VirtualBox

Ticket #20019: VBoxHardening.log

File VBoxHardening.log, 395.2 KB (added by alpercelerce, 4 years ago)
Line 
117e0.128c: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
217e0.128c: \SystemRoot\System32\ntdll.dll:
317e0.128c: CreationTime: 2020-10-30T14:28:55.076467000Z
417e0.128c: LastWriteTime: 2020-10-30T14:28:55.123331800Z
517e0.128c: ChangeTime: 2020-10-30T14:32:01.953859400Z
617e0.128c: FileAttributes: 0x20
717e0.128c: Size: 0x1ee338
817e0.128c: NT Headers: 0xe8
917e0.128c: Timestamp: 0xe5d7ed5c
1017e0.128c: Machine: 0x8664 - amd64
1117e0.128c: Timestamp: 0xe5d7ed5c
1217e0.128c: Image Version: 10.0
1317e0.128c: SizeOfImage: 0x1f6000 (2056192)
1417e0.128c: Resource Dir: 0x185000 LB 0x6fd28
1517e0.128c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1617e0.128c: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1717e0.128c: ProductName: Microsoft® Windows® Operating System
1817e0.128c: ProductVersion: 10.0.19041.610
1917e0.128c: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
2017e0.128c: FileDescription: NT Layer DLL
2117e0.128c: \SystemRoot\System32\kernel32.dll:
2217e0.128c: CreationTime: 2020-10-09T20:43:36.889408100Z
2317e0.128c: LastWriteTime: 2020-10-09T20:43:36.905042700Z
2417e0.128c: ChangeTime: 2020-10-30T14:29:40.373872500Z
2517e0.128c: FileAttributes: 0x20
2617e0.128c: Size: 0xbac30
2717e0.128c: NT Headers: 0xe8
2817e0.128c: Timestamp: 0x2f7cc9b6
2917e0.128c: Machine: 0x8664 - amd64
3017e0.128c: Timestamp: 0x2f7cc9b6
3117e0.128c: Image Version: 10.0
3217e0.128c: SizeOfImage: 0xbd000 (774144)
3317e0.128c: Resource Dir: 0xbb000 LB 0x520
3417e0.128c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3517e0.128c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3617e0.128c: ProductName: Microsoft® Windows® Operating System
3717e0.128c: ProductVersion: 10.0.19041.546
3817e0.128c: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
3917e0.128c: FileDescription: Windows NT BASE API Client DLL
4017e0.128c: \SystemRoot\System32\KernelBase.dll:
4117e0.128c: CreationTime: 2020-10-09T20:44:02.553372400Z
4217e0.128c: LastWriteTime: 2020-10-09T20:44:02.584631100Z
4317e0.128c: ChangeTime: 2020-10-30T14:29:40.483248700Z
4417e0.128c: FileAttributes: 0x20
4517e0.128c: Size: 0x2c8f70
4617e0.128c: NT Headers: 0xf0
4717e0.128c: Timestamp: 0x1183946c
4817e0.128c: Machine: 0x8664 - amd64
4917e0.128c: Timestamp: 0x1183946c
5017e0.128c: Image Version: 10.0
5117e0.128c: SizeOfImage: 0x2c8000 (2916352)
5217e0.128c: Resource Dir: 0x29f000 LB 0x548
5317e0.128c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5417e0.128c: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5517e0.128c: ProductName: Microsoft® Windows® Operating System
5617e0.128c: ProductVersion: 10.0.19041.572
5717e0.128c: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
5817e0.128c: FileDescription: Windows NT BASE API Client DLL
5917e0.128c: \SystemRoot\System32\apisetschema.dll:
6017e0.128c: CreationTime: 2019-12-07T09:08:13.518339400Z
6117e0.128c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
6217e0.128c: ChangeTime: 2020-10-30T14:29:40.358245400Z
6317e0.128c: FileAttributes: 0x20
6417e0.128c: Size: 0x1f538
6517e0.128c: NT Headers: 0xd0
6617e0.128c: Timestamp: 0x31288ce0
6717e0.128c: Machine: 0x8664 - amd64
6817e0.128c: Timestamp: 0x31288ce0
6917e0.128c: Image Version: 10.0
7017e0.128c: SizeOfImage: 0x20000 (131072)
7117e0.128c: Resource Dir: 0x1f000 LB 0x408
7217e0.128c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7317e0.128c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7417e0.128c: ProductName: Microsoft® Windows® Operating System
7517e0.128c: ProductVersion: 10.0.19041.1
7617e0.128c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7717e0.128c: FileDescription: ApiSet Schema DLL
7817e0.128c: supR3HardenedWinFindAdversaries: 0x0
7917e0.128c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8017e0.128c: Calling main()
8117e0.128c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8217e0.128c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8317e0.128c: SUPR3HardenedMain: Respawn #1
8417e0.128c: System32: \Device\HarddiskVolume2\Windows\System32
8517e0.128c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
8617e0.128c: KnownDllPath: C:\windows\System32
8717e0.128c: supR3HardenedWinInit: Performing a limited self purification...
8817e0.128c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
8917e0.128c: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000
9017e0.128c: *0000000000b20000-0000000000b2ffff 0x0004/0x0004 0x0040000
9117e0.128c: 0000000000b30000-0000000000b3ffff 0x0001/0x0000 0x0000000
9217e0.128c: *0000000000b40000-0000000000b5cfff 0x0002/0x0002 0x0040000
9317e0.128c: 0000000000b5d000-0000000000b5ffff 0x0001/0x0000 0x0000000
9417e0.128c: *0000000000b60000-0000000000b63fff 0x0002/0x0002 0x0040000
9517e0.128c: 0000000000b64000-0000000000b6ffff 0x0001/0x0000 0x0000000
9617e0.128c: *0000000000b70000-0000000000b71fff 0x0004/0x0004 0x0020000
9717e0.128c: 0000000000b72000-0000000000b7ffff 0x0001/0x0000 0x0000000
9817e0.128c: *0000000000b80000-0000000000b81fff 0x0004/0x0004 0x0020000
9917e0.128c: 0000000000b82000-0000000000be1fff 0x0000/0x0004 0x0020000
10017e0.128c: 0000000000be2000-0000000000bfffff 0x0001/0x0000 0x0000000
10117e0.128c: *0000000000c00000-0000000000c3efff 0x0000/0x0004 0x0020000
10217e0.128c: 0000000000c3f000-0000000000c41fff 0x0004/0x0004 0x0020000
10317e0.128c: 0000000000c42000-0000000000dfffff 0x0000/0x0004 0x0020000
10417e0.128c: *0000000000e00000-0000000000eb8fff 0x0000/0x0004 0x0020000
10517e0.128c: 0000000000eb9000-0000000000ebbfff 0x0104/0x0004 0x0020000
10617e0.128c: 0000000000ebc000-0000000000efffff 0x0004/0x0004 0x0020000
10717e0.128c: *0000000000f00000-0000000000fc8fff 0x0002/0x0002 0x0040000
10817e0.128c: 0000000000fc9000-000000000104ffff 0x0001/0x0000 0x0000000
10917e0.128c: *0000000001050000-0000000001054fff 0x0004/0x0004 0x0020000
11017e0.128c: 0000000001055000-000000000114ffff 0x0000/0x0004 0x0020000
11117e0.128c: 0000000001150000-00000000011effff 0x0001/0x0000 0x0000000
11217e0.128c: *00000000011f0000-00000000011fefff 0x0004/0x0004 0x0020000
11317e0.128c: 00000000011ff000-00000000011fffff 0x0000/0x0004 0x0020000
11417e0.128c: *0000000001200000-000000000120afff 0x0000/0x0004 0x0020000
11517e0.128c: 000000000120b000-0000000001401fff 0x0004/0x0004 0x0020000
11617e0.128c: 0000000001402000-0000000001402fff 0x0000/0x0004 0x0020000
11717e0.128c: 0000000001403000-000000000140ffff 0x0001/0x0000 0x0000000
11817e0.128c: *0000000001410000-000000000142cfff 0x0004/0x0004 0x0020000
11917e0.128c: 000000000142d000-000000000150ffff 0x0000/0x0004 0x0020000
12017e0.128c: 0000000001510000-000000007ffdffff 0x0001/0x0000 0x0000000
12117e0.128c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
12217e0.128c: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
12317e0.128c: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
12417e0.128c: 000000007ffec000-00007ff4ae36ffff 0x0001/0x0000 0x0000000
12517e0.128c: *00007ff4ae370000-00007ff4ae374fff 0x0002/0x0002 0x0040000
12617e0.128c: 00007ff4ae375000-00007ff4ae46ffff 0x0000/0x0002 0x0040000
12717e0.128c: *00007ff4ae470000-00007ff5ae48ffff 0x0000/0x0004 0x0020000
12817e0.128c: *00007ff5ae490000-00007ff5b048ffff 0x0000/0x0004 0x0020000
12917e0.128c: 00007ff5b0490000-00007ff5b0490fff 0x0004/0x0004 0x0020000
13017e0.128c: 00007ff5b0491000-00007ff5b049ffff 0x0001/0x0000 0x0000000
13117e0.128c: *00007ff5b04a0000-00007ff5b04a0fff 0x0002/0x0002 0x0040000
13217e0.128c: 00007ff5b04a1000-00007ff5b04affff 0x0001/0x0000 0x0000000
13317e0.128c: *00007ff5b04b0000-00007ff5b04d2fff 0x0002/0x0002 0x0040000
13417e0.128c: 00007ff5b04d3000-00007ff666c2ffff 0x0001/0x0000 0x0000000
13517e0.128c: *00007ff666c30000-00007ff666c30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13617e0.128c: 00007ff666c31000-00007ff666ca7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13717e0.128c: 00007ff666ca8000-00007ff666ca8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13817e0.128c: 00007ff666ca9000-00007ff666cf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13917e0.128c: 00007ff666cf2000-00007ff666cf4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14017e0.128c: 00007ff666cf5000-00007ff666cf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14117e0.128c: 00007ff666cf8000-00007ff666cfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14217e0.128c: 00007ff666cfb000-00007ff666cfbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14317e0.128c: 00007ff666cfc000-00007ff666cfdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14417e0.128c: 00007ff666cfe000-00007ff666cfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14517e0.128c: 00007ff666cff000-00007ff666d47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14617e0.128c: 00007ff666d48000-00007ffb0afdffff 0x0001/0x0000 0x0000000
14717e0.128c: *00007ffb0afe0000-00007ffb0afe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
14817e0.128c: 00007ffb0afe1000-00007ffb0b0f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
14917e0.128c: 00007ffb0b0f2000-00007ffb0b269fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15017e0.128c: 00007ffb0b26a000-00007ffb0b26dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15117e0.128c: 00007ffb0b26e000-00007ffb0b26efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15217e0.128c: 00007ffb0b26f000-00007ffb0b2a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15317e0.128c: 00007ffb0b2a8000-00007ffb0c7effff 0x0001/0x0000 0x0000000
15417e0.128c: *00007ffb0c7f0000-00007ffb0c7f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15517e0.128c: 00007ffb0c7f1000-00007ffb0c86efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15617e0.128c: 00007ffb0c86f000-00007ffb0c8a1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15717e0.128c: 00007ffb0c8a2000-00007ffb0c8a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15817e0.128c: 00007ffb0c8a3000-00007ffb0c8a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15917e0.128c: 00007ffb0c8a4000-00007ffb0c8acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16017e0.128c: 00007ffb0c8ad000-00007ffb0d76ffff 0x0001/0x0000 0x0000000
16117e0.128c: *00007ffb0d770000-00007ffb0d770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16217e0.128c: 00007ffb0d771000-00007ffb0d88bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16317e0.128c: 00007ffb0d88c000-00007ffb0d8d4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16417e0.128c: 00007ffb0d8d5000-00007ffb0d8d5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16517e0.128c: 00007ffb0d8d6000-00007ffb0d8d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16617e0.128c: 00007ffb0d8d8000-00007ffb0d8e0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16717e0.128c: 00007ffb0d8e1000-00007ffb0d965fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
16817e0.128c: 00007ffb0d966000-00007ffffffeffff 0x0001/0x0000 0x0000000
16917e0.128c: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
17017e0.128c: kernelbase.dll: timestamp 0x1183946c (rc=VINF_SUCCESS)
17117e0.128c: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
17217e0.128c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
17317e0.128c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
17417e0.128c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
17517e0.128c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
17617e0.128c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
17717e0.128c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
17817e0.128c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
17917e0.128c: supR3HardNtEnableThreadCreationEx:
18017e0.128c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb0d7e4760 pvNtTerminateThread=00007ffb0d80c7f0
18117e0.128c: supR3HardenedWinDoReSpawn(1): New child 16ec.9f8 [kernel32].
18217e0.128c: supR3HardNtChildGatherData: PebBaseAddress=0000000000bc7000 cbPeb=0x388
18317e0.128c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb0d770000 uNtDllChildAddr=00007ffb0d770000
18417e0.128c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb0d7e4760
18517e0.128c: supR3HardenedWinSetupChildInit: Initial context:
186 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff666c37900 rdx=0000000000bc7000
187 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
188 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
189 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
190 rip=00007ffb0d7bcea0 rsp=000000000099fdc8 rbp=0000000000000000 ctxflags=0010001b
191 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
192 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
193 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
194 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
195 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
19617e0.128c: supR3HardenedWinSetupChildInit: Start child.
19717e0.128c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
19817e0.128c: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 30 sleeps
19917e0.128c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
20017e0.128c: *0000000000000000-000000000085ffff 0x0001/0x0000 0x0000000
20117e0.128c: *0000000000860000-000000000087ffff 0x0004/0x0004 0x0020000
20217e0.128c: *0000000000880000-000000000089cfff 0x0002/0x0002 0x0040000
20317e0.128c: 000000000089d000-000000000089ffff 0x0001/0x0000 0x0000000
20417e0.128c: *00000000008a0000-000000000099afff 0x0000/0x0004 0x0020000
20517e0.128c: 000000000099b000-000000000099dfff 0x0104/0x0004 0x0020000
20617e0.128c: 000000000099e000-000000000099ffff 0x0004/0x0004 0x0020000
20717e0.128c: *00000000009a0000-00000000009a3fff 0x0002/0x0002 0x0040000
20817e0.128c: 00000000009a4000-00000000009affff 0x0001/0x0000 0x0000000
20917e0.128c: *00000000009b0000-00000000009b1fff 0x0004/0x0004 0x0020000
21017e0.128c: 00000000009b2000-00000000009fffff 0x0001/0x0000 0x0000000
21117e0.128c: *0000000000a00000-0000000000bc6fff 0x0000/0x0004 0x0020000
21217e0.128c: 0000000000bc7000-0000000000bc9fff 0x0004/0x0004 0x0020000
21317e0.128c: 0000000000bca000-0000000000bfffff 0x0000/0x0004 0x0020000
21417e0.128c: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
21517e0.128c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
21617e0.128c: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
21717e0.128c: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
21817e0.128c: 000000007ffec000-00007ff53ff2ffff 0x0001/0x0000 0x0000000
21917e0.128c: *00007ff53ff30000-00007ff53ff30fff 0x0002/0x0002 0x0040000
22017e0.128c: 00007ff53ff31000-00007ff53ff3ffff 0x0001/0x0000 0x0000000
22117e0.128c: *00007ff53ff40000-00007ff53ff62fff 0x0002/0x0002 0x0040000
22217e0.128c: 00007ff53ff63000-00007ff666c2ffff 0x0001/0x0000 0x0000000
22317e0.128c: *00007ff666c30000-00007ff666c30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22417e0.128c: 00007ff666c31000-00007ff666ca7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22517e0.128c: 00007ff666ca8000-00007ff666ca8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22617e0.128c: 00007ff666ca9000-00007ff666cf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22717e0.128c: 00007ff666cf2000-00007ff666cf2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22817e0.128c: 00007ff666cf3000-00007ff666cf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
22917e0.128c: 00007ff666cf4000-00007ff666cf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
23017e0.128c: 00007ff666cf9000-00007ff666cf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
23117e0.128c: 00007ff666cfa000-00007ff666cfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
23217e0.128c: 00007ff666cfb000-00007ff666cfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
23317e0.128c: 00007ff666cff000-00007ff666d47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
23417e0.128c: 00007ff666d48000-00007ffb0d76ffff 0x0001/0x0000 0x0000000
23517e0.128c: *00007ffb0d770000-00007ffb0d770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23617e0.128c: 00007ffb0d771000-00007ffb0d88bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23717e0.128c: 00007ffb0d88c000-00007ffb0d8d4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23817e0.128c: 00007ffb0d8d5000-00007ffb0d8e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
23917e0.128c: 00007ffb0d8e1000-00007ffb0d8effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24017e0.128c: 00007ffb0d8f0000-00007ffb0d8f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24117e0.128c: 00007ffb0d8f1000-00007ffb0d8f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24217e0.128c: 00007ffb0d8f4000-00007ffb0d965fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24317e0.128c: 00007ffb0d966000-00007ffffffeffff 0x0001/0x0000 0x0000000
24417e0.128c: supR3HardNtChildPurify: Done after 266 ms and 0 fixes (loop #0).
24516ec.9f8: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
24616ec.9f8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb0d770000 g_uNtVerCombined=0xa04a6200 (stack ~000000000099f858)
24716ec.9f8: ntdll.dll: timestamp 0xe5d7ed5c (rc=VINF_SUCCESS)
24816ec.9f8: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2056192 allocation)
24917e0.128c: supR3HardNtEnableThreadCreationEx:
25016ec.9f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
25116ec.9f8: System32: \Device\HarddiskVolume2\Windows\System32
25216ec.9f8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
25316ec.9f8: KnownDllPath: C:\windows\System32
25416ec.9f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
25516ec.9f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
25616ec.9f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
25716ec.9f8: Registered Dll notification callback with NTDLL.
25816ec.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
25916ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
26016ec.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
26116ec.9f8: supR3HardenedDllNotificationCallback: load 00007ffb0afe0000 LB 0x002c8000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
26216ec.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
26316ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
26416ec.9f8: supR3HardenedDllNotificationCallback: load 00007ffb0c7f0000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
26516ec.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
26616ec.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\KERNEL32.DLL'
26716ec.9f8: supR3HardenedDllNotificationCallback: load 00007ff666c30000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
26816ec.9f8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
26916ec.9f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
27016ec.9f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
27116ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27216ec.9f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb0d7e4760 pvNtTerminateThread=00007ffb0d80c7f0
27317e0.128c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 117 ms.
27416ec.9f8: \SystemRoot\System32\ntdll.dll:
27516ec.9f8: CreationTime: 2020-10-30T14:28:55.076467000Z
27616ec.9f8: LastWriteTime: 2020-10-30T14:28:55.123331800Z
27716ec.9f8: ChangeTime: 2020-10-30T14:32:01.953859400Z
27816ec.9f8: FileAttributes: 0x20
27916ec.9f8: Size: 0x1ee338
28016ec.9f8: NT Headers: 0xe8
28116ec.9f8: Timestamp: 0xe5d7ed5c
28216ec.9f8: Machine: 0x8664 - amd64
28316ec.9f8: Timestamp: 0xe5d7ed5c
28416ec.9f8: Image Version: 10.0
28516ec.9f8: SizeOfImage: 0x1f6000 (2056192)
28616ec.9f8: Resource Dir: 0x185000 LB 0x6fd28
28716ec.9f8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
28816ec.9f8: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
28916ec.9f8: ProductName: Microsoft® Windows® Operating System
29016ec.9f8: ProductVersion: 10.0.19041.610
29116ec.9f8: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
29216ec.9f8: FileDescription: NT Layer DLL
29316ec.9f8: \SystemRoot\System32\kernel32.dll:
29416ec.9f8: CreationTime: 2020-10-09T20:43:36.889408100Z
29516ec.9f8: LastWriteTime: 2020-10-09T20:43:36.905042700Z
29616ec.9f8: ChangeTime: 2020-10-30T14:29:40.373872500Z
29716ec.9f8: FileAttributes: 0x20
29816ec.9f8: Size: 0xbac30
29916ec.9f8: NT Headers: 0xe8
30016ec.9f8: Timestamp: 0x2f7cc9b6
30116ec.9f8: Machine: 0x8664 - amd64
30216ec.9f8: Timestamp: 0x2f7cc9b6
30316ec.9f8: Image Version: 10.0
30416ec.9f8: SizeOfImage: 0xbd000 (774144)
30516ec.9f8: Resource Dir: 0xbb000 LB 0x520
30616ec.9f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
30716ec.9f8: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
30816ec.9f8: ProductName: Microsoft® Windows® Operating System
30916ec.9f8: ProductVersion: 10.0.19041.546
31016ec.9f8: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
31116ec.9f8: FileDescription: Windows NT BASE API Client DLL
31216ec.9f8: \SystemRoot\System32\KernelBase.dll:
31316ec.9f8: CreationTime: 2020-10-09T20:44:02.553372400Z
31416ec.9f8: LastWriteTime: 2020-10-09T20:44:02.584631100Z
31516ec.9f8: ChangeTime: 2020-10-30T14:29:40.483248700Z
31616ec.9f8: FileAttributes: 0x20
31716ec.9f8: Size: 0x2c8f70
31816ec.9f8: NT Headers: 0xf0
31916ec.9f8: Timestamp: 0x1183946c
32016ec.9f8: Machine: 0x8664 - amd64
32116ec.9f8: Timestamp: 0x1183946c
32216ec.9f8: Image Version: 10.0
32316ec.9f8: SizeOfImage: 0x2c8000 (2916352)
32416ec.9f8: Resource Dir: 0x29f000 LB 0x548
32516ec.9f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32616ec.9f8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
32716ec.9f8: ProductName: Microsoft® Windows® Operating System
32816ec.9f8: ProductVersion: 10.0.19041.572
32916ec.9f8: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
33016ec.9f8: FileDescription: Windows NT BASE API Client DLL
33116ec.9f8: \SystemRoot\System32\apisetschema.dll:
33216ec.9f8: CreationTime: 2019-12-07T09:08:13.518339400Z
33316ec.9f8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
33416ec.9f8: ChangeTime: 2020-10-30T14:29:40.358245400Z
33516ec.9f8: FileAttributes: 0x20
33616ec.9f8: Size: 0x1f538
33716ec.9f8: NT Headers: 0xd0
33816ec.9f8: Timestamp: 0x31288ce0
33916ec.9f8: Machine: 0x8664 - amd64
34016ec.9f8: Timestamp: 0x31288ce0
34116ec.9f8: Image Version: 10.0
34216ec.9f8: SizeOfImage: 0x20000 (131072)
34316ec.9f8: Resource Dir: 0x1f000 LB 0x408
34416ec.9f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
34516ec.9f8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
34616ec.9f8: ProductName: Microsoft® Windows® Operating System
34716ec.9f8: ProductVersion: 10.0.19041.1
34816ec.9f8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
34916ec.9f8: FileDescription: ApiSet Schema DLL
35016ec.9f8: supR3HardenedWinFindAdversaries: 0x0
35116ec.9f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
35216ec.9f8: Calling main()
35316ec.9f8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
35416ec.9f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
35516ec.9f8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
35616ec.9f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
35716ec.9f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
35816ec.9f8: SUPR3HardenedMain: Respawn #2
35916ec.9f8: supR3HardNtEnableThreadCreationEx:
36016ec.9f8: supR3HardenedDllNotificationCallback: load 00007ffb0c620000 LB 0x00123000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
36116ec.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
36216ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
36316ec.9f8: supR3HardenedDllNotificationCallback: load 00007ffb0c750000 LB 0x0009b000 C:\windows\System32\sechost.dll [fFlags=0x0]
36416ec.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
36516ec.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
36616ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
36716ec.9f8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
36816ec.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
36916ec.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
37016ec.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37116ec.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37216ec.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
37316ec.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
37416ec.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0d770000 'C:\windows\System32\ntdll.dll'
37516ec.9f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb0d7e4760 pvNtTerminateThread=00007ffb0d80c7f0
37616ec.9f8: supR3HardenedWinDoReSpawn(2): New child 20e4.16b8 [kernel32].
37716ec.9f8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
37816ec.9f8: supR3HardNtChildGatherData: PebBaseAddress=0000000000422000 cbPeb=0x388
37916ec.9f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb0d770000 uNtDllChildAddr=00007ffb0d770000
38016ec.9f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb0d7e4760
38116ec.9f8: supR3HardenedWinSetupChildInit: Initial context:
382 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff666c37900 rdx=0000000000422000
383 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
384 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
385 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
386 rip=00007ffb0d7bcea0 rsp=00000000006ff9f8 rbp=0000000000000000 ctxflags=0010001b
387 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
388 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
389 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
390 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
391 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
39216ec.9f8: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
39316ec.9f8: supR3HardenedWinSetupChildInit: Start child.
39416ec.9f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
39516ec.9f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 30 sleeps
39616ec.9f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
39716ec.9f8: *0000000000000000-000000000033ffff 0x0001/0x0000 0x0000000
39816ec.9f8: *0000000000340000-000000000035ffff 0x0004/0x0004 0x0020000
39916ec.9f8: *0000000000360000-000000000037cfff 0x0002/0x0002 0x0040000
40016ec.9f8: 000000000037d000-000000000037ffff 0x0001/0x0000 0x0000000
40116ec.9f8: *0000000000380000-0000000000383fff 0x0002/0x0002 0x0040000
40216ec.9f8: 0000000000384000-000000000038ffff 0x0001/0x0000 0x0000000
40316ec.9f8: *0000000000390000-0000000000391fff 0x0004/0x0004 0x0020000
40416ec.9f8: 0000000000392000-00000000003fffff 0x0001/0x0000 0x0000000
40516ec.9f8: *0000000000400000-0000000000421fff 0x0000/0x0004 0x0020000
40616ec.9f8: 0000000000422000-0000000000424fff 0x0004/0x0004 0x0020000
40716ec.9f8: 0000000000425000-00000000005fffff 0x0000/0x0004 0x0020000
40816ec.9f8: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
40916ec.9f8: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
41016ec.9f8: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
41116ec.9f8: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
41216ec.9f8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
41316ec.9f8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
41416ec.9f8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
41516ec.9f8: 000000007ffec000-00007ff5f78fffff 0x0001/0x0000 0x0000000
41616ec.9f8: *00007ff5f7900000-00007ff5f7900fff 0x0002/0x0002 0x0040000
41716ec.9f8: 00007ff5f7901000-00007ff5f790ffff 0x0001/0x0000 0x0000000
41816ec.9f8: *00007ff5f7910000-00007ff5f7932fff 0x0002/0x0002 0x0040000
41916ec.9f8: 00007ff5f7933000-00007ff666c2ffff 0x0001/0x0000 0x0000000
42016ec.9f8: *00007ff666c30000-00007ff666c30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42116ec.9f8: 00007ff666c31000-00007ff666ca7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42216ec.9f8: 00007ff666ca8000-00007ff666ca8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42316ec.9f8: 00007ff666ca9000-00007ff666cf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42416ec.9f8: 00007ff666cf2000-00007ff666cf2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42516ec.9f8: 00007ff666cf3000-00007ff666cf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42616ec.9f8: 00007ff666cf4000-00007ff666cf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42716ec.9f8: 00007ff666cf9000-00007ff666cf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42816ec.9f8: 00007ff666cfa000-00007ff666cfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
42916ec.9f8: 00007ff666cfb000-00007ff666cfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43016ec.9f8: 00007ff666cff000-00007ff666d47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43116ec.9f8: 00007ff666d48000-00007ffb0d76ffff 0x0001/0x0000 0x0000000
43216ec.9f8: *00007ffb0d770000-00007ffb0d770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43316ec.9f8: 00007ffb0d771000-00007ffb0d88bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43416ec.9f8: 00007ffb0d88c000-00007ffb0d8d4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43516ec.9f8: 00007ffb0d8d5000-00007ffb0d8e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43616ec.9f8: 00007ffb0d8e1000-00007ffb0d8effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43716ec.9f8: 00007ffb0d8f0000-00007ffb0d8f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43816ec.9f8: 00007ffb0d8f1000-00007ffb0d8f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43916ec.9f8: 00007ffb0d8f4000-00007ffb0d965fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
44016ec.9f8: 00007ffb0d966000-00007ffffffeffff 0x0001/0x0000 0x0000000
44116ec.9f8: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
44216ec.9f8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
44316ec.9f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
44416ec.9f8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
44516ec.9f8: supR3HardNtChildPurify: Done after 311 ms and 0 fixes (loop #0).
44620e4.16b8: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
44716ec.9f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
44820e4.16b8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb0d770000 g_uNtVerCombined=0xa04a6200 (stack ~00000000006ff488)
44916ec.9f8: supR3HardNtEnableThreadCreationEx:
45020e4.16b8: ntdll.dll: timestamp 0xe5d7ed5c (rc=VINF_SUCCESS)
45120e4.16b8: New simple heap: #1 0000000000800000 LB 0x400000 (for 2056192 allocation)
45220e4.16b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
45320e4.16b8: System32: \Device\HarddiskVolume2\Windows\System32
45420e4.16b8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
45520e4.16b8: KnownDllPath: C:\windows\System32
45620e4.16b8: supR3HardenedVmProcessInit: Opening vboxdrv...
45720e4.16b8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
45820e4.16b8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
45920e4.16b8: Registered Dll notification callback with NTDLL.
46020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
46120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
46220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
46320e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0afe0000 LB 0x002c8000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
46420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
46520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
46620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c7f0000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
46720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
46820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\KERNEL32.DLL'
46920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ff666c30000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
47020e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
47120e4.16b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
47220e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
47320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
47420e4.16b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb0d7e4760 pvNtTerminateThread=00007ffb0d80c7f0
47516ec.9f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
47620e4.16b8: \SystemRoot\System32\ntdll.dll:
47720e4.16b8: CreationTime: 2020-10-30T14:28:55.076467000Z
47820e4.16b8: LastWriteTime: 2020-10-30T14:28:55.123331800Z
47920e4.16b8: ChangeTime: 2020-10-30T14:32:01.953859400Z
48020e4.16b8: FileAttributes: 0x20
48120e4.16b8: Size: 0x1ee338
48220e4.16b8: NT Headers: 0xe8
48320e4.16b8: Timestamp: 0xe5d7ed5c
48420e4.16b8: Machine: 0x8664 - amd64
48520e4.16b8: Timestamp: 0xe5d7ed5c
48620e4.16b8: Image Version: 10.0
48720e4.16b8: SizeOfImage: 0x1f6000 (2056192)
48820e4.16b8: Resource Dir: 0x185000 LB 0x6fd28
48920e4.16b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
49020e4.16b8: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
49120e4.16b8: ProductName: Microsoft® Windows® Operating System
49220e4.16b8: ProductVersion: 10.0.19041.610
49320e4.16b8: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
49420e4.16b8: FileDescription: NT Layer DLL
49520e4.16b8: \SystemRoot\System32\kernel32.dll:
49620e4.16b8: CreationTime: 2020-10-09T20:43:36.889408100Z
49720e4.16b8: LastWriteTime: 2020-10-09T20:43:36.905042700Z
49820e4.16b8: ChangeTime: 2020-10-30T14:29:40.373872500Z
49920e4.16b8: FileAttributes: 0x20
50020e4.16b8: Size: 0xbac30
50120e4.16b8: NT Headers: 0xe8
50220e4.16b8: Timestamp: 0x2f7cc9b6
50320e4.16b8: Machine: 0x8664 - amd64
50420e4.16b8: Timestamp: 0x2f7cc9b6
50520e4.16b8: Image Version: 10.0
50620e4.16b8: SizeOfImage: 0xbd000 (774144)
50720e4.16b8: Resource Dir: 0xbb000 LB 0x520
50820e4.16b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
50920e4.16b8: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
51020e4.16b8: ProductName: Microsoft® Windows® Operating System
51120e4.16b8: ProductVersion: 10.0.19041.546
51220e4.16b8: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
51320e4.16b8: FileDescription: Windows NT BASE API Client DLL
51420e4.16b8: \SystemRoot\System32\KernelBase.dll:
51520e4.16b8: CreationTime: 2020-10-09T20:44:02.553372400Z
51620e4.16b8: LastWriteTime: 2020-10-09T20:44:02.584631100Z
51720e4.16b8: ChangeTime: 2020-10-30T14:29:40.483248700Z
51820e4.16b8: FileAttributes: 0x20
51920e4.16b8: Size: 0x2c8f70
52020e4.16b8: NT Headers: 0xf0
52120e4.16b8: Timestamp: 0x1183946c
52220e4.16b8: Machine: 0x8664 - amd64
52320e4.16b8: Timestamp: 0x1183946c
52420e4.16b8: Image Version: 10.0
52520e4.16b8: SizeOfImage: 0x2c8000 (2916352)
52620e4.16b8: Resource Dir: 0x29f000 LB 0x548
52720e4.16b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
52820e4.16b8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
52920e4.16b8: ProductName: Microsoft® Windows® Operating System
53020e4.16b8: ProductVersion: 10.0.19041.572
53120e4.16b8: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
53220e4.16b8: FileDescription: Windows NT BASE API Client DLL
53320e4.16b8: \SystemRoot\System32\apisetschema.dll:
53420e4.16b8: CreationTime: 2019-12-07T09:08:13.518339400Z
53520e4.16b8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
53620e4.16b8: ChangeTime: 2020-10-30T14:29:40.358245400Z
53720e4.16b8: FileAttributes: 0x20
53820e4.16b8: Size: 0x1f538
53920e4.16b8: NT Headers: 0xd0
54020e4.16b8: Timestamp: 0x31288ce0
54120e4.16b8: Machine: 0x8664 - amd64
54220e4.16b8: Timestamp: 0x31288ce0
54320e4.16b8: Image Version: 10.0
54420e4.16b8: SizeOfImage: 0x20000 (131072)
54520e4.16b8: Resource Dir: 0x1f000 LB 0x408
54620e4.16b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54720e4.16b8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
54820e4.16b8: ProductName: Microsoft® Windows® Operating System
54920e4.16b8: ProductVersion: 10.0.19041.1
55020e4.16b8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
55120e4.16b8: FileDescription: ApiSet Schema DLL
55220e4.16b8: supR3HardenedWinFindAdversaries: 0x0
55320e4.16b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
55420e4.16b8: Calling main()
55520e4.16b8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
55620e4.16b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
55720e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
55820e4.16b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
55920e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
56020e4.16b8: SUPR3HardenedMain: Final process, opening VBoxDrv...
56120e4.16b8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
56220e4.16b8: supR3HardNtEnableThreadCreationEx:
56320e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
56420e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
56520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
56620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56720e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
56820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffafc170000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
56920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
57820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
57920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
58020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
58120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
58420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
58520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
58620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
58820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
58920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
59020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d4e0000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
59120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
59220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c620000 LB 0x00123000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
59320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
59420e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0af80000 LB 0x00060000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
59520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
59620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b4c0000 LB 0x00100000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
59720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
59820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
59920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b360000 LB 0x0015d000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
60020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
60120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
60220e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
60320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-synch-l1-2-0'
60520e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
60620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-fibers-l1-1-1'
60820e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
60920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-fibers-l1-1-1'
61120e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
61220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-synch-l1-2-0'
61420e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
61520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-localization-l1-2-1'
61720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
61820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
61920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0a9d0000 LB 0x00012000 C:\windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
62020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
62120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0af80000 'C:\windows\system32\Wintrust.dll'
62220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
62320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
62420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0aeb0000 LB 0x00027000 C:\windows\System32\bcrypt.dll [fFlags=0x0]
62620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
62720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0aeb0000 'C:\windows\system32\bcrypt.dll'
62820e4.16b8: bcrypt.dll loaded at 00007ffb0aeb0000, BCryptOpenAlgorithmProvider at 00007ffb0aeb51e0, preloading providers:
62920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
63020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
63120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b700000 LB 0x0007f000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
63320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
63420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b700000 'C:\windows\system32\bcryptprimitives.dll'
63520e4.16b8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000cfd6b0)
63620e4.16b8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000cfe430)
63720e4.16b8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000cfef60)
63820e4.16b8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000cff280)
63920e4.16b8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000cff5a0)
64020e4.16b8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000cff8c0)
64120e4.16b8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000cffbe0)
64220e4.16b8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000cfff00)
64320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
64420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
64520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0a7a0000 LB 0x00018000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
64620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
64720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
64820e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
64920e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
65020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
65120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
65220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65420e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb09f60000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
65620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
65820e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
65920e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
66020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0a7c0000 LB 0x0000c000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
66120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
66220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
66320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\kernel32.dll'
66520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
66620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0af80000 'C:\windows\System32\WINTRUST.DLL'
66820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
66920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\CRYPT32.dll'
67120e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d290000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
67220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
67320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
67420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
67520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
67720e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c750000 LB 0x0009b000 C:\windows\System32\sechost.dll [fFlags=0x0]
67820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
67920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
68020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
68120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
68320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
68420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
68520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb097d0000 LB 0x00023000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
68620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
68720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
68820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
68920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0ade0000 LB 0x00026000 C:\windows\SYSTEM32\profapi.dll [fFlags=0x0]
69020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
69120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
69220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
69320e4.16b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
69420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
69520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
69620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
69720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
69820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
69920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
70220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
70320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
70420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
70820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
70920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
71020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71120e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffafe9a0000 LB 0x00031000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
71320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
71720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
72020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
72320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
72620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
72920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
73120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
73220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
73420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
73620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
73820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
74020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
74220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\windows\System32\cryptnet.dll'
74320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe9a0000 'C:\Windows\System32\cryptnet.dll'
74520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c2c0000 LB 0x000ac000 C:\windows\System32\advapi32.dll [fFlags=0x0]
74620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
74820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
74920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
75020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
75120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
75320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
75420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
75520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
75620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
75720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
75820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
76320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
76420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
76620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
76720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d47bc0
76820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
76920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC9603AAA8E3B88E651DB1C09CDA930DC7E67DCE
77020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
77120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c620000 'C:\windows\System32\rpcrt4.dll'
77320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
77620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
77720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
77920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\SystemRoot\System32\ntdll.dll'
78020e4.16b8: g_pfnWinVerifyTrust=00007ffb0af81da0
78120e4.16b8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
78220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
78520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
78620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
78820e4.16b8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
78920e4.16b8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
79020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
79320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
79420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
79620e4.16b8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
79720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
80020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
80120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
80320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
80420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
80520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
80620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
80720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45ECE98858B46D7A91C9972C8F2F62C2E8A43CC
80820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
81020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
81120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
81220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
81320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
81420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
81620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
81720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
81820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
82020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
82120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
82220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
82420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
82520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
82620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
82820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
82920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
83020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
83220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
83320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
83420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
83620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
83720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
83820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
83920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
84020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
84120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
84220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
84320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
84420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
84520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
84620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
84720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
84820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
84920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
85020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
85120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
85220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
85320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
85420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
85520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
85620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
85720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
85820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
85920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
86020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
86120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
86220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
86320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
86420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
86520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
86620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
86720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
86820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
86920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
87020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
87120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
87220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
87320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\system32\crypt32.dll'
87420e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
87520e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
87620e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
87720e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
87820e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
87920e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
88020e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x9111af3d05383fa3 CN=nester
88120e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
88220e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
88320e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
88420e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
88520e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
88620e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
88720e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
88820e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
88920e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
89020e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
89120e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
89220e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
89320e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
89420e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
89520e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
89620e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
89720e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
89820e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
89920e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
90020e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
90120e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
90220e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
90320e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
90420e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
90520e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
90620e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
90720e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
90820e4.16b8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
90920e4.16b8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=35
91020e4.16b8: SUPR3HardenedMain: Load Runtime...
91120e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
91220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
91320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
91420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
91520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
91620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
91720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
91820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
91920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
92020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
92120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
92220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
92320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
92420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
92520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
92620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
92720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
92820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
92920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
93020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
93120e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
93220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
93320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
93420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
93520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
93620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
93720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
93820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
93920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
94020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
94120e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
94220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
94320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
94420e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
94520e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
94620e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
94720e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
94820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
94920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
95020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
95120e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
95220e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
95320e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
95420e4.16b8: supR3HardenedDllNotificationCallback: load 000000005f290000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
95520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
95620e4.16b8: supR3HardenedDllNotificationCallback: load 000000005e710000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
95720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
95820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c8b0000 LB 0x0006b000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
95920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
96020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffad15c0000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
96120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
96220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
96320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
96420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
96520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
96820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
96920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
97220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
97920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98320e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
98620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98820e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99020e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
99320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99520e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
100020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
100120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
104220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111920e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
112420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112820e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113320e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113620e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad15c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
114020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
114120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
114220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
114320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0af80000 'C:\windows\system32\Wintrust.dll'
114420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
114520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
114620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
114720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
114820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
114920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
115020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\system32\crypt32.dll'
115120e4.16b8: SUPR3HardenedMain: Load TrustedMain...
115220e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
115320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
115420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
115520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
115620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
115720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
115820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
115920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
116020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
116120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
116220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
116320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
116420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
116520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
116620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
116720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
116820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
116920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
117020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
117120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
117220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
117320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
117420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
117520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
117620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
117720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
117820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
117920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
118020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
118120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
118220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
118320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
118420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
118520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
118620e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
118720e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
118820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
118920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
119020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
119120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
119220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
119320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
119420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
119520e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
119620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
119720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
119820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
119920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
120020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
120120e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
120220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
120320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
120420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
120520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
120620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
120720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
120820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
121020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
121120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
121220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
121320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
121420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
121520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
121620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
121820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
121920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
122020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
122120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
122220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
122320e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
122420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
122520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
122620e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
122720e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
122820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
123020e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
123120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
123220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
123320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
123420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
123520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
123620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
123720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
123820e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
123920e4.16b8: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
124020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
124120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
124220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
124320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
124420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
124520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
124620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
124720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
124820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
124920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
125020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
125120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
125220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
125320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
125420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
125520e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
125620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
125720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
125820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
125920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
126020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
126120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
126220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
126320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
126420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
126520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
126620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
126720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
126820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
126920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
127020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
127120e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
127220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
127320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
127420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
127520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
127620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
127720e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
127820e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
127920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
128020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
128120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
128220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
128320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
128420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
128520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
128620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
128720e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
128820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
128920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
129020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
129120e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
129220e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
129320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
129420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
129520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
129620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
129720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
129820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
129920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
130020e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
130120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
130220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
130320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
130420e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
130520e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
130620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
130720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
130820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
130920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
131020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
131120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
131220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
131320e4.16b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
131420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
131520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
131620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
131720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
131820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
131920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
132020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
132120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
132220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
132320e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
132420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
132520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
132620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
132720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
132820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
132920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
133020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
133120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
133220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
133320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
133420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
133520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
133620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
133720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
133820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
133920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
134020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
134120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
134220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
134320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
134420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
134520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
134620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
134720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
134820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
134920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
135020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
135120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
135220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
135320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
135420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
135520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
135620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
135720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
135820e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
135920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
136020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
136120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
136220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
136320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
136420e4.16b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
136520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
136620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
136720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
136820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
136920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
137020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
137120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
137220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
137320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
137420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
137520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
137620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
137720e4.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
137820e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
137920e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
138020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
138120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
138220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
138320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
138420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
138520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
138620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
138720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
138820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
138920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
139020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
139120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
139220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
139520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
139620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
139720e4.16b8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
139820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
139920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
140020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
140120e4.16b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
140220e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
140320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
140420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
140520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
140620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
140720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
140820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
140920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
141020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
141120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
141220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
141320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
141420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
141520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
141620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
141720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
141820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
141920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
142020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
142120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
142220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
142320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
142420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
142520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
142620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
142720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
142820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
142920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
143020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
143120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
143220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
143320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
143420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
143520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
143620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
143720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
143820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
143920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
144020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
144120e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
144220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
144320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
144420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
144520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
144620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
144720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
144820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
144920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
145020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
145120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
145220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
145320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
145420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
145520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
145620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
145720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
145820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
145920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
146020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
146120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
146220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
146320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
146420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
146520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
146620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
146720e4.16b8: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
146820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
146920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
147020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
147120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
147220e4.16b8: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
147320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
147420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
147520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
147620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
147720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
147820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
147920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
148020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
148120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
148220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
148320e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
148420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
148520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
148620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
148720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
148820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
148920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
149020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
149120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
149220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
149320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
149420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
149520e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
149620e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
149720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
149820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
149920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
150020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
150120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
150220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
150320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F14F1B7D8729223C0DB5ABA6EC95E5C5A3D6D1EC
150420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
150520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
150620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
150720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
150820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
150920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
151020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
151120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
151220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
151320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
151420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
151520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
151820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
151920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
152020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
152120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
152220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
152320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
152420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
152520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
152620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
152720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
152820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
152920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
153020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
153120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
153220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
153320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
153420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
153520e4.16b8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
153620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
153720e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
153820e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
153920e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
154020e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
154120e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
154220e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
154320e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
154420e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
154520e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
154620e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
154720e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b5c0000 LB 0x00022000 C:\windows\System32\win32u.dll [fFlags=0x0]
154820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
154920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0aee0000 LB 0x0009d000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
155020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
155120e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b5f0000 LB 0x00109000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
155220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
155320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
155420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
155520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
155620e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
155720e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
155820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0cd90000 LB 0x0002a000 C:\windows\System32\GDI32.dll [fFlags=0x0]
155920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
156020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c480000 LB 0x001a0000 C:\windows\System32\USER32.dll [fFlags=0x0]
156120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
156220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0bf50000 LB 0x00355000 C:\windows\System32\combase.dll [fFlags=0x0]
156320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
156420e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf0010000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
156520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
156620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaceb70000 LB 0x00125000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
156720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
156820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0b7d0000 LB 0x00741000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
156920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
157020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0cf80000 LB 0x0012a000 C:\windows\System32\ole32.dll [fFlags=0x0]
157120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
157220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaecb60000 LB 0x0001d000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
157320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
157420e4.16b8: supR3HardenedDllNotificationCallback: load 000000005ed20000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
157520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
157620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaceca0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
157720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
157820e4.16b8: supR3HardenedDllNotificationCallback: load 000000005e7b0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
157920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
158020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d1c0000 LB 0x000cd000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
158120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
158220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffacf2a0000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
158320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
158420e4.16b8: supR3HardenedDllNotificationCallback: load 000000005e6b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
158520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
158620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffae9f10000 LB 0x00027000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
158720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
158820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffad48b0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
158920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
159020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
159120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
159220e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
159320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
159420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
159520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
159620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
159720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
159820e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
159920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
160020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
160120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
160220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
160320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
160420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
160520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
160620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
160720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
160820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
160920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
161020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
161120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
161220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
161320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
161420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
161520e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
161620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
161920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
162020e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
162120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
162420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
162520e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
162620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
162720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
162820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
162920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
163020e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
163120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
163220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\kernel32.dll'
163320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
163420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
163520e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
163620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
163720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
163820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
163920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
164020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
164120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
164220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
164320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
164420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
164520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
164620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
164720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
164820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
164920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
165020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
165120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
165220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
165320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
165420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
165520e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
165620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
165720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
165820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
165920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
166020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
166120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
166220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
166320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
166420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
166520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
166620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
166720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
166820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
166920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
167020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
167120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
167220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
167320e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
167420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
167520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-string-l1-1-0'
167620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
167720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
167820e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
167920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
168020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
168120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
168220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
168320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
168420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
168520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
168620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
168720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
168820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
168920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
169020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
169120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
169220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
169320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
169420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
169520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
169620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
169720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
169820e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
169920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
170020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
170120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
170220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
170320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
170420e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
170520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
170620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
170720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
170820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
170920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
171020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
171120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
171220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
171320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
171420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
171520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
171620e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
171720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
171820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-datetime-l1-1-1'
171920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
172020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
172120e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
172220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
172320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
172420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
172520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
172620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
172720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
172820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
172920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
173020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
173120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
173220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
173320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
173420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
173520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
173620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
173720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
173820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
173920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
174020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
174120e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
174220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
174320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
174420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
174520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
174620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
174720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
174820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
174920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
175020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
175120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
175220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
175320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
175420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
175520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
175620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
175720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
175820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
175920e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
176020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
176120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-localization-obsolete-l1-2-0'
176220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
176320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
176420e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
176520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
176620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
176720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
176820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
176920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
177020e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
177120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
177220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
177320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
177420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
177520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
177620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
177720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
177820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
177920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
178020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
178120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
178220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
178320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
178420e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
178520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
178620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
178720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
178820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
178920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
179020e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
179120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
179220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
179320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
179420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
179520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
179620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
179720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
179820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
179920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
180020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
180120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
180220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
180320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
180420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
180520e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
180620e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
180720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
180820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
180920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
181020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
181120e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
181220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
181320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
181420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
181520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
181620e4.16b8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
181720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
181820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0bf20000 LB 0x00030000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
181920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
182020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0bf20000 'C:\windows\system32\IMM32.DLL'
182120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
182220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
182320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
182420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
182520e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
182620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
182720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
182820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
182920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
183020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
183120e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
183220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
183320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
183420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
183520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
183620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
183720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
183820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
183920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
184020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
184120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
184220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
184320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
184420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
184520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
184620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
184720e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
184820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
184920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
185020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
185120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
185220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
185320e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
185420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
185520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
185620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
185720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
185820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
185920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
186020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
186120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
186220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
186320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
186420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
186520e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\edgegdi.dll': 0 (NtPath=\??\C:\windows\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
186620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\edgegdi.dll'
186720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
186820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
186920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
187020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
187120e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
187220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
187320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
187420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
187520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
187620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
187720e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
187820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
187920e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
188020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
188120e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
188220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
188320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
188420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
188520e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
188620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
188720e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
188820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
188920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
189020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c2c0000 'C:\windows\System32\ADVAPI32.DLL'
189220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
189320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
189420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
189520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
189620e4.16b8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
189720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
189820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
189920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
190020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
190120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
190220e4.16b8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
190320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
190420e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
190520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
190620e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
190720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
190820e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
190920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
191020e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
191120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
191220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
191320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
191420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad48b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
191520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
191620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
191720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
191820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
191920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
192020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'
192120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
192220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
192320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
192420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=087A92E70231A784DB8F333F449EAE73CA72A5AC
192520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
192620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
192720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
192820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
192920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
193020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
193120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
193220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
193320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
193420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
193520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
193620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
193720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
193820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
193920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
194020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
194120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
194220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
194320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
194420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
194520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
194620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
194720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
194820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
194920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
195020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
195120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
195220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
195320e4.16b8: SUPR3HardenedMain: Calling TrustedMain (00007ffad48b16c0)...
195420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
195520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
195620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
195720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
195820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
195920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
196020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wldp.dll)
196120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wldp.dll
196220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0a850000 LB 0x0002c000 C:\windows\SYSTEM32\Wldp.dll [fFlags=0x0]
196320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
196420e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb09020000 LB 0x00795000 C:\windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
196520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
196620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0c370000 LB 0x000ae000 C:\windows\System32\SHCORE.dll [fFlags=0x0]
196720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
196820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
196920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
197020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
197120e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d0b0000 LB 0x00055000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
197220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
197320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
197420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
197520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
197620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
197720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
197820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
197920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
198020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
198120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
198620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
198720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [lacks WinVerifyTrust]
198820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
198920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
199020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
199120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
199220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
199320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
199420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
199520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
199620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
199720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
199820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
199920e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
200020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
200120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
200220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wldp.dll'
200320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
200420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
200520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
200620e4.16b8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
200720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
200820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
200920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
201020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
201120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
201220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
201320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
201420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
201520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
201620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
201720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
201820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
201920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
202020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
202120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
202220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
202320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
202420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
202520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
202620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
202720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
202820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
202920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
203020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
203120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
203220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
203320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
203420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
203520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
203620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
203720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
203820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
203920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
204020e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
204120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
204220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
204320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
204420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
204520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
204620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
204720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
204820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
204920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
205020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
205120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
205220e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
205320e4.16b8: supR3HardenedDllNotificationCallback: load 00007fface990000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
205420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
205520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface990000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
205620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
205720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
205820e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
205920e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
206020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb08e20000 LB 0x00012000 C:\windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
206120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
206220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
206320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
206420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
206720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
206820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
206920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
207020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
207120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
207220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F5C6EF219635A6781C1125A989876AF1D3E8DCA9
207320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
207420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
207520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
207620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
207720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
207820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
207920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
208020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
208120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
208220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
208320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
208420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
208520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
208620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
208820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
208920e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
209020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb088e0000 LB 0x0009e000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
209120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
209220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb088e0000 'C:\windows\system32\uxtheme.dll'
209320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c480000 'C:\windows\system32\user32.dll'
209420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
209520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
209720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
209820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c370000 'C:\windows\system32\SHCore.dll'
210020e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
210120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
210220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
210320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
210420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae9f10000 'C:\windows\system32\winmm.dll'
210520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
210620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
210720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae9f10000 'C:\windows\system32\winmm.dll'
210820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
210920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
211120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
211220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb088e0000 'C:\windows\system32\uxtheme.dll'
211420e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
211520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c2c0000 'C:\windows\system32\advapi32.dll'
211720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
211820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
211920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
212020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
212120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
212220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
212320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
212420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
212520e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
212620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0ad60000 LB 0x0002e000 C:\windows\system32\userenv.dll [fFlags=0x0]
212720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
212820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ad60000 'C:\windows\system32\userenv.dll'
212920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
213020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
213120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\kernel32.dll'
213220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d110000 LB 0x000a9000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
213320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
213420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
213520e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
213620e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
213720e4.28c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
213820e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
213920e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
214020e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
214120e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
214220e4.28c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
214320e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
214420e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
214520e4.28c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
214620e4.28c0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
214720e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
214820e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
214920e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
215020e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
215120e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
215220e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
215320e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
215420e4.28c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
215520e4.28c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
215620e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
215720e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
215820e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
215920e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
216020e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
216120e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
216220e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
216320e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
216420e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
216520e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
216620e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
216720e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
216820e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
216920e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
217020e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
217120e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
217220e4.28c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
217320e4.28c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
217420e4.28c0: supR3HardenedDllNotificationCallback: load 00007fface4e0000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
217520e4.28c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
217620e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
217720e4.28c0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
217820e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
217920e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
218020e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
218120e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
218220e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
218320e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
218420e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
218520e4.28c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
218620e4.28c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
218720e4.28c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
218820e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
218920e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
219020e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
219120e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
219220e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
219320e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
219420e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
219520e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
219620e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
219720e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
219820e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
219920e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
220020e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
220120e4.28c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
220220e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
220320e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
220420e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
220520e4.28c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
220620e4.28c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
220720e4.28c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
220820e4.28c0: supR3HardenedDllNotificationCallback: load 00007fface8a0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
220920e4.28c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
221020e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface8a0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
221120e4.28c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
221220e4.28c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
221320e4.28c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0d1c0000 'C:\Windows\System32\oleaut32.dll'
221420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0cd90000 'C:\windows\system32\gdi32.dll'
221520e4.8a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
221620e4.8a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
221720e4.8a8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
221820e4.8a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
221920e4.8a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
222020e4.8a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
222120e4.8a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
222220e4.8a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
222320e4.8a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
222420e4.8a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
222520e4.8a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
222620e4.8a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
222720e4.8a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
222820e4.8a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
222920e4.8a8: supR3HardenedDllNotificationCallback: load 00007ffafc160000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
223020e4.8a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
223120e4.8a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc160000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
223220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
223320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
223520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb0d610000 LB 0x00115000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
223620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
223720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
223820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
223920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
224020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
224120e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
224220e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
224320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
224420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
224520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
224620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
224720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
224820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
224920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
225020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
225120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
225220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
225320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
225420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
225520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
225620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
225720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
225820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000994 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
225920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
226020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
226120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=783F5D82A4B979F1AE8853415E4264F3E2314DE6
226220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
226320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
226420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
226520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
226620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
226720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
226820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
226920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
227020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
227120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
227220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
227320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
227420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
227520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
227620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
227720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
227820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
227920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
228020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
228120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
228220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
228320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
228420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
228520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
228620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
228720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
228820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
228920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
229020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
229120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
229220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
229320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
229420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
229520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
229620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
229720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
229820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
229920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
230020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
230120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
230220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
230320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
230420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
230520e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll) WinVerifyTrust
230620e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
230720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
230820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
230920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
231020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
231120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
231220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
231320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
231620e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
231720e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
231820e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
231920e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
232020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb09800000 LB 0x000f3000 C:\windows\system32\dxgi.dll [fFlags=0x0]
232120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
232220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb07380000 LB 0x00264000 C:\windows\system32\d3d11.dll [fFlags=0x0]
232320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
232420e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb07bb0000 LB 0x001e5000 C:\windows\system32\dcomp.dll [fFlags=0x0]
232520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
232620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaeb360000 LB 0x0003e000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
232720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
232820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0cd90000 'C:\windows\System32\gdi32.dll'
232920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb360000 'C:\windows\system32\dataexchange.dll'
233020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
233120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
233220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
233320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
233420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
233520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb05770000 LB 0x00208000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
233620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
233720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
233820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
233920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
234020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
234120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
234220e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
234320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
234420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
234520e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
234620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
234720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
234820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
234920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
235020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c370000 'C:\windows\system32\Shcore.dll'
235220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
235320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
235420e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
235520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
235620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
235720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
235820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
235920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
236020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
236120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
236220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
236320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
236420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
236520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
236620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
236720e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
236820e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
236920e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
237020e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
237120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
237220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
237320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
237420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
237520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
237620e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb09bf0000 LB 0x00033000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
237720e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
237820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb08560000 LB 0x000f2000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
237920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
238020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb06dc0000 LB 0x00156000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
238120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
238220e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb07da0000 LB 0x0035e000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
238320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
238420e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf4b70000 LB 0x000fc000 C:\windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
238520e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
238620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
238720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
238820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
238920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
239020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
239120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
239220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
239320e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
239420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
239520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
239620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
239720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
239820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
239920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
240020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
240120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
240220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
240320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
240420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
240520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
240620e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
240720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
240820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
240920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
241020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
241120e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
241220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
241320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
241420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
241520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
241620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
241720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
241820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
241920e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
242020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
242120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
242220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
242320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
242420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
242520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
242620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
242720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
242820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
242920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
243020e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
243120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
243220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
243320e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
243420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
243520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
243620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
243720e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
243820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c480000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
244020e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
244120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c480000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
244320e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
244420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0bf50000 'api-ms-win-core-com-l1-1-0.dll'
244620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
244720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
244820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0d610000 'C:\windows\System32\MSCTF.dll'
244920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
245020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
245220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
245320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
245420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0cf80000 'C:\windows\System32\ole32.dll'
245620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0d1c0000 'C:\windows\System32\OLEAUT32.dll'
245720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000abc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
245820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
245920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
246020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24E65BD1CEC5A0EC4647A91D813736DC7112053D
246120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
246220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
246320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
246520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
246620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
246720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
246820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
246920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
247020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
247120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
247220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
247320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
247420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
247520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
247620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
247720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C300CB1A203662154729906A10B05CEE85D4742B
247820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
247920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
248020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
248120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
248220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
248320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
248420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
248520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
248620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
248720e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
248820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
249020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
249120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
249220e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
249320e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
249420e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
249520e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf8d60000 LB 0x00086000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
249620e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
249720e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffafa050000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
249820e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
249920e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
250020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
250120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
250220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafa050000 'C:\windows\system32\wbem\wbemprox.dll'
250320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
250420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
250520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
250620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D16B59E56C4ED9F0BBAA653FE2F79CAF6AC8AC7B
250720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
250820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
250920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
251020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
251120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
251220e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
251320e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
251420e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
251520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
251620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
251720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
251820e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
251920e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
252020e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
252120e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf98d0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
252220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
252320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf98d0000 'C:\windows\system32\wbem\wbemsvc.dll'
252420e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
252520e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
252620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-localization-l1-2-0.dll'
252720e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
252820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
252920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
253020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
253120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
253220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
253320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
253420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
253520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
253620e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
253720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
253820e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
253920e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
254020e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
254120e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
254220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
254320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
254420e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
254520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
254620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
254720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
254820e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
254920e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf91e0000 LB 0x0010b000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
255020e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
255120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf91e0000 'C:\windows\system32\wbem\fastprox.dll'
255220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
255320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
255420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
255520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=388BAB1FF35FEBB7F89B70EE6201301E3EDDFE0B
255620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
255720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
255820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
255920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
256020e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256120e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
256220e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
256320e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
256420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
256520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
256620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
256720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
256820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
256920e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
257020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf17f0000 LB 0x00019000 C:\windows\System32\amsi.dll [fFlags=0x0]
257120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
257220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf17f0000 'C:\windows\System32\amsi.dll'
257320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
257420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
257520e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
257620e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
257720e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
257820e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll) WinVerifyTrust
257920e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
258020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
258120e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
258220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
258320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
258420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
258520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
258620e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
258720e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
258820e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffaf1770000 LB 0x00079000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll [fFlags=0x0]
258920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpOAV.dll
259020e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
259120e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
259220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-synch-l1-2-0'
259320e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
259420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
259520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-fibers-l1-1-1'
259620e4.16b8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
259720e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
259820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0afe0000 'api-ms-win-core-localization-l1-2-1'
259920e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
260020e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
260120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c7f0000 'C:\windows\System32\kernel32.dll'
260220e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
260320e4.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
260420e4.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
260520e4.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
260620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260820e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
260920e4.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
261020e4.16b8: supR3HardenedDllNotificationCallback: load 00007ffb050c0000 LB 0x0000a000 C:\windows\system32\version.dll [fFlags=0x0]
261120e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
261220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb050c0000 'C:\windows\system32\version.dll'
261320e4.16b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
261420e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
261520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf1770000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpOav.dll'
261620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
261720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
261820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
261920e4.ae8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
262020e4.ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
262120e4.ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
262220e4.ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
262320e4.ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
262420e4.ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
262520e4.ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
262620e4.ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
262720e4.ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
262820e4.ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
262920e4.ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263020e4.ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
263120e4.ae8: supR3HardenedDllNotificationCallback: load 00007ffad4530000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
263220e4.ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
263320e4.ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4530000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
263420e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
263520e4.12b4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
263620e4.12b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
263720e4.12b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
263820e4.12b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
263920e4.12b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
264020e4.12b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
264120e4.12b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
264220e4.12b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
264320e4.12b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
264420e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
264520e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
264620e4.12b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
264720e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
264820e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
264920e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
265020e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
265120e4.12b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
265220e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
265320e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
265420e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
265520e4.12b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
265620e4.12b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
265720e4.12b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
265820e4.12b4: supR3HardenedDllNotificationCallback: load 00007ffaf6ee0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
265920e4.12b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
266020e4.12b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
266120e4.bac: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
266220e4.bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
266320e4.bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
266420e4.bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
266520e4.bac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
266620e4.bac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
266720e4.bac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
266820e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
266920e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
267020e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
267120e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
267220e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
267320e4.bac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
267420e4.bac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
267520e4.bac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
267620e4.bac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
267720e4.bac: supR3HardenedDllNotificationCallback: load 00007ffaf6e90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
267820e4.bac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
267920e4.bac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6e90000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
268020e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\Shell32.dll'
268120e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
268220e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268320e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4530000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
268420e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
268520e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
268620e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
268720e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
268820e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
268920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
269020e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
269120e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
269220e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
269320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
269420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
269520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
269620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
269720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
269820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
269920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
270020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
270120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
270220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
270320e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
270420e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
270520e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffadfad0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
270620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
270720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfad0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
270820e4.16d4: supR3HardenedDllNotificationCallback: Unload 00007ffadfad0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
270920e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
271020e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
271120e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
271220e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
271320e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
271420e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
271520e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
271620e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
271720e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
271820e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
271920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
272020e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
272120e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
272220e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
272320e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
272420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
272520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
272620e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
272720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
272820e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
272920e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
273020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
273120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
273220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
273320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
273420e4.16d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
273520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
273620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
273720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
273820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
273920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
274020e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
274120e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
274220e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
274320e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
274420e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
274520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
274620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
274720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
274820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
274920e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
275020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
275120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
275220e4.16d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
275320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
275420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
275520e4.16d4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
275620e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
275720e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
275820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
275920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
276020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276220e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
276320e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
276420e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
276520e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
276620e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
276720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
276820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
276920e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
277020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
277120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
277220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
277320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
277420e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
277520e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
277620e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
277720e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
277820e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
277920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
278020e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
278120e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
278220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
278320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
278420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
278520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
278620e4.16d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
278720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
278820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
278920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
279020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
279120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
279220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
279320e4.16d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
279420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
279520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
279620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
279720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
279820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
279920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
280020e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
280120e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
280220e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
280320e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
280420e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
280520e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb0b780000 LB 0x0004e000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
280620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
280720e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb0c920000 LB 0x00467000 C:\windows\System32\SETUPAPI.dll [fFlags=0x0]
280820e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
280920e4.16d4: supR3HardenedDllNotificationCallback: load 00007fface470000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
281020e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
281120e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffad23c0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
281220e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
281320e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb0a2c0000 LB 0x0003b000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
281420e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
281520e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffad3b40000 LB 0x009e7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
281620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
281720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b40000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
281820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
281920e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
282020e4.16d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
282120e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
282220e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
282320e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282420e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
282520e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffadfad0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
282620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
282720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfad0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
282820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
282920e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
283020e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283120e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
283220e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
283320e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
283420e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283520e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad23c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
283620e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
283720e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
283820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
283920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
284020e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
284120e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
284220e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
284320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
284420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
284520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
284620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
284720e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
284820e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
284920e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffaf6c10000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
285020e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
285120e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6c10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
285220e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
285320e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
285420e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
285520e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
285620e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
285720e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
285820e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
285920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
286020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
286120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
286220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
286320e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
286420e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
286520e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffaefe00000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
286620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
286720e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaefe00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
286820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
286920e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
287020e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
287120e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
287220e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
287320e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
287420e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
287520e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
287620e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
287720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
287820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
287920e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
288020e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
288120e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffadeef0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
288220e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
288320e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeef0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
288420e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
288520e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
288620e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
288720e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
288820e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
288920e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
289020e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
289120e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
289220e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
289320e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
289420e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
289520e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
289620e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
289720e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffad5dd0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
289820e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
289920e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad5dd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
290020e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
290120e4.2e8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
290220e4.2e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
290320e4.2e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
290420e4.2e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
290520e4.2e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
290620e4.2e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
290720e4.2e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
290820e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
290920e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
291020e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
291120e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
291220e4.2e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
291320e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
291420e4.2e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
291520e4.2e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
291620e4.2e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
291720e4.2e8: supR3HardenedDllNotificationCallback: load 00007ffad5d70000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
291820e4.2e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
291920e4.2e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad5d70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
292020e4.e44: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
292120e4.e44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
292220e4.e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
292320e4.e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
292420e4.e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
292520e4.e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
292620e4.e44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
292720e4.e44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
292820e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
292920e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
293020e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
293120e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
293220e4.e44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
293320e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
293420e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
293520e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
293620e4.e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
293720e4.e44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
293820e4.e44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
293920e4.e44: supR3HardenedDllNotificationCallback: load 00007ffadfac0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
294020e4.e44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
294120e4.e44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadfac0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
294220e4.4bc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
294320e4.4bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
294420e4.4bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
294520e4.4bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
294620e4.4bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
294720e4.4bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
294820e4.4bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
294920e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
295020e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
295120e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
295220e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
295320e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
295420e4.4bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
295520e4.4bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295620e4.4bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
295720e4.4bc: supR3HardenedDllNotificationCallback: load 00007ffadeca0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
295820e4.4bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
295920e4.4bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadeca0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
296020e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
296120e4.16d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
296220e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
296320e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
296420e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
296520e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
296620e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
296720e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
296820e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
296920e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
297020e4.16d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
297120e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
297220e4.16d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
297320e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffaf6ec0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
297420e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
297520e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6ec0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
297620e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
297720e4.16d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
297820e4.16d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a2c0000 'C:\windows\system32\Iphlpapi.dll'
297920e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
298020e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
298120e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
298220e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
298320e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb0c2b0000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
298420e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
298520e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
298620e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb050b0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
298720e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
298820e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
298920e4.16d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
299020e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
299120e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb03940000 LB 0x00017000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
299220e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
299320e4.16d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
299420e4.16d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
299520e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
299620e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb03920000 LB 0x0001d000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
299720e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
299820e4.16d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll)
299920e4.16d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
300020e4.16d4: supR3HardenedDllNotificationCallback: load 00007ffb0a300000 LB 0x000cb000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
300120e4.16d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
300220e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
300320e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
300420e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
300520e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
300620e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
300720e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
300820e4.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
300920e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
301020e4.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
301120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
301220e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
301320e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0af80000 'C:\windows\System32\WINTRUST.DLL'
301520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\CRYPT32.dll'
301620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
301720e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
301820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
301920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
302020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
302120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
302220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
302320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
302420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
302520e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
302620e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
302720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
302820e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
302920e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
303020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
303120e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
303220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
303320e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
303420e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
303520e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
303620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
303720e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
303820e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
303920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
304020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
304120e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
304220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
304320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
304420e4.1414: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
304520e4.1414: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
304620e4.1414: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
304720e4.1414: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000006e4 (hFile=0000000000000be4) with 0xc0000022 -> STATUS_TRUST_FAILURE
304820e4.1414: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
304920e4.1414: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000be4 (hFile=00000000000006e4) with 0xc0000022 -> STATUS_TRUST_FAILURE
305020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
305120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
305220e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
305320e4.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
305420e4.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
305520e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0af80000 'C:\windows\System32\WINTRUST.DLL'
305620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\CRYPT32.dll'
305720e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5268A0C262B76E359548F743A2C88860D70BB8BD
305820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
305920e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
306020e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
306120e4.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306220e4.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
306320e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\thai.dll': 0 (NtPath=\??\C:\windows\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
306420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\thai.dll'
306520e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\thai.dll': 0 (NtPath=\??\C:\windows\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
306620e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\thai.dll'
306720e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\thai.dll': 0 (NtPath=\??\C:\windows\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
306820e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\thai.dll'
306920e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\thai.dll': 0 (NtPath=\??\C:\windows\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
307020e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\thai.dll'
307120e4.16b8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\thai.dll': 0 (NtPath=\??\C:\windows\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
307220e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\thai.dll'
307320e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
307420e4.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b7d0000 'C:\windows\system32\shell32.dll'
307520e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
307620e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
307720e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'rpcrt4.dll'.
307820e4.2878: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
307920e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
308020e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
308120e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
308220e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
308320e4.2878: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
308420e4.2878: supR3HardenedDllNotificationCallback: load 00007ffb06b00000 LB 0x000f7000 C:\windows\system32\propsys.dll [fFlags=0x0]
308520e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
308620e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb06b00000 'C:\windows\system32\propsys.dll'
308720e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
308820e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
308920e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09020000 'C:\windows\system32\Windows.Storage.dll'
309020e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
309120e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
309220e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09020000 'C:\windows\system32\windows.storage.dll'
309320e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
309420e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
309520e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
309620e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
309720e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
309820e4.2878: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll) WinVerifyTrust
309920e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
310020e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
310120e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
310220e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
310320e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
310420e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
310520e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
310620e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
310720e4.2878: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
310820e4.2878: supR3HardenedDllNotificationCallback: load 00007ffaeccf0000 LB 0x0029b000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll [fFlags=0x0]
310920e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
311020e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeccf0000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll'
311120e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
311220e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
311320e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeccf0000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll'
311420e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
311520e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
311620e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
311720e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'bcrypt.dll'.
311820e4.2878: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll)
311920e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll
312020e4.2878: supR3HardenedDllNotificationCallback: load 00007ffb05a40000 LB 0x001b4000 C:\windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
312120e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
312220e4.2878: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
312320e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
312420e4.2878: supR3HardenedDllNotificationCallback: load 00007ffb08790000 LB 0x00090000 C:\windows\SYSTEM32\apphelp.dll [fFlags=0x0]
312520e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
312620e4.2878: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\apphelp.dll'.
312720e4.2878: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\apphelp.dll' [rescheduled]
312820e4.2878: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll'.
312920e4.2878: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll' [rescheduled]
313020e4.2878: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
313120e4.2878: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
313220e4.2878: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
313320e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
313420e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
313520e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
313620e4.2878: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
313720e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313820e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
313920e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
314020e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
314120e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314220e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314320e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
314420e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0d770000 'C:\windows\System32\ntdll.dll'
314520e4.2878: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'.
314620e4.2878: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' [rescheduled]
314720e4.2878: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\apphelp.dll'.
314820e4.2878: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\apphelp.dll' [rescheduled]
314920e4.2878: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll'.
315020e4.2878: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll' [rescheduled]
315120e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
315220e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
315320e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'
315420e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001644 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
315520e4.824: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
315620e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
315720e4.824: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30D96FB4AF08381EA3CBA1820966B799055D3A63
315820e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
315920e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
316020e4.824: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0414~31bf3856ad364e35~amd64~~10.0.19041.610.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
316120e4.824: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
316220e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
316320e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
316420e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
316520e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll'
316620e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000016ac pwszName=\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
316720e4.824: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
316820e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
316920e4.824: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1B2E217C5AFAFA4CBAEFF5F255124F166FB8B9A
317020e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
317120e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
317220e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
317320e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
317420e4.824: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll'
317520e4.824: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
317620e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
317720e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
317820e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
317920e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
318020e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
318120e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
318220e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
318320e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
318420e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
318520e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
318620e4.824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll) WinVerifyTrust
318720e4.824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
318820e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
318920e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
319020e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
319120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
319220e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
319320e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
319420e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
319520e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
319620e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
319720e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
319820e4.824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
319920e4.824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
320020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
320120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
320220e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
320320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
320420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
320520e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
320620e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
320720e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
320820e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
320920e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
321020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
321120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
321220e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
321320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
321420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
321520e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
321620e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
321720e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
321820e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
321920e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
322020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
322120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
322220e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
322320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
322420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
322520e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
322620e4.824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
322720e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
322820e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
322920e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
323020e4.824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll)
323120e4.824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll
323220e4.824: supR3HardenedDllNotificationCallback: load 00007ffaceac0000 LB 0x000b0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\COMCTL32.dll [fFlags=0x0]
323320e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll [avoiding WinVerifyTrust]
323420e4.824: supR3HardenedDllNotificationCallback: load 00007ffaeb1f0000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
323520e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
323620e4.824: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll'.
323720e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll' [rescheduled]
323820e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
323920e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
324020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
324120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
324220e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
324320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
324420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
324520e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324620e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0bf20000 'C:\windows\System32\imm32.dll'
324720e4.824: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll'.
324820e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll' [rescheduled]
324920e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb1f0000 'C:\Windows\System32\EhStorShell.dll'
325020e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
325120e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
325220e4.824: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\comctl32.dll'
325320e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
325420e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
325520e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
325620e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
325720e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
325820e4.824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
325920e4.824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
326020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
326120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
326220e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
326320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
326420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
326520e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
326620e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
326720e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
326820e4.824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
326920e4.824: supR3HardenedDllNotificationCallback: load 00007ffb025a0000 LB 0x00795000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
327020e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\OneCoreUAPCommonProxyStub.dll
327120e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb025a0000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
327220e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
327320e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
327420e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb1f0000 'C:\Windows\System32\EhStorShell.dll'
327520e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001260 pwszName=\Device\HarddiskVolume2\Windows\System32\cscui.dll
327620e4.824: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d47bc0
327720e4.824: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d47bc0
327820e4.824: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B9BFEAC4EBC5BD00CD517EC2F14D6C1BF4D0B39
327920e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
328020e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
328120e4.824: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cscui.dll'
328220e4.824: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
328320e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
328420e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shell32.dll'.
328520e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
328620e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
328720e4.824: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
328820e4.824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cscui.dll) WinVerifyTrust
328920e4.824: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cscui.dll
329020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
329120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
329220e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
329320e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
329420e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
329520e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
329620e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
329720e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
329820e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
329920e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
330020e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
330120e4.824: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
330220e4.824: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
330320e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
330420e4.824: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscui.dll
330520e4.824: supR3HardenedDllNotificationCallback: load 00007ffae7af0000 LB 0x000cd000 C:\windows\System32\cscui.dll [fFlags=0x0]
330620e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscui.dll
330720e4.824: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
330820e4.824: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
330920e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeccf0000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll'
331020e4.824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7af0000 'C:\windows\System32\cscui.dll'
331120e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscui.dll
331220e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
331320e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7af0000 'C:\windows\System32\cscui.dll'
331420e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb09f60000 'C:\windows\system32\rsaenh.dll'
331520e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0b360000 'C:\windows\System32\crypt32.dll'
331620e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shcore.dll'.
331720e4.2878: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
331820e4.2878: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\thumbcache.dll) WinVerifyTrust
331920e4.2878: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
332020e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
332120e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
332220e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
332320e4.2878: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
332420e4.2878: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
332520e4.2878: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
332620e4.2878: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
332720e4.2878: supR3HardenedDllNotificationCallback: load 00007ffaeb290000 LB 0x00065000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
332820e4.2878: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
332920e4.2878: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb290000 'C:\Windows\System32\thumbcache.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy