288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1532288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1533288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1534288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1535288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1536288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1537288c.2744: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1538288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1539288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1540288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1541288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1542288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1543288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1544288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1545288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1546288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1547288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1548288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1549288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1550288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1551288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1552288c.2744: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1553288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1554288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1555288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1556288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1557288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1558288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1559288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1560288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1561288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1562288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1563288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1564288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e1c0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1565288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1566288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e330000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1567288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1568288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e220000 LB 0x00109000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1569288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1570288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1571288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1572288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1573288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1574288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1575288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1ff40000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1576288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1577288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20500000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1578288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1579288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1fa90000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1580288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1581288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbf6c40000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1582288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1583288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbf6d50000 LB 0x00125000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1584288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1585288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1ef50000 LB 0x00740000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1586288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1587288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20750000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1588288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1589288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0d600000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1590288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1591288c.2744: supR3HardenedDllNotificationCallback: load 0000000061a80000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1592288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1593288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbe6ef0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1594288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1595288c.2744: supR3HardenedDllNotificationCallback: load 0000000061510000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1596288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1597288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1f710000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1598288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1599288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbe74f0000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1600288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1601288c.2744: supR3HardenedDllNotificationCallback: load 0000000061340000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1602288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1603288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc16750000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1604288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1605288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbe02b0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1606288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1607288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1608288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1609288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1610288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1611288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1612288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1613288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1614288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1615288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1616288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1617288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1618288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1619288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1620288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1621288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1622288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1623288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1624288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1625288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1626288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1627288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1628288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1629288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1630288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1631288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1632288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1633288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1634288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1635288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1636288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1637288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1638288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1639288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1640288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1641288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1642288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1643288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1644288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1645288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1646288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1647288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1648288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1649288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\kernel32.dll'
1650288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1651288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1652288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1653288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1654288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1655288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1656288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1657288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1658288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1659288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1660288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1661288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1662288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1663288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1664288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1665288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1666288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1667288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1668288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1669288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1670288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1671288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1672288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1673288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1674288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1675288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1676288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1677288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1678288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1679288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1680288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1681288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1682288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1683288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1684288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1685288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1686288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1687288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1688288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1689288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1690288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1691288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1692288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-string-l1-1-0'
1693288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1694288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1695288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1696288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1697288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1698288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1699288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1700288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1701288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1702288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1703288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1704288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1705288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1706288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1707288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1708288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1709288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1710288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1711288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1712288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1713288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1714288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1715288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1716288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1717288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1718288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1719288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1720288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1721288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1722288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1723288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1724288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1725288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1726288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1727288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1728288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1729288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1730288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1731288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1732288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1733288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1734288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1735288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-datetime-l1-1-1'
1736288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1737288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1738288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1739288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1740288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1741288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1742288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1743288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1744288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1745288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1746288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1747288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1748288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1749288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1750288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1751288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1752288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1753288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1754288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1755288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1756288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1757288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1758288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1759288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1760288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1761288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1762288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1763288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1764288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1765288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1766288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1767288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1768288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1769288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1770288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1771288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1772288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1773288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1774288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1775288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1776288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1777288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1778288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-localization-obsolete-l1-2-0'
1779288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1780288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1781288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1782288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1783288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1784288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1785288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1786288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1787288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1788288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1789288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1790288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1791288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1792288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1793288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1794288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1795288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1796288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1797288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1798288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1799288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1800288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1801288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1802288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1803288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1804288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1805288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1806288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1807288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1808288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1809288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1810288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1811288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1812288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1813288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1814288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1815288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1816288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1817288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1818288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1819288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1820288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1821288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1822288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1823288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1824288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1825288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1826288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1827288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1828288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1829288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1830288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1831288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1832288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1833288c.2744: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1834288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1835288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1ff10000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1836288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1837288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ff10000 'C:\WINDOWS\system32\IMM32.DLL'
1838288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1839288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1840288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1841288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1842288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1843288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1844288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1845288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1846288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1847288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1848288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1849288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1850288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1851288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1852288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1853288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1854288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1855288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1856288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1857288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1858288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1859288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1860288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1861288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1862288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1863288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1864288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1865288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1866288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1867288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1868288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1869288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1870288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1871288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1872288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1873288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1874288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1875288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1876288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1877288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1878288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1879288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1880288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1881288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1882288c.2744: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
1883288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
1884288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1885288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1886288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1887288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1888288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1889288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1890288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1891288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1892288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1893288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1894288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1895288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1896288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1897288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1898288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1899288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1900288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1901288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1902288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1903288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1904288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1905288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1906288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1907288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1908288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc206a0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1909288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1910288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1911288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1912288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1913288c.2744: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1914288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1915288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1916288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1917288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1918288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1919288c.2744: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1920288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1921288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1922288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1923288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1924288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1925288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1926288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1927288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1928288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1929288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1930288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1931288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe02b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1932288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1933288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1934288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1935288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1936288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1937288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'
1938288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1939288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
1940288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
1941288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=087A92E70231A784DB8F333F449EAE73CA72A5AC
1942288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1943288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1944288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1945288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1946288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1947288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1948288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1949288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1950288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1951288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1952288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1953288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1954288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1955288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1956288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1957288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
1958288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1959288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1960288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1961288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1962288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1963288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1964288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1965288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1966288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
1967288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
1968288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
1969288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1970288c.2744: SUPR3HardenedMain: Calling TrustedMain (00007ffbe02b16c0)...
1971288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
1972288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
1973288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
1974288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1975288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1976288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1977288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wldp.dll)
1978288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wldp.dll
1979288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1db60000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
1980288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
1981288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1c2f0000 LB 0x00794000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
1982288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
1983288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20000000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
1984288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1985288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
1986288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1987288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1988288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1f7e0000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1989288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1990288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1991288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1992288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1993288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1994288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1995288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1996288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1997288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
1998288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1999288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2000288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2001288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2002288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
2003288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
2004288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [lacks WinVerifyTrust]
2005288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2006288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2007288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2008288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2009288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2010288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2011288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2012288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2013288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
2014288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2015288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2016288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
2017288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2018288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2019288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wldp.dll'
2020288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2021288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2022288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
2023288c.2744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
2024288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2025288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2026288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2027288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2028288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2029288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2030288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2031288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2032288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2033288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2034288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2035288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2036288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2037288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2038288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2039288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2040288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2041288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2042288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2043288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2044288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2045288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2046288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2047288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2048288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2049288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2050288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2051288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2052288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2053288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2054288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2055288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2056288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2057288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2058288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2059288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2060288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2061288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2062288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2063288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2064288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2065288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2066288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2067288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2068288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2069288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2070288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbec350000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2071288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2072288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbec350000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2073288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
2074288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2075288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
2076288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
2077288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1c0f0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
2078288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
2079288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2080288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2081288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2082288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2083288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2084288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2085288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
2086288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000630 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2087288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2088288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2089288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C36BDDBF70FC15AF1BBA02DB55AE15854E94AD
2090288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2091288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2092288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2093288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2094288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2095288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2096288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2097288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2098288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2099288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2100288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2101288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2102288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2103288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2104288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2105288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2106288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2107288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1bc30000 LB 0x0009f000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2108288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2109288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1bc30000 'C:\WINDOWS\system32\uxtheme.dll'
2110288c.2744: \Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Owner is administrators group.
2111288c.2744: \Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Signature #1/1: info status: 24202
2112288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2113288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'userenv.dll'.
2114288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
2115288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2116288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2117288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2118288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2119288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2120288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2121288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
2122288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
2123288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll) WinVerifyTrust
2124288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2125288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
2126288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
2127288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000062c pwszName=\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll
2128288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2129288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2130288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=187629DC2844D9E1AF452DC0877D442B83D147C2
2131288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2132288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2133288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2134288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2135288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll'
2136288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2137288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2138288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
2139288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
2140288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll) WinVerifyTrust
2141288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\GdiPlus.dll
2142288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2143288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2144288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2145288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2146288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2147288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2148288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2149288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2150288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2151288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2152288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2153288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2154288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2155288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2156288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2157288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2158288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2159288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2160288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2161288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2162288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2163288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2164288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2165288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2166288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2167288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2168288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2169288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2170288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2171288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2172288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
2173288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2174288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2175288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2176288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2177288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2178288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2179288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2180288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2181288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
2182288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2183288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2184288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2185288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2186288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2187288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2188288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2189288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2190288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
2191288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
2192288c.2744: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll)
2193288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll
2194288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1e0b0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
2195288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2196288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc19f40000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
2197288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2198288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc06990000 LB 0x001a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\gdiplus.dll [fFlags=0x0]
2199288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll [avoiding WinVerifyTrust]
2200288c.2744: supR3HardenedDllNotificationCallback: load 00007ffbf2f90000 LB 0x00153000 C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [fFlags=0x0]
2201288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2202288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2f90000 'C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll'
2203288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000057c pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll
2204288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2205288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2206288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=187629DC2844D9E1AF452DC0877D442B83D147C2
2207288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2208288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2209288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2210288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2211288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2212288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2213288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2214288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2215288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2216288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll'
2217288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2218288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.572_none_fae9a23b76193bbb\GdiPlus.dll'
2219288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20500000 'C:\WINDOWS\system32\user32.dll'
2220288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2221288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2222288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ef50000 'C:\WINDOWS\system32\shell32.dll'
2223288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2224288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2225288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20000000 'C:\WINDOWS\system32\SHCore.dll'
2226288c.2744: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2227288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2228288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2229288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2230288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\system32\winmm.dll'
2231288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2232288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2233288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\system32\winmm.dll'
2234288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2235288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2236288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ef50000 'C:\WINDOWS\system32\shell32.dll'
2237288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2238288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2239288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1bc30000 'C:\WINDOWS\system32\uxtheme.dll'
2240288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2241288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2242288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc206a0000 'C:\WINDOWS\system32\advapi32.dll'
2243288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2244288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2245288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e0b0000 'C:\WINDOWS\system32\userenv.dll'
2246288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2247288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2248288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\kernel32.dll'
2249288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1fe50000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2250288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2251288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2252288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2253288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2254288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2255288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2256288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2257288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2258288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2259288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2260288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2261288c.2f24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2262288c.2f24: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
2263288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2264288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2265288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2266288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2267288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2268288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2269288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2270288c.2f24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2271288c.2f24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2272288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2273288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2274288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2275288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2276288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2277288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2278288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2279288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2280288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2281288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2282288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2283288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2284288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2285288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2286288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2287288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2288288c.2f24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2289288c.2f24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2290288c.2f24: supR3HardenedDllNotificationCallback: load 00007ffbe6b30000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2291288c.2f24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2292288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6b30000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2293288c.2f24: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
2294288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2295288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2296288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2297288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2298288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2299288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2300288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2301288c.2f24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2302288c.2f24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2303288c.2f24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2304288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2305288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2306288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2307288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2308288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2309288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2310288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2311288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2312288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2313288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2314288c.2f24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2315288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2316288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2317288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2318288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2319288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2320288c.2f24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2321288c.2f24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2322288c.2f24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2323288c.2f24: supR3HardenedDllNotificationCallback: load 00007ffbec260000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2324288c.2f24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2325288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbec260000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2326288c.2f24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2327288c.2f24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2328288c.2f24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f710000 'C:\Windows\System32\oleaut32.dll'
2329288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ff40000 'C:\WINDOWS\system32\gdi32.dll'
2330288c.2134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2331288c.2134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2332288c.2134: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
2333288c.2134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2334288c.2134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2335288c.2134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2336288c.2134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2337288c.2134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2338288c.2134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2339288c.2134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2340288c.2134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2341288c.2134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2342288c.2134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2343288c.2134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2344288c.2134: supR3HardenedDllNotificationCallback: load 00007ffc09630000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2345288c.2134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2346288c.2134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09630000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2347288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2348288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2349288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ef50000 'C:\WINDOWS\system32\shell32.dll'
2350288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2351288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2352288c.2744: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2353288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
2354288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2355288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2356288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20a70000 'C:\WINDOWS\System32\ntdll.dll'
2357288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc20220000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2358288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2359288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2360288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
2361288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
2362288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
2363288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2364288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2365288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2366288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2367288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2368288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2369288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2370288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2371288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2372288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2373288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2374288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2375288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2376288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2377288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2378288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2379288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2380288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2381288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2382288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2383288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2384288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=783F5D82A4B979F1AE8853415E4264F3E2314DE6
2385288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2386288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2387288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2388288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2389288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2390288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
2391288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
2392288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2393288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2394288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2395288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2396288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2397288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2398288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2399288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2400288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2401288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2402288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2403288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2404288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2405288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2406288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2407288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2408288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2409288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2410288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2411288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2412288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2413288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
2414288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
2415288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2416288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2417288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2418288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2419288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2420288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2421288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2422288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2423288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2424288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2425288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2426288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2427288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2428288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll) WinVerifyTrust
2429288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2430288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2431288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2432288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2433288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2434288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2435288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2436288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2437288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2438288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2439288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2440288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2441288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2442288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1cad0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2443288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2444288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1a1f0000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2445288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2446288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1ae80000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2447288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2448288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc06900000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2449288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2450288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ff40000 'C:\WINDOWS\System32\gdi32.dll'
2451288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06900000 'C:\WINDOWS\system32\dataexchange.dll'
2452288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2453288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
2454288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
2455288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2456288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2457288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc18e20000 LB 0x00208000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2458288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2459288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2460288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2461288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2462288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2463288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2464288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2465288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2466288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2467288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2468288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2469288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2470288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2471288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2472288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2473288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20000000 'C:\WINDOWS\system32\Shcore.dll'
2474288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2475288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2476288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2477288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
2478288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
2479288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2480288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2481288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2482288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2483288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
2484288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
2485288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2486288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2487288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2488288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
2489288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2490288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2491288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2492288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2493288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2494288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2495288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2496288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2497288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2498288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1cec0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2499288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2500288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1b750000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2501288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2502288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1a090000 LB 0x00156000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2503288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2504288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc1b070000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2505288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2506288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0aad0000 LB 0x000fc000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
2507288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2508288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2509288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2510288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2511288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2512288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2513288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2514288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2515288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2516288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2517288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2518288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2519288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2520288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2521288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2522288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2523288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2524288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2525288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2526288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2527288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2528288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2529288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2530288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2531288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2532288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2533288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2534288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2535288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2536288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2537288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2538288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2539288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2540288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2541288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2542288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2543288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2544288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2545288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2546288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2547288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2548288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2549288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2550288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2551288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2552288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2553288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2554288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2555288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2556288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2557288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2558288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2559288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2560288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2561288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2562288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20500000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2563288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2564288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2565288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20500000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2566288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2567288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2568288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1fa90000 'api-ms-win-core-com-l1-1-0.dll'
2569288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2570288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2571288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20220000 'C:\WINDOWS\System32\MSCTF.dll'
2572288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20750000 'C:\WINDOWS\System32\ole32.dll'
2573288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f710000 'C:\WINDOWS\System32\OLEAUT32.dll'
2574288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000085c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2575288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2576288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2577288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=707DD50B09AF532CC60D811EEEFB525036D0EC3B
2578288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2579288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2580288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2581288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2582288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2583288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2584288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2585288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2586288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2587288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2588288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2589288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2590288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2591288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2592288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C300CB1A203662154729906A10B05CEE85D4742B
2593288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2594288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2595288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2596288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2597288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2598288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2599288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2600288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2601288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2602288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2603288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2604288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2605288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2606288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2607288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2608288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2609288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2610288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc109b0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2611288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2612288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0d990000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2613288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2614288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2615288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2616288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2617288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d990000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2618288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b18 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2619288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2620288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2621288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3CFF11F3C684911C4E61C8117C8CEB7CBDC749CB
2622288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2623288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2624288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2625288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2626288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2627288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2628288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2629288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2630288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2631288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2632288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2633288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2634288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2635288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2636288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0d5c0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2637288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2638288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d5c0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2639288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2640288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2641288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-localization-l1-2-0.dll'
2642288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2643288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2644288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2645288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2646288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2647288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2648288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
2649288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2650288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2651288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2652288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2653288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2654288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2655288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2656288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2657288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2658288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2659288c.2744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2660288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2661288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2662288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2663288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2664288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0d620000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2665288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2666288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d620000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2667288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b84 pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
2668288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2669288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2670288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97764CBC54D020522D3ED8BD2BBA1282B13A6320
2671288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2672288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2673288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
2674288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2675288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2676288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2677288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
2678288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
2679288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2680288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2681288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2682288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2683288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2684288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2685288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0cd10000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
2686288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2687288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0cd10000 'C:\WINDOWS\System32\amsi.dll'
2688288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2689288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2690288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
2691288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2692288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2693288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll) WinVerifyTrust
2694288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
2695288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2696288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2697288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2698288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2699288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2700288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2701288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2702288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
2703288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc0cc90000 LB 0x00079000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll [fFlags=0x0]
2704288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
2705288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2706288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2707288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-synch-l1-2-0'
2708288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2709288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2710288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-fibers-l1-1-1'
2711288c.2744: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
2712288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2713288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e680000 'api-ms-win-core-localization-l1-2-1'
2714288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2715288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2716288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\kernel32.dll'
2717288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
2718288c.2744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2719288c.2744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
2720288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2721288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2722288c.2744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2723288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2724288c.2744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
2725288c.2744: supR3HardenedDllNotificationCallback: load 00007ffc17e70000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
2726288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
2727288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17e70000 'C:\WINDOWS\system32\version.dll'
2728288c.2744: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
2729288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
2730288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0cc90000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll'
2731288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2732288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2733288c.2744: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
2734288c.2404: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
2735288c.2404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2736288c.2404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2737288c.2404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2738288c.2404: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2739288c.2404: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2740288c.2404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2741288c.2404: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2742288c.2404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2743288c.2404: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2744288c.2404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2745288c.2404: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2746288c.2404: supR3HardenedDllNotificationCallback: load 00007ffbdff30000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2747288c.2404: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2748288c.2404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdff30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2749288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2750288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c94 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2751288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2752288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2753288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C55CF6F88F96953426D647BA94686B330A7EFFC1
2754288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2755288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2756288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04111~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
2757288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2758288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2759288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2760288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
2761288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
2762288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
2763288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
2764288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
2765288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2766288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2767288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
2768288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
2769288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2770288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2771288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2772288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBF6397EB75AA0F0A1F00943D02D98D1F9C5BA
2773288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2774288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2775288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2776288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2777288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) WinVerifyTrust
2778288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2779288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2780288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2781288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2782288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2783288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2784288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
2785288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
2786288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
2787288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2788288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2789288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2790288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2791288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2792288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2793288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2794288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2795288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2796288c.25e8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
2797288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
2798288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2799288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2800288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2801288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2802288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2803288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2804288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2805288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2806288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2807288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2808288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2809288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2810288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2811288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2812288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2813288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2814288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2815288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2816288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2817288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2818288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2819288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2820288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2821288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2822288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2823288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2824288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2825288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2826288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2827288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1e530000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
2828288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
2829288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc15280000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2830288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2831288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1eae0000 LB 0x00467000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
2832288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2833288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc12e50000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
2834288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2835288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc12e70000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2836288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2837288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc12e70000 'C:\Windows\System32\NetSetupShim.dll'
2838288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2839288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2840288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2841288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2842288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2843288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2844288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
2845288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
2846288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
2847288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
2848288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2849288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2850288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2851288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2852288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2853288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2854288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2855288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2856288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2857288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2858288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2859288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2860288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2861288c.25e8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
2862288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2863288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2864288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2865288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2866288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2867288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2868288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
2869288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2870288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2871288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2872288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2873288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2874288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2875288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2876288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2877288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc20340000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2878288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
2879288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc18270000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2880288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2881288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbdfe60000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
2882288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2883288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfe60000 'C:\Windows\System32\NetSetupEngine.dll'
2884288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2885288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2886288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2887288c.2b68: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
2888288c.2b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2889288c.2b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2890288c.2b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2891288c.2b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2892288c.2b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2893288c.2b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2894288c.2b68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2895288c.2b68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2896288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2897288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2898288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2899288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2900288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2901288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2902288c.2b68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2903288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2904288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2905288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2906288c.2b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2907288c.2b68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2908288c.2b68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2909288c.2b68: supR3HardenedDllNotificationCallback: load 00007ffc09620000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2910288c.2b68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2911288c.2b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09620000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2912288c.1a0c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
2913288c.1a0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2914288c.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2915288c.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2916288c.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2917288c.1a0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2918288c.1a0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2919288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2920288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2921288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2922288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2923288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2924288c.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2925288c.1a0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2926288c.1a0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2927288c.1a0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2928288c.1a0c: supR3HardenedDllNotificationCallback: load 00007ffc09610000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2929288c.1a0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2930288c.1a0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09610000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2931288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ef50000 'C:\WINDOWS\system32\Shell32.dll'
2932288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2933288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2934288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdff30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2935288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
2936288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2937288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2938288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2939288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2940288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2941288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2942288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2943288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2944288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2945288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2946288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2947288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2948288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2949288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2950288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2951288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2952288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2953288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2954288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2955288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2956288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbebec0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2957288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2958288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebec0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2959288c.25e8: supR3HardenedDllNotificationCallback: Unload 00007ffbebec0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2960288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d3c pwszName=\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2961288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
2962288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
2963288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4C882F4212D993AB8CD1218452ADE578B4E8723
2964288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2965288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2966288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll'
2967288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2968288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
2969288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
2970288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2971288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
2972288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume2\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
2973288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2974288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
2975288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\vid.dll) WinVerifyTrust
2976288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\vid.dll
2977288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2978288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2979288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2980288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbfe9d0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
2981288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2982288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbf3490000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
2983288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2984288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3490000 'C:\WINDOWS\system32\WinHvPlatform.dll'
2985288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2986288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2987288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfe9d0000 'C:\WINDOWS\system32\vid.dll'
2988288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2989288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2990288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20a70000 'C:\WINDOWS\system32\NTDLL.DLL'
2991288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2992288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
2993288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
2994288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2995288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2996288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2997288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2998288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2999288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3000288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3001288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3002288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3003288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3004288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
3005288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3006288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3007288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3008288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3009288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3010288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
3011288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3012288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3013288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3014288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3015288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3016288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
3017288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3018288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3019288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3020288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3021288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3022288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3023288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3024288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
3025288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3026288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3027288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3028288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
3029288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3030288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3031288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3032288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
3033288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3034288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3035288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3036288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3037288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3038288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3039288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3040288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3041288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3042288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3043288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
3044288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3045288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3046288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3047288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3048288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3049288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3050288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3051288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3052288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3053288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3054288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3055288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3056288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3057288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3058288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3059288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3060288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3061288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3062288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3063288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3064288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3065288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3066288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3067288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3068288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbe6ac0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3069288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3070288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbdec10000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3071288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3072288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1d610000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
3073288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3074288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbdf470000 LB 0x009e7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3075288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3076288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdf470000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
3077288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3078288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3079288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3080288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3081288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbebec0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
3082288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3083288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebec0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
3084288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3085288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
3086288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3087288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6b30000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
3088288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3089288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3090288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3091288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdec10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
3092288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3093288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
3094288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3095288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3096288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3097288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
3098288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3099288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3100288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3101288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3102288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3103288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3104288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3105288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbf7510000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
3106288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3107288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7510000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
3108288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3109288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
3110288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3111288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3112288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3113288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
3114288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3115288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3116288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3117288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3118288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3119288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3120288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3121288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbf6ab0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
3122288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3123288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6ab0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
3124288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3125288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
3126288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3127288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3128288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3129288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
3130288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3131288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3132288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3133288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3134288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3135288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3136288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3137288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbf2b20000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
3138288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3139288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2b20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
3140288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3141288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
3142288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3143288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3144288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3145288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
3146288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3147288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3148288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3149288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3150288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3151288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3152288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3153288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbef180000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3154288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3155288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbef180000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
3156288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3157288c.fcc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
3158288c.fcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3159288c.fcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3160288c.fcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3161288c.fcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3162288c.fcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3163288c.fcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3164288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3165288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3166288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3167288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3168288c.fcc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3169288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3170288c.fcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3171288c.fcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3172288c.fcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3173288c.fcc: supR3HardenedDllNotificationCallback: load 00007ffbef160000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3174288c.fcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3175288c.fcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbef160000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3176288c.24b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
3177288c.24b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3178288c.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3179288c.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3180288c.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3181288c.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3182288c.24b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3183288c.24b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3184288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3185288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3186288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3187288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3188288c.24b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3189288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3190288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3191288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3192288c.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3193288c.24b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3194288c.24b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3195288c.24b8: supR3HardenedDllNotificationCallback: load 00007ffc095e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3196288c.24b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3197288c.24b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc095e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3198288c.1b58: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
3199288c.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
3200288c.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3201288c.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3202288c.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3203288c.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3204288c.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3205288c.1b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3206288c.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3207288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3208288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3209288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3210288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3211288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3212288c.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3213288c.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3214288c.1b58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3215288c.1b58: supR3HardenedDllNotificationCallback: load 00007ffc06940000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3216288c.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3217288c.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06940000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3218288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3219288c.25e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
3220288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3221288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3222288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3223288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3224288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3225288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3226288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3227288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3228288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3229288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3230288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3231288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc19f10000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3232288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3233288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc19f10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
3234288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3235288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3236288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3237288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3238288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3239288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3240288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3241288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3242288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3243288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3244288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3245288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3246288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
3247288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
3248288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3249288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3250288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3251288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3252288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
3253288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3254288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3255288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
3256288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3257288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3258288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3259288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1df70000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3260288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3261288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc17ff0000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3262288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3263288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ff0000 'C:\WINDOWS\System32\MMDevApi.dll'
3264288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe8 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
3265288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
3266288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
3267288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
3268288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3269288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3270288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
3271288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3272288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3273288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
3274288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
3275288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3276288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3277288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3278288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3279288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3280288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
3281288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3282288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3283288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
3284288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
3285288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1d780000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
3286288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
3287288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc14410000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
3288288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
3289288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbf6e80000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3290288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3291288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll)
3292288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll
3293288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1d5f0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
3294288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
3295288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
3296288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
3297288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
3298288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
3299288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
3300288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
3301288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3302288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3303288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3304288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3305288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3306288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3307288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6e80000 'C:\WINDOWS\System32\dsound.dll'
3308288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
3309288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
3310288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
3311288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
3312288c.25e8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
3313288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
3314288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6e80000 'C:\WINDOWS\System32\dsound.dll'
3315288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3316288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3317288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'
3318288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3319288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3320288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
3321288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3322288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3323288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
3324288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3325288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3326288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6e80000 'C:\WINDOWS\system32\dsound.dll'
3327288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3328288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3329288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17ff0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3330288c.2fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3331288c.2fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3332288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3333288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3334288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3335288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3336288c.2fc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3337288c.2fc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3338288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3339288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3340288c.2fc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3341288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3342288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3343288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3344288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3345288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3346288c.2fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3347288c.2fc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3348288c.2fc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3349288c.2fc0: supR3HardenedDllNotificationCallback: load 00007ffc18090000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3350288c.2fc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3351288c.2fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18090000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3352288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3353288c.2fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3354288c.2fc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll)
3355288c.2fc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll
3356288c.2fc0: supR3HardenedDllNotificationCallback: load 00007ffc1bd10000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
3357288c.2fc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
3358288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3359288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3360288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3361288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3362288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3363288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3364288c.25e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll'
3365288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3366288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3367288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3368288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b4 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3369288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
3370288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
3371288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
3372288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3373288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3374288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3375288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3376288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3377288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3378288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
3379288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
3380288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3381288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3382288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3383288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3384288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3385288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3386288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3387288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3388288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3389288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3390288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3391288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3392288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3393288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3394288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3395288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3396288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3397288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3398288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3399288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3400288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3401288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3402288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3403288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3404288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3405288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3406288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbd8650000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3407288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3408288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc198f0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3409288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3410288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbd8660000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3411288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3412288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3413288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3414288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3415288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3416288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3417288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3418288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3419288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3420288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3421288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3422288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3423288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3424288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3425288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3426288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3427288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3428288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3429288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3430288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3431288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3432288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3433288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3434288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8660000 'C:\WINDOWS\System32\wdmaud.drv'
3435288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3436288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
3437288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
3438288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F871EA11D693E9807F8DF13D54497BA0E40D30AB
3439288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3440288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3441288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3442288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3443288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3444288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3445288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3446288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3447288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3448288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3449288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3450288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3451288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3452288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3453288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3454288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3455288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3456288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3457288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3458288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3459288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3460288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3461288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3462288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3463288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3464288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3465288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbd8620000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3466288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3467288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbd8640000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3468288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3469288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3470288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3471288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3472288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3473288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3474288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3475288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3476288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3477288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3478288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3479288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3480288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3481288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3482288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3483288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3484288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3485288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3486288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3487288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3488288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3489288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3490288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8640000 'C:\WINDOWS\System32\msacm32.drv'
3491288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d8 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3492288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
3493288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
3494288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B1E0F68F4DF584853FE4112795D7092EFE15F7D
3495288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3496288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3497288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3498288c.25e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3499288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3500288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
3501288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3502288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3503288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3504288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3505288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
3506288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3507288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3508288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3509288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3510288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbd8610000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3511288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3512288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8610000 'C:\WINDOWS\System32\midimap.dll'
3513288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3514288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3515288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8610000 'C:\WINDOWS\System32\midimap.dll'
3516288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3517288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3518288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8610000 'C:\WINDOWS\System32\midimap.dll'
3519288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3520288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3521288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8610000 'C:\WINDOWS\System32\midimap.dll'
3522288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3523288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3524288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3525288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3526288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3527288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3528288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3529288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3530288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3531288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3532288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3533288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3534288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3535288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3536288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3537288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3538288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3539288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3540288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3541288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6e80000 'C:\WINDOWS\system32\dsound.dll'
3542288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3543288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3544288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3545288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3546288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3547288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16750000 'C:\WINDOWS\System32\winmm.dll'
3548288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3549288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3550288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3551288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3552288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3553288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
3554288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
3555288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
3556288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d9.dll) WinVerifyTrust
3557288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3558288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
3559288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
3560288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3561288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3562288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3563288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
3564288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
3565288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
3566288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
3567288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3568288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3569288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3570288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3571288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3572288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3573288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3574288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3575288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3576288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3577288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3578288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3579288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3580288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3581288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3582288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3583288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3584288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3585288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3586288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3587288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc1be00000 LB 0x0002f000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
3588288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3589288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbdea40000 LB 0x001ce000 C:\WINDOWS\system32\d3d9.dll [fFlags=0x0]
3590288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3591288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdea40000 'C:\WINDOWS\system32\d3d9.dll'
3592288c.25e8: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll: Owner is administrators group.
3593288c.25e8: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll: Signature #1/2: info status: 24202
3594288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3595288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3596288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3597288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3598288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
3599288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
3600288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\aticfx64.dll) WinVerifyTrust
3601288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
3602288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3603288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3604288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3605288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3606288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3607288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3608288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3609288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3610288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3611288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3612288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
3613288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffc16440000 LB 0x00167000 C:\WINDOWS\System32\aticfx64.dll [fFlags=0x0]
3614288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
3615288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16440000 'C:\WINDOWS\System32\aticfx64.dll'
3616288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3617288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3618288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1be00000 'C:\WINDOWS\System32\dwmapi.dll'
3619288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll: Owner is administrators group.
3620288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll: Signature #1/2: info status: 24202
3621288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3622288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3623288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
3624288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3625288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiu9p64.dll) WinVerifyTrust
3626288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3627288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3628288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3629288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3630288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3631288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3632288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiu9p64.dll (Input=atiu9p64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3633288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3634288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbe2eb0000 LB 0x00021000 C:\WINDOWS\System32\atiu9p64.dll [fFlags=0x0]
3635288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3636288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2eb0000 'C:\WINDOWS\System32\atiu9p64.dll'
3637288c.25e8: supR3HardenedDllNotificationCallback: Unload 00007ffbe2eb0000 LB 0x00021000 C:\WINDOWS\System32\atiu9p64.dll [flags=0x0]
3638288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3639288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiu9p64.dll (Input=atiu9p64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3640288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3641288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbe2eb0000 LB 0x00021000 C:\WINDOWS\System32\atiu9p64.dll [fFlags=0x0]
3642288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3643288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2eb0000 'C:\WINDOWS\System32\atiu9p64.dll'
3644288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3645288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3646288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\Kernel32.dll'
3647288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiumd64.dll: Owner is administrators group.
3648288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiumd64.dll: Signature #1/2: info status: 24202
3649288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3650288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3651288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
3652288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiumd64.dll) WinVerifyTrust
3653288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiumd64.dll
3654288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3655288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3656288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiumd64.dll (Input=atiumd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3657288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd64.dll
3658288c.25e8: supR3HardenedDllNotificationCallback: load 00007ffbde1e0000 LB 0x00859000 C:\WINDOWS\System32\atiumd64.dll [fFlags=0x0]
3659288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd64.dll
3660288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde1e0000 'C:\WINDOWS\System32\atiumd64.dll'
3661288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll: Owner is administrators group.
3662288c.25e8: \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll: Signature #1/2: info status: 24202
3663288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1d290000 'C:\WINDOWS\system32\rsaenh.dll'
3664288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\crypt32.dll'
3665288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'powrprof.dll'.
3666288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3667288c.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3668288c.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiumd6a.dll) WinVerifyTrust
3669288c.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll
3670288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3671288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3672288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3673288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3674288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
3675288c.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
3676288c.25e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3677288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiumd6a.dll (Input=atiumd6a.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3678288c.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll
3679288c.25e8: supR3HardenedDllNotificationCallback: load 0000000060ab0000 LB 0x00888000 C:\WINDOWS\System32\atiumd6a.dll [fFlags=0x0]
3680288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll
3681288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000060ab0000 'C:\WINDOWS\System32\atiumd6a.dll'
3682288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3683288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3684288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1be00000 'C:\WINDOWS\System32\dwmapi.dll'
3685288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
3686288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3687288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16440000 'C:\WINDOWS\System32\aticfx64.dll'
3688288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3689288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3690288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1be00000 'C:\WINDOWS\System32\dwmapi.dll'
3691288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3692288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiu9p64.dll (Input=atiu9p64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3693288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2eb0000 'C:\WINDOWS\System32\atiu9p64.dll'
3694288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiu9p64.dll
3695288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiu9p64.dll (Input=atiu9p64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3696288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2eb0000 'C:\WINDOWS\System32\atiu9p64.dll'
3697288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3698288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3699288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20440000 'C:\WINDOWS\System32\Kernel32.dll'
3700288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd64.dll
3701288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiumd64.dll (Input=atiumd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3702288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbde1e0000 'C:\WINDOWS\System32\atiumd64.dll'
3703288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiumd6a.dll
3704288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\atiumd6a.dll (Input=atiumd6a.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3705288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000060ab0000 'C:\WINDOWS\System32\atiumd6a.dll'
3706288c.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3707288c.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3708288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1be00000 'C:\WINDOWS\System32\dwmapi.dll'
3709288c.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ff40000 'C:\WINDOWS\System32\gdi32.dll'
3710288c.2744: \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll: Owner is administrators group.
3711288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b44 pwszName=\Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3712288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000cac0e0
3713288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000cac0e0
3714288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
3715288c.2744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3716288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e950000 'C:\WINDOWS\System32\WINTRUST.DLL'
3717288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\CRYPT32.dll'
3718288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87061C05A64A07F05CD77D7A4F6712DD98A89637
3719288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
3720288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014ede10
3721288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014ede10
3722288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87061C05A64A07F05CD77D7A4F6712DD98A89637
3723288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
3724288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014edb10
3725288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014edb10
3726288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4A6D186447DC27CB1CD8DA6D5B22D4B39526064FA056F11E815A96F0A5429E30
3727288c.2744: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
3728288c.2744: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
3729288c.2744: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll) WinVerifyTrust
3730288c.2744: Error (rc=0):
3731288c.2744: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll: Not signed.
3732288c.2744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3733288c.2744: Error (rc=0):
3734288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3735288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3736288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3737288c.2744: Error (rc=0):
3738288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3739288c.2744: Error (rc=0):
3740288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3741288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3742288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3743288c.2744: Error (rc=0):
3744288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3745288c.2744: Error (rc=0):
3746288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3747288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3748288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3749288c.2744: Error (rc=0):
3750288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3751288c.2744: Error (rc=0):
3752288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3753288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3754288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3755288c.2744: Error (rc=0):
3756288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3757288c.2744: Error (rc=0):
3758288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3759288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3760288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3761288c.2744: Error (rc=0):
3762288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3763288c.2744: Error (rc=0):
3764288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3765288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3766288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3767288c.2744: Error (rc=0):
3768288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3769288c.2744: Error (rc=0):
3770288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3771288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3772288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3773288c.2744: Error (rc=0):
3774288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3775288c.2744: Error (rc=0):
3776288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3777288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3778288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3779288c.2744: Error (rc=0):
3780288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3781288c.2744: Error (rc=0):
3782288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3783288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3784288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3785288c.2744: Error (rc=0):
3786288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3787288c.2744: Error (rc=0):
3788288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3789288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'
3790288c.2744: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3791288c.2744: Error (rc=0):
3792288c.2744: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files (x86)\Workrave\lib\harpoon64.dll
3793288c.2744: Error (rc=0):
3794288c.2744: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll' (C:\Program Files (x86)\Workrave\lib\harpoon64.dll): rcNt=0xc0000190
3795288c.2744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Workrave\lib\harpoon64.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy