VirtualBox

Ticket #20078: VBoxHardening.log

File VBoxHardening.log, 432.1 KB (added by cg-sis, 4 years ago)
Line 
1105c8.101bc: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
2105c8.101bc: \SystemRoot\System32\ntdll.dll:
3105c8.101bc: CreationTime: 2020-11-30T15:42:12.685476600Z
4105c8.101bc: LastWriteTime: 2020-11-30T15:42:12.713438800Z
5105c8.101bc: ChangeTime: 2020-11-30T20:53:08.625150300Z
6105c8.101bc: FileAttributes: 0x20
7105c8.101bc: Size: 0x1ee338
8105c8.101bc: NT Headers: 0xe8
9105c8.101bc: Timestamp: 0xe5d7ed5c
10105c8.101bc: Machine: 0x8664 - amd64
11105c8.101bc: Timestamp: 0xe5d7ed5c
12105c8.101bc: Image Version: 10.0
13105c8.101bc: SizeOfImage: 0x1f6000 (2056192)
14105c8.101bc: Resource Dir: 0x185000 LB 0x6fd28
15105c8.101bc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16105c8.101bc: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17105c8.101bc: ProductName: Microsoft® Windows® Operating System
18105c8.101bc: ProductVersion: 10.0.19041.610
19105c8.101bc: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
20105c8.101bc: FileDescription: NT Layer DLL
21105c8.101bc: \SystemRoot\System32\kernel32.dll:
22105c8.101bc: CreationTime: 2020-10-09T20:46:52.282701500Z
23105c8.101bc: LastWriteTime: 2020-10-09T20:46:52.298327900Z
24105c8.101bc: ChangeTime: 2020-11-30T15:42:52.741304100Z
25105c8.101bc: FileAttributes: 0x20
26105c8.101bc: Size: 0xbac30
27105c8.101bc: NT Headers: 0xe8
28105c8.101bc: Timestamp: 0x2f7cc9b6
29105c8.101bc: Machine: 0x8664 - amd64
30105c8.101bc: Timestamp: 0x2f7cc9b6
31105c8.101bc: Image Version: 10.0
32105c8.101bc: SizeOfImage: 0xbd000 (774144)
33105c8.101bc: Resource Dir: 0xbb000 LB 0x520
34105c8.101bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35105c8.101bc: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36105c8.101bc: ProductName: Microsoft® Windows® Operating System
37105c8.101bc: ProductVersion: 10.0.19041.546
38105c8.101bc: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
39105c8.101bc: FileDescription: Windows NT BASE API Client DLL
40105c8.101bc: \SystemRoot\System32\KernelBase.dll:
41105c8.101bc: CreationTime: 2020-10-09T20:47:23.246076200Z
42105c8.101bc: LastWriteTime: 2020-10-09T20:47:23.292966400Z
43105c8.101bc: ChangeTime: 2020-11-30T15:42:52.827074800Z
44105c8.101bc: FileAttributes: 0x20
45105c8.101bc: Size: 0x2c8f70
46105c8.101bc: NT Headers: 0xf0
47105c8.101bc: Timestamp: 0x1183946c
48105c8.101bc: Machine: 0x8664 - amd64
49105c8.101bc: Timestamp: 0x1183946c
50105c8.101bc: Image Version: 10.0
51105c8.101bc: SizeOfImage: 0x2c8000 (2916352)
52105c8.101bc: Resource Dir: 0x29f000 LB 0x548
53105c8.101bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54105c8.101bc: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55105c8.101bc: ProductName: Microsoft® Windows® Operating System
56105c8.101bc: ProductVersion: 10.0.19041.572
57105c8.101bc: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
58105c8.101bc: FileDescription: Windows NT BASE API Client DLL
59105c8.101bc: \SystemRoot\System32\apisetschema.dll:
60105c8.101bc: CreationTime: 2019-12-07T09:08:13.518339400Z
61105c8.101bc: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62105c8.101bc: ChangeTime: 2020-11-30T15:42:49.193536900Z
63105c8.101bc: FileAttributes: 0x20
64105c8.101bc: Size: 0x1f538
65105c8.101bc: NT Headers: 0xd0
66105c8.101bc: Timestamp: 0x31288ce0
67105c8.101bc: Machine: 0x8664 - amd64
68105c8.101bc: Timestamp: 0x31288ce0
69105c8.101bc: Image Version: 10.0
70105c8.101bc: SizeOfImage: 0x20000 (131072)
71105c8.101bc: Resource Dir: 0x1f000 LB 0x408
72105c8.101bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73105c8.101bc: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74105c8.101bc: ProductName: Microsoft® Windows® Operating System
75105c8.101bc: ProductVersion: 10.0.19041.1
76105c8.101bc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77105c8.101bc: FileDescription: ApiSet Schema DLL
78105c8.101bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79105c8.101bc: supR3HardenedWinFindAdversaries: 0x8
80105c8.101bc: \SystemRoot\System32\drivers\tmcomm.sys:
81105c8.101bc: CreationTime: 2020-10-07T09:47:28.718601900Z
82105c8.101bc: LastWriteTime: 2020-08-10T16:54:04.000000000Z
83105c8.101bc: ChangeTime: 2020-10-31T18:12:55.548634400Z
84105c8.101bc: FileAttributes: 0x20
85105c8.101bc: Size: 0x68658
86105c8.101bc: NT Headers: 0xf8
87105c8.101bc: Timestamp: 0x5ecd0040
88105c8.101bc: Machine: 0x8664 - amd64
89105c8.101bc: Timestamp: 0x5ecd0040
90105c8.101bc: Image Version: 10.0
91105c8.101bc: SizeOfImage: 0x69000 (430080)
92105c8.101bc: Resource Dir: 0x67000 LB 0x568
93105c8.101bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94105c8.101bc: [Raw version resource data: 0x67060 LB 0x508, codepage 0x0 (reserved 0x0)]
95105c8.101bc: ProductName: Trend Micro Eyes
96105c8.101bc: ProductVersion: 8.20
97105c8.101bc: FileVersion: 8.20.0.1040
98105c8.101bc: SpecialBuild: 1040
99105c8.101bc: PrivateBuild: Build 1040 - 5/26/2020
100105c8.101bc: FileDescription: TrendMicro Common Module
101105c8.101bc: \SystemRoot\System32\drivers\tmactmon.sys:
102105c8.101bc: CreationTime: 2020-10-07T09:47:28.701645800Z
103105c8.101bc: LastWriteTime: 2020-07-22T18:06:24.000000000Z
104105c8.101bc: ChangeTime: 2020-10-31T18:12:55.548634400Z
105105c8.101bc: FileAttributes: 0x20
106105c8.101bc: Size: 0x24118
107105c8.101bc: NT Headers: 0xf8
108105c8.101bc: Timestamp: 0x5f18000d
109105c8.101bc: Machine: 0x8664 - amd64
110105c8.101bc: Timestamp: 0x5f18000d
111105c8.101bc: Image Version: 6.0
112105c8.101bc: SizeOfImage: 0x27000 (159744)
113105c8.101bc: Resource Dir: 0x25000 LB 0x5d0
114105c8.101bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
115105c8.101bc: [Raw version resource data: 0x25060 LB 0x570, codepage 0x0 (reserved 0x0)]
116105c8.101bc: ProductName: Trend Micro AEGIS
117105c8.101bc: ProductVersion: 2.98
118105c8.101bc: FileVersion: 2.98.0.1461
119105c8.101bc: SpecialBuild: 1461
120105c8.101bc: PrivateBuild: Build 1461 - $(build_date)
121105c8.101bc: FileDescription: TrendMicro Activity Monitor Module
122105c8.101bc: \SystemRoot\System32\drivers\tmevtmgr.sys:
123105c8.101bc: CreationTime: 2020-10-07T09:47:28.744532500Z
124105c8.101bc: LastWriteTime: 2020-07-22T18:06:22.000000000Z
125105c8.101bc: ChangeTime: 2020-10-31T18:12:55.548634400Z
126105c8.101bc: FileAttributes: 0x20
127105c8.101bc: Size: 0x19ac0
128105c8.101bc: NT Headers: 0xf0
129105c8.101bc: Timestamp: 0x5f180008
130105c8.101bc: Machine: 0x8664 - amd64
131105c8.101bc: Timestamp: 0x5f180008
132105c8.101bc: Image Version: 6.0
133105c8.101bc: SizeOfImage: 0x19000 (102400)
134105c8.101bc: Resource Dir: 0x17000 LB 0x5d0
135105c8.101bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
136105c8.101bc: [Raw version resource data: 0x17060 LB 0x570, codepage 0x0 (reserved 0x0)]
137105c8.101bc: ProductName: Trend Micro AEGIS
138105c8.101bc: ProductVersion: 2.98
139105c8.101bc: FileVersion: 2.98.0.1461
140105c8.101bc: SpecialBuild: 1461
141105c8.101bc: PrivateBuild: Build 1461 - $(build_date)
142105c8.101bc: FileDescription: TrendMicro Event Management Module
143105c8.101bc: \SystemRoot\System32\drivers\tmeevw.sys:
144105c8.101bc: CreationTime: 2020-10-07T09:47:28.735556200Z
145105c8.101bc: LastWriteTime: 2020-06-22T18:39:44.000000000Z
146105c8.101bc: ChangeTime: 2020-10-31T18:12:55.548634400Z
147105c8.101bc: FileAttributes: 0x20
148105c8.101bc: Size: 0x25488
149105c8.101bc: NT Headers: 0xe8
150105c8.101bc: Timestamp: 0x5dba9302
151105c8.101bc: Machine: 0x8664 - amd64
152105c8.101bc: Timestamp: 0x5dba9302
153105c8.101bc: Image Version: 10.0
154105c8.101bc: SizeOfImage: 0x26000 (155648)
155105c8.101bc: Resource Dir: 0x1f000 LB 0x5318
156105c8.101bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
157105c8.101bc: [Raw version resource data: 0x23e1c LB 0x4fc, codepage 0x4e4 (reserved 0x0)]
158105c8.101bc: ProductName: Trend Micro EagleEye 3.5
159105c8.101bc: ProductVersion: 3.5
160105c8.101bc: FileVersion: 3.5.0.1017
161105c8.101bc: SpecialBuild: 1017
162105c8.101bc: PrivateBuild: Build 1017 - 10/31/2019
163105c8.101bc: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
164105c8.101bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
165105c8.101bc: Calling main()
166105c8.101bc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
167105c8.101bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
168105c8.101bc: SUPR3HardenedMain: Respawn #1
169105c8.101bc: System32: \Device\HarddiskVolume7\Windows\System32
170105c8.101bc: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
171105c8.101bc: KnownDllPath: C:\WINDOWS\System32
172105c8.101bc: supR3HardenedWinInit: Performing a limited self purification...
173105c8.101bc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
174105c8.101bc: *0000000000000000-00000000001bffff 0x0001/0x0000 0x0000000
175105c8.101bc: *00000000001c0000-00000000001cffff 0x0004/0x0004 0x0040000
176105c8.101bc: 00000000001d0000-00000000001dffff 0x0001/0x0000 0x0000000
177105c8.101bc: *00000000001e0000-00000000001fcfff 0x0002/0x0002 0x0040000
178105c8.101bc: 00000000001fd000-00000000001fffff 0x0001/0x0000 0x0000000
179105c8.101bc: *0000000000200000-0000000000277fff 0x0000/0x0004 0x0020000
180105c8.101bc: 0000000000278000-000000000027afff 0x0004/0x0004 0x0020000
181105c8.101bc: 000000000027b000-00000000003fffff 0x0000/0x0004 0x0020000
182105c8.101bc: *0000000000400000-00000000004b0fff 0x0000/0x0004 0x0020000
183105c8.101bc: 00000000004b1000-00000000004b3fff 0x0104/0x0004 0x0020000
184105c8.101bc: 00000000004b4000-00000000004fffff 0x0004/0x0004 0x0020000
185105c8.101bc: *0000000000500000-0000000000503fff 0x0002/0x0002 0x0040000
186105c8.101bc: 0000000000504000-000000000050ffff 0x0001/0x0000 0x0000000
187105c8.101bc: *0000000000510000-0000000000511fff 0x0004/0x0004 0x0020000
188105c8.101bc: 0000000000512000-000000000054ffff 0x0001/0x0000 0x0000000
189105c8.101bc: *0000000000550000-0000000000555fff 0x0004/0x0004 0x0020000
190105c8.101bc: 0000000000556000-000000000064ffff 0x0000/0x0004 0x0020000
191105c8.101bc: *0000000000650000-0000000000718fff 0x0002/0x0002 0x0040000
192105c8.101bc: 0000000000719000-000000000071ffff 0x0001/0x0000 0x0000000
193105c8.101bc: *0000000000720000-0000000000721fff 0x0004/0x0004 0x0020000
194105c8.101bc: 0000000000722000-0000000000781fff 0x0000/0x0004 0x0020000
195105c8.101bc: 0000000000782000-000000000087ffff 0x0001/0x0000 0x0000000
196105c8.101bc: *0000000000880000-000000000088efff 0x0004/0x0004 0x0020000
197105c8.101bc: 000000000088f000-000000000088ffff 0x0000/0x0004 0x0020000
198105c8.101bc: *0000000000890000-0000000000891fff 0x0000/0x0004 0x0020000
199105c8.101bc: 0000000000892000-0000000000a88fff 0x0004/0x0004 0x0020000
200105c8.101bc: 0000000000a89000-0000000000a89fff 0x0000/0x0004 0x0020000
201105c8.101bc: 0000000000a8a000-0000000000a8ffff 0x0001/0x0000 0x0000000
202105c8.101bc: *0000000000a90000-0000000000aacfff 0x0004/0x0004 0x0020000
203105c8.101bc: 0000000000aad000-0000000000b8ffff 0x0000/0x0004 0x0020000
204105c8.101bc: 0000000000b90000-000000007ffdffff 0x0001/0x0000 0x0000000
205105c8.101bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
206105c8.101bc: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
207105c8.101bc: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
208105c8.101bc: 000000007ffe3000-00007ff488f1ffff 0x0001/0x0000 0x0000000
209105c8.101bc: *00007ff488f20000-00007ff488f24fff 0x0002/0x0002 0x0040000
210105c8.101bc: 00007ff488f25000-00007ff48901ffff 0x0000/0x0002 0x0040000
211105c8.101bc: *00007ff489020000-00007ff58903ffff 0x0000/0x0004 0x0020000
212105c8.101bc: *00007ff589040000-00007ff58b03ffff 0x0000/0x0004 0x0020000
213105c8.101bc: 00007ff58b040000-00007ff58b040fff 0x0004/0x0004 0x0020000
214105c8.101bc: 00007ff58b041000-00007ff58b04ffff 0x0001/0x0000 0x0000000
215105c8.101bc: *00007ff58b050000-00007ff58b050fff 0x0002/0x0002 0x0040000
216105c8.101bc: 00007ff58b051000-00007ff58b05ffff 0x0001/0x0000 0x0000000
217105c8.101bc: *00007ff58b060000-00007ff58b082fff 0x0002/0x0002 0x0040000
218105c8.101bc: 00007ff58b083000-00007ff72a0cffff 0x0001/0x0000 0x0000000
219105c8.101bc: *00007ff72a0d0000-00007ff72a0d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
220105c8.101bc: 00007ff72a0d1000-00007ff72a147fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
221105c8.101bc: 00007ff72a148000-00007ff72a148fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
222105c8.101bc: 00007ff72a149000-00007ff72a191fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
223105c8.101bc: 00007ff72a192000-00007ff72a194fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
224105c8.101bc: 00007ff72a195000-00007ff72a197fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
225105c8.101bc: 00007ff72a198000-00007ff72a19afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
226105c8.101bc: 00007ff72a19b000-00007ff72a19bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
227105c8.101bc: 00007ff72a19c000-00007ff72a19dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
228105c8.101bc: 00007ff72a19e000-00007ff72a19efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
229105c8.101bc: 00007ff72a19f000-00007ff72a1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
230105c8.101bc: 00007ff72a1e8000-00007ffd4dd9ffff 0x0001/0x0000 0x0000000
231105c8.101bc: *00007ffd4dda0000-00007ffd4dda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
232105c8.101bc: 00007ffd4dda1000-00007ffd4deb1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
233105c8.101bc: 00007ffd4deb2000-00007ffd4e029fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
234105c8.101bc: 00007ffd4e02a000-00007ffd4e02dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
235105c8.101bc: 00007ffd4e02e000-00007ffd4e02efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
236105c8.101bc: 00007ffd4e02f000-00007ffd4e067fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
237105c8.101bc: 00007ffd4e068000-00007ffd5018ffff 0x0001/0x0000 0x0000000
238105c8.101bc: *00007ffd50190000-00007ffd50190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
239105c8.101bc: 00007ffd50191000-00007ffd5020efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
240105c8.101bc: 00007ffd5020f000-00007ffd50241fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
241105c8.101bc: 00007ffd50242000-00007ffd50242fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
242105c8.101bc: 00007ffd50243000-00007ffd50243fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
243105c8.101bc: 00007ffd50244000-00007ffd5024cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\kernel32.dll
244105c8.101bc: 00007ffd5024d000-00007ffd502cffff 0x0001/0x0000 0x0000000
245105c8.101bc: *00007ffd502d0000-00007ffd502d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
246105c8.101bc: 00007ffd502d1000-00007ffd503ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
247105c8.101bc: 00007ffd503ec000-00007ffd50434fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
248105c8.101bc: 00007ffd50435000-00007ffd50435fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
249105c8.101bc: 00007ffd50436000-00007ffd50437fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
250105c8.101bc: 00007ffd50438000-00007ffd50440fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
251105c8.101bc: 00007ffd50441000-00007ffd504c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
252105c8.101bc: 00007ffd504c6000-00007ffffffeffff 0x0001/0x0000 0x0000000
253105c8.101bc: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
254105c8.101bc: kernelbase.dll: timestamp 0x1183946c (rc=VINF_SUCCESS)
255105c8.101bc: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
256105c8.101bc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
257105c8.101bc: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
258105c8.101bc: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
259105c8.101bc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
260105c8.101bc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
261105c8.101bc: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
262105c8.101bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
263105c8.101bc: supR3HardNtEnableThreadCreationEx:
264105c8.101bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd50344760 pvNtTerminateThread=00007ffd5036c7f0
265105c8.101bc: supR3HardenedWinDoReSpawn(1): New child d254.105f4 [kernel32].
266105c8.101bc: supR3HardNtChildGatherData: PebBaseAddress=0000000000d90000 cbPeb=0x388
267105c8.101bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd502d0000 uNtDllChildAddr=00007ffd502d0000
268105c8.101bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd50344760
269105c8.101bc: supR3HardenedWinSetupChildInit: Initial context:
270 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72a0d7900 rdx=0000000000d90000
271 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
272 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
273 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
274 rip=00007ffd5031cea0 rsp=0000000000bdf9b8 rbp=0000000000000000 ctxflags=0010001b
275 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
276 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
277 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
278 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
279 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
280105c8.101bc: supR3HardenedWinSetupChildInit: Start child.
281105c8.101bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
282105c8.101bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 33 sleeps
283105c8.101bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
284105c8.101bc: *0000000000000000-0000000000a9ffff 0x0001/0x0000 0x0000000
285105c8.101bc: *0000000000aa0000-0000000000abffff 0x0004/0x0004 0x0020000
286105c8.101bc: *0000000000ac0000-0000000000adcfff 0x0002/0x0002 0x0040000
287105c8.101bc: 0000000000add000-0000000000adffff 0x0001/0x0000 0x0000000
288105c8.101bc: *0000000000ae0000-0000000000bdafff 0x0000/0x0004 0x0020000
289105c8.101bc: 0000000000bdb000-0000000000bddfff 0x0104/0x0004 0x0020000
290105c8.101bc: 0000000000bde000-0000000000bdffff 0x0004/0x0004 0x0020000
291105c8.101bc: *0000000000be0000-0000000000be3fff 0x0002/0x0002 0x0040000
292105c8.101bc: 0000000000be4000-0000000000beffff 0x0001/0x0000 0x0000000
293105c8.101bc: *0000000000bf0000-0000000000bf1fff 0x0004/0x0004 0x0020000
294105c8.101bc: 0000000000bf2000-0000000000bfffff 0x0001/0x0000 0x0000000
295105c8.101bc: *0000000000c00000-0000000000d8ffff 0x0000/0x0004 0x0020000
296105c8.101bc: 0000000000d90000-0000000000d92fff 0x0004/0x0004 0x0020000
297105c8.101bc: 0000000000d93000-0000000000dfffff 0x0000/0x0004 0x0020000
298105c8.101bc: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
299105c8.101bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
300105c8.101bc: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
301105c8.101bc: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
302105c8.101bc: 000000007ffe3000-00007ff56d6cffff 0x0001/0x0000 0x0000000
303105c8.101bc: *00007ff56d6d0000-00007ff56d6d0fff 0x0002/0x0002 0x0040000
304105c8.101bc: 00007ff56d6d1000-00007ff56d6dffff 0x0001/0x0000 0x0000000
305105c8.101bc: *00007ff56d6e0000-00007ff56d702fff 0x0002/0x0002 0x0040000
306105c8.101bc: 00007ff56d703000-00007ff72a0cffff 0x0001/0x0000 0x0000000
307105c8.101bc: *00007ff72a0d0000-00007ff72a0d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
308105c8.101bc: 00007ff72a0d1000-00007ff72a147fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
309105c8.101bc: 00007ff72a148000-00007ff72a148fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
310105c8.101bc: 00007ff72a149000-00007ff72a191fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
311105c8.101bc: 00007ff72a192000-00007ff72a192fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
312105c8.101bc: 00007ff72a193000-00007ff72a193fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
313105c8.101bc: 00007ff72a194000-00007ff72a198fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
314105c8.101bc: 00007ff72a199000-00007ff72a199fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
315105c8.101bc: 00007ff72a19a000-00007ff72a19afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
316105c8.101bc: 00007ff72a19b000-00007ff72a19efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
317105c8.101bc: 00007ff72a19f000-00007ff72a1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
318105c8.101bc: 00007ff72a1e8000-00007ffd502cffff 0x0001/0x0000 0x0000000
319105c8.101bc: *00007ffd502d0000-00007ffd502d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
320105c8.101bc: 00007ffd502d1000-00007ffd503ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
321105c8.101bc: 00007ffd503ec000-00007ffd50434fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
322105c8.101bc: 00007ffd50435000-00007ffd50440fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
323105c8.101bc: 00007ffd50441000-00007ffd5044ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
324105c8.101bc: 00007ffd50450000-00007ffd50450fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
325105c8.101bc: 00007ffd50451000-00007ffd50453fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
326105c8.101bc: 00007ffd50454000-00007ffd504c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
327105c8.101bc: 00007ffd504c6000-00007ffffffeffff 0x0001/0x0000 0x0000000
328105c8.101bc: supR3HardNtChildPurify: Done after 515 ms and 0 fixes (loop #0).
329d254.105f4: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
330d254.105f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd502d0000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000bdf448)
331d254.105f4: ntdll.dll: timestamp 0xe5d7ed5c (rc=VINF_SUCCESS)
332d254.105f4: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2056192 allocation)
333d254.105f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
334105c8.101bc: supR3HardNtEnableThreadCreationEx:
335d254.105f4: System32: \Device\HarddiskVolume7\Windows\System32
336d254.105f4: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
337d254.105f4: KnownDllPath: C:\WINDOWS\System32
338d254.105f4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
339d254.105f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
340d254.105f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
341d254.105f4: Registered Dll notification callback with NTDLL.
342d254.105f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel32.dll)
343d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel32.dll
344d254.105f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
345d254.105f4: supR3HardenedDllNotificationCallback: load 00007ffd4dda0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
346d254.105f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\KernelBase.dll)
347d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
348d254.105f4: supR3HardenedDllNotificationCallback: load 00007ffd50190000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
349d254.105f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
350d254.105f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50190000 'C:\WINDOWS\System32\KERNEL32.DLL'
351d254.105f4: supR3HardenedDllNotificationCallback: load 00007ff72a0d0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
352d254.105f4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
353d254.105f4: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
354d254.105f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
355d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
356d254.105f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd50344760 pvNtTerminateThread=00007ffd5036c7f0
357105c8.101bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms.
358d254.105f4: \SystemRoot\System32\ntdll.dll:
359d254.105f4: CreationTime: 2020-11-30T15:42:12.685476600Z
360d254.105f4: LastWriteTime: 2020-11-30T15:42:12.713438800Z
361d254.105f4: ChangeTime: 2020-11-30T20:53:08.625150300Z
362d254.105f4: FileAttributes: 0x20
363d254.105f4: Size: 0x1ee338
364d254.105f4: NT Headers: 0xe8
365d254.105f4: Timestamp: 0xe5d7ed5c
366d254.105f4: Machine: 0x8664 - amd64
367d254.105f4: Timestamp: 0xe5d7ed5c
368d254.105f4: Image Version: 10.0
369d254.105f4: SizeOfImage: 0x1f6000 (2056192)
370d254.105f4: Resource Dir: 0x185000 LB 0x6fd28
371d254.105f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
372d254.105f4: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
373d254.105f4: ProductName: Microsoft® Windows® Operating System
374d254.105f4: ProductVersion: 10.0.19041.610
375d254.105f4: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
376d254.105f4: FileDescription: NT Layer DLL
377d254.105f4: \SystemRoot\System32\kernel32.dll:
378d254.105f4: CreationTime: 2020-10-09T20:46:52.282701500Z
379d254.105f4: LastWriteTime: 2020-10-09T20:46:52.298327900Z
380d254.105f4: ChangeTime: 2020-11-30T15:42:52.741304100Z
381d254.105f4: FileAttributes: 0x20
382d254.105f4: Size: 0xbac30
383d254.105f4: NT Headers: 0xe8
384d254.105f4: Timestamp: 0x2f7cc9b6
385d254.105f4: Machine: 0x8664 - amd64
386d254.105f4: Timestamp: 0x2f7cc9b6
387d254.105f4: Image Version: 10.0
388d254.105f4: SizeOfImage: 0xbd000 (774144)
389d254.105f4: Resource Dir: 0xbb000 LB 0x520
390d254.105f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
391d254.105f4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
392d254.105f4: ProductName: Microsoft® Windows® Operating System
393d254.105f4: ProductVersion: 10.0.19041.546
394d254.105f4: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
395d254.105f4: FileDescription: Windows NT BASE API Client DLL
396d254.105f4: \SystemRoot\System32\KernelBase.dll:
397d254.105f4: CreationTime: 2020-10-09T20:47:23.246076200Z
398d254.105f4: LastWriteTime: 2020-10-09T20:47:23.292966400Z
399d254.105f4: ChangeTime: 2020-11-30T15:42:52.827074800Z
400d254.105f4: FileAttributes: 0x20
401d254.105f4: Size: 0x2c8f70
402d254.105f4: NT Headers: 0xf0
403d254.105f4: Timestamp: 0x1183946c
404d254.105f4: Machine: 0x8664 - amd64
405d254.105f4: Timestamp: 0x1183946c
406d254.105f4: Image Version: 10.0
407d254.105f4: SizeOfImage: 0x2c8000 (2916352)
408d254.105f4: Resource Dir: 0x29f000 LB 0x548
409d254.105f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
410d254.105f4: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
411d254.105f4: ProductName: Microsoft® Windows® Operating System
412d254.105f4: ProductVersion: 10.0.19041.572
413d254.105f4: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
414d254.105f4: FileDescription: Windows NT BASE API Client DLL
415d254.105f4: \SystemRoot\System32\apisetschema.dll:
416d254.105f4: CreationTime: 2019-12-07T09:08:13.518339400Z
417d254.105f4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
418d254.105f4: ChangeTime: 2020-11-30T15:42:49.193536900Z
419d254.105f4: FileAttributes: 0x20
420d254.105f4: Size: 0x1f538
421d254.105f4: NT Headers: 0xd0
422d254.105f4: Timestamp: 0x31288ce0
423d254.105f4: Machine: 0x8664 - amd64
424d254.105f4: Timestamp: 0x31288ce0
425d254.105f4: Image Version: 10.0
426d254.105f4: SizeOfImage: 0x20000 (131072)
427d254.105f4: Resource Dir: 0x1f000 LB 0x408
428d254.105f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
429d254.105f4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
430d254.105f4: ProductName: Microsoft® Windows® Operating System
431d254.105f4: ProductVersion: 10.0.19041.1
432d254.105f4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
433d254.105f4: FileDescription: ApiSet Schema DLL
434d254.105f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
435d254.105f4: supR3HardenedWinFindAdversaries: 0x8
436d254.105f4: \SystemRoot\System32\drivers\tmcomm.sys:
437d254.105f4: CreationTime: 2020-10-07T09:47:28.718601900Z
438d254.105f4: LastWriteTime: 2020-08-10T16:54:04.000000000Z
439d254.105f4: ChangeTime: 2020-10-31T18:12:55.548634400Z
440d254.105f4: FileAttributes: 0x20
441d254.105f4: Size: 0x68658
442d254.105f4: NT Headers: 0xf8
443d254.105f4: Timestamp: 0x5ecd0040
444d254.105f4: Machine: 0x8664 - amd64
445d254.105f4: Timestamp: 0x5ecd0040
446d254.105f4: Image Version: 10.0
447d254.105f4: SizeOfImage: 0x69000 (430080)
448d254.105f4: Resource Dir: 0x67000 LB 0x568
449d254.105f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
450d254.105f4: [Raw version resource data: 0x67060 LB 0x508, codepage 0x0 (reserved 0x0)]
451d254.105f4: ProductName: Trend Micro Eyes
452d254.105f4: ProductVersion: 8.20
453d254.105f4: FileVersion: 8.20.0.1040
454d254.105f4: SpecialBuild: 1040
455d254.105f4: PrivateBuild: Build 1040 - 5/26/2020
456d254.105f4: FileDescription: TrendMicro Common Module
457d254.105f4: \SystemRoot\System32\drivers\tmactmon.sys:
458d254.105f4: CreationTime: 2020-10-07T09:47:28.701645800Z
459d254.105f4: LastWriteTime: 2020-07-22T18:06:24.000000000Z
460d254.105f4: ChangeTime: 2020-10-31T18:12:55.548634400Z
461d254.105f4: FileAttributes: 0x20
462d254.105f4: Size: 0x24118
463d254.105f4: NT Headers: 0xf8
464d254.105f4: Timestamp: 0x5f18000d
465d254.105f4: Machine: 0x8664 - amd64
466d254.105f4: Timestamp: 0x5f18000d
467d254.105f4: Image Version: 6.0
468d254.105f4: SizeOfImage: 0x27000 (159744)
469d254.105f4: Resource Dir: 0x25000 LB 0x5d0
470d254.105f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
471d254.105f4: [Raw version resource data: 0x25060 LB 0x570, codepage 0x0 (reserved 0x0)]
472d254.105f4: ProductName: Trend Micro AEGIS
473d254.105f4: ProductVersion: 2.98
474d254.105f4: FileVersion: 2.98.0.1461
475d254.105f4: SpecialBuild: 1461
476d254.105f4: PrivateBuild: Build 1461 - $(build_date)
477d254.105f4: FileDescription: TrendMicro Activity Monitor Module
478d254.105f4: \SystemRoot\System32\drivers\tmevtmgr.sys:
479d254.105f4: CreationTime: 2020-10-07T09:47:28.744532500Z
480d254.105f4: LastWriteTime: 2020-07-22T18:06:22.000000000Z
481d254.105f4: ChangeTime: 2020-10-31T18:12:55.548634400Z
482d254.105f4: FileAttributes: 0x20
483d254.105f4: Size: 0x19ac0
484d254.105f4: NT Headers: 0xf0
485d254.105f4: Timestamp: 0x5f180008
486d254.105f4: Machine: 0x8664 - amd64
487d254.105f4: Timestamp: 0x5f180008
488d254.105f4: Image Version: 6.0
489d254.105f4: SizeOfImage: 0x19000 (102400)
490d254.105f4: Resource Dir: 0x17000 LB 0x5d0
491d254.105f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
492d254.105f4: [Raw version resource data: 0x17060 LB 0x570, codepage 0x0 (reserved 0x0)]
493d254.105f4: ProductName: Trend Micro AEGIS
494d254.105f4: ProductVersion: 2.98
495d254.105f4: FileVersion: 2.98.0.1461
496d254.105f4: SpecialBuild: 1461
497d254.105f4: PrivateBuild: Build 1461 - $(build_date)
498d254.105f4: FileDescription: TrendMicro Event Management Module
499d254.105f4: \SystemRoot\System32\drivers\tmeevw.sys:
500d254.105f4: CreationTime: 2020-10-07T09:47:28.735556200Z
501d254.105f4: LastWriteTime: 2020-06-22T18:39:44.000000000Z
502d254.105f4: ChangeTime: 2020-10-31T18:12:55.548634400Z
503d254.105f4: FileAttributes: 0x20
504d254.105f4: Size: 0x25488
505d254.105f4: NT Headers: 0xe8
506d254.105f4: Timestamp: 0x5dba9302
507d254.105f4: Machine: 0x8664 - amd64
508d254.105f4: Timestamp: 0x5dba9302
509d254.105f4: Image Version: 10.0
510d254.105f4: SizeOfImage: 0x26000 (155648)
511d254.105f4: Resource Dir: 0x1f000 LB 0x5318
512d254.105f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
513d254.105f4: [Raw version resource data: 0x23e1c LB 0x4fc, codepage 0x4e4 (reserved 0x0)]
514d254.105f4: ProductName: Trend Micro EagleEye 3.5
515d254.105f4: ProductVersion: 3.5
516d254.105f4: FileVersion: 3.5.0.1017
517d254.105f4: SpecialBuild: 1017
518d254.105f4: PrivateBuild: Build 1017 - 10/31/2019
519d254.105f4: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
520d254.105f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
521d254.105f4: Calling main()
522d254.105f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
523d254.105f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
524d254.105f4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
525d254.105f4: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
526d254.105f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
527d254.105f4: SUPR3HardenedMain: Respawn #2
528d254.105f4: supR3HardNtEnableThreadCreationEx:
529d254.105f4: supR3HardenedDllNotificationCallback: load 00007ffd4e8a0000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
530d254.105f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll)
531d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
532d254.105f4: supR3HardenedDllNotificationCallback: load 00007ffd4fd80000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
533d254.105f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
534d254.105f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\sechost.dll)
535d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\sechost.dll
536d254.105f4: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
537d254.105f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ntdll.dll)
538d254.105f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ntdll.dll
539d254.105f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
540d254.105f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
541d254.105f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
542d254.105f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
543d254.105f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd502d0000 'C:\WINDOWS\System32\ntdll.dll'
544d254.105f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd50344760 pvNtTerminateThread=00007ffd5036c7f0
545d254.105f4: supR3HardenedWinDoReSpawn(2): New child 10600.9604 [kernel32].
546d254.105f4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
547d254.105f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000b08000 cbPeb=0x388
548d254.105f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd502d0000 uNtDllChildAddr=00007ffd502d0000
549d254.105f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd50344760
550d254.105f4: supR3HardenedWinSetupChildInit: Initial context:
551 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff72a0d7900 rdx=0000000000b08000
552 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
553 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
554 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
555 rip=00007ffd5031cea0 rsp=0000000000cffea8 rbp=0000000000000000 ctxflags=0010001b
556 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
557 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
558 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
559 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
560 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
561d254.105f4: kernel32.dll: timestamp 0x2f7cc9b6 (rc=VINF_SUCCESS)
562d254.105f4: supR3HardenedWinSetupChildInit: Start child.
563d254.105f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
564d254.105f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 34 sleeps
565d254.105f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
566d254.105f4: *0000000000000000-000000000092ffff 0x0001/0x0000 0x0000000
567d254.105f4: *0000000000930000-000000000094ffff 0x0004/0x0004 0x0020000
568d254.105f4: *0000000000950000-000000000096cfff 0x0002/0x0002 0x0040000
569d254.105f4: 000000000096d000-000000000096ffff 0x0001/0x0000 0x0000000
570d254.105f4: *0000000000970000-0000000000973fff 0x0002/0x0002 0x0040000
571d254.105f4: 0000000000974000-000000000097ffff 0x0001/0x0000 0x0000000
572d254.105f4: *0000000000980000-0000000000981fff 0x0004/0x0004 0x0020000
573d254.105f4: 0000000000982000-00000000009fffff 0x0001/0x0000 0x0000000
574d254.105f4: *0000000000a00000-0000000000b07fff 0x0000/0x0004 0x0020000
575d254.105f4: 0000000000b08000-0000000000b0afff 0x0004/0x0004 0x0020000
576d254.105f4: 0000000000b0b000-0000000000bfffff 0x0000/0x0004 0x0020000
577d254.105f4: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
578d254.105f4: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
579d254.105f4: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
580d254.105f4: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
581d254.105f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
582d254.105f4: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
583d254.105f4: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
584d254.105f4: 000000007ffe3000-00007ff5e236ffff 0x0001/0x0000 0x0000000
585d254.105f4: *00007ff5e2370000-00007ff5e2370fff 0x0002/0x0002 0x0040000
586d254.105f4: 00007ff5e2371000-00007ff5e237ffff 0x0001/0x0000 0x0000000
587d254.105f4: *00007ff5e2380000-00007ff5e23a2fff 0x0002/0x0002 0x0040000
588d254.105f4: 00007ff5e23a3000-00007ff72a0cffff 0x0001/0x0000 0x0000000
589d254.105f4: *00007ff72a0d0000-00007ff72a0d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
590d254.105f4: 00007ff72a0d1000-00007ff72a147fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
591d254.105f4: 00007ff72a148000-00007ff72a148fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
592d254.105f4: 00007ff72a149000-00007ff72a191fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
593d254.105f4: 00007ff72a192000-00007ff72a192fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
594d254.105f4: 00007ff72a193000-00007ff72a193fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
595d254.105f4: 00007ff72a194000-00007ff72a198fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
596d254.105f4: 00007ff72a199000-00007ff72a199fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
597d254.105f4: 00007ff72a19a000-00007ff72a19afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
598d254.105f4: 00007ff72a19b000-00007ff72a19efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
599d254.105f4: 00007ff72a19f000-00007ff72a1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
600d254.105f4: 00007ff72a1e8000-00007ffd502cffff 0x0001/0x0000 0x0000000
601d254.105f4: *00007ffd502d0000-00007ffd502d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
602d254.105f4: 00007ffd502d1000-00007ffd503ebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
603d254.105f4: 00007ffd503ec000-00007ffd50434fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
604d254.105f4: 00007ffd50435000-00007ffd50440fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
605d254.105f4: 00007ffd50441000-00007ffd5044ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
606d254.105f4: 00007ffd50450000-00007ffd50450fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
607d254.105f4: 00007ffd50451000-00007ffd50453fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
608d254.105f4: 00007ffd50454000-00007ffd504c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\Windows\System32\ntdll.dll
609d254.105f4: 00007ffd504c6000-00007ffffffeffff 0x0001/0x0000 0x0000000
610d254.105f4: VirtualBoxVM.exe: timestamp 0x5f89bd71 (rc=VINF_SUCCESS)
611d254.105f4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
612d254.105f4: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
613d254.105f4: '\Device\HarddiskVolume7\Windows\System32\ntdll.dll' has no imports
614d254.105f4: supR3HardNtChildPurify: Done after 548 ms and 0 fixes (loop #0).
61510600.9604: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
61610600.9604: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd502d0000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000cff938)
61710600.9604: ntdll.dll: timestamp 0xe5d7ed5c (rc=VINF_SUCCESS)
61810600.9604: New simple heap: #1 0000000000e00000 LB 0x400000 (for 2056192 allocation)
619d254.105f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
620d254.105f4: supR3HardNtEnableThreadCreationEx:
62110600.9604: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
62210600.9604: System32: \Device\HarddiskVolume7\Windows\System32
62310600.9604: WinSxS: \Device\HarddiskVolume7\Windows\WinSxS
62410600.9604: KnownDllPath: C:\WINDOWS\System32
62510600.9604: supR3HardenedVmProcessInit: Opening vboxdrv...
62610600.9604: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
62710600.9604: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
62810600.9604: Registered Dll notification callback with NTDLL.
62910600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel32.dll)
63010600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel32.dll
63110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
63210600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4dda0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
63310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\KernelBase.dll)
63410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\KernelBase.dll
63510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd50190000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
63610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
63710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50190000 'C:\WINDOWS\System32\KERNEL32.DLL'
63810600.9604: supR3HardenedDllNotificationCallback: load 00007ff72a0d0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
63910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
64010600.9604: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
64110600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
64210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
64310600.9604: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd50344760 pvNtTerminateThread=00007ffd5036c7f0
644d254.105f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 119 ms.
64510600.9604: \SystemRoot\System32\ntdll.dll:
64610600.9604: CreationTime: 2020-11-30T15:42:12.685476600Z
64710600.9604: LastWriteTime: 2020-11-30T15:42:12.713438800Z
64810600.9604: ChangeTime: 2020-11-30T20:53:08.625150300Z
64910600.9604: FileAttributes: 0x20
65010600.9604: Size: 0x1ee338
65110600.9604: NT Headers: 0xe8
65210600.9604: Timestamp: 0xe5d7ed5c
65310600.9604: Machine: 0x8664 - amd64
65410600.9604: Timestamp: 0xe5d7ed5c
65510600.9604: Image Version: 10.0
65610600.9604: SizeOfImage: 0x1f6000 (2056192)
65710600.9604: Resource Dir: 0x185000 LB 0x6fd28
65810600.9604: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
65910600.9604: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
66010600.9604: ProductName: Microsoft® Windows® Operating System
66110600.9604: ProductVersion: 10.0.19041.610
66210600.9604: FileVersion: 10.0.19041.610 (WinBuild.160101.0800)
66310600.9604: FileDescription: NT Layer DLL
66410600.9604: \SystemRoot\System32\kernel32.dll:
66510600.9604: CreationTime: 2020-10-09T20:46:52.282701500Z
66610600.9604: LastWriteTime: 2020-10-09T20:46:52.298327900Z
66710600.9604: ChangeTime: 2020-11-30T15:42:52.741304100Z
66810600.9604: FileAttributes: 0x20
66910600.9604: Size: 0xbac30
67010600.9604: NT Headers: 0xe8
67110600.9604: Timestamp: 0x2f7cc9b6
67210600.9604: Machine: 0x8664 - amd64
67310600.9604: Timestamp: 0x2f7cc9b6
67410600.9604: Image Version: 10.0
67510600.9604: SizeOfImage: 0xbd000 (774144)
67610600.9604: Resource Dir: 0xbb000 LB 0x520
67710600.9604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
67810600.9604: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
67910600.9604: ProductName: Microsoft® Windows® Operating System
68010600.9604: ProductVersion: 10.0.19041.546
68110600.9604: FileVersion: 10.0.19041.546 (WinBuild.160101.0800)
68210600.9604: FileDescription: Windows NT BASE API Client DLL
68310600.9604: \SystemRoot\System32\KernelBase.dll:
68410600.9604: CreationTime: 2020-10-09T20:47:23.246076200Z
68510600.9604: LastWriteTime: 2020-10-09T20:47:23.292966400Z
68610600.9604: ChangeTime: 2020-11-30T15:42:52.827074800Z
68710600.9604: FileAttributes: 0x20
68810600.9604: Size: 0x2c8f70
68910600.9604: NT Headers: 0xf0
69010600.9604: Timestamp: 0x1183946c
69110600.9604: Machine: 0x8664 - amd64
69210600.9604: Timestamp: 0x1183946c
69310600.9604: Image Version: 10.0
69410600.9604: SizeOfImage: 0x2c8000 (2916352)
69510600.9604: Resource Dir: 0x29f000 LB 0x548
69610600.9604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
69710600.9604: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
69810600.9604: ProductName: Microsoft® Windows® Operating System
69910600.9604: ProductVersion: 10.0.19041.572
70010600.9604: FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
70110600.9604: FileDescription: Windows NT BASE API Client DLL
70210600.9604: \SystemRoot\System32\apisetschema.dll:
70310600.9604: CreationTime: 2019-12-07T09:08:13.518339400Z
70410600.9604: LastWriteTime: 2019-12-07T09:08:13.518339400Z
70510600.9604: ChangeTime: 2020-11-30T15:42:49.193536900Z
70610600.9604: FileAttributes: 0x20
70710600.9604: Size: 0x1f538
70810600.9604: NT Headers: 0xd0
70910600.9604: Timestamp: 0x31288ce0
71010600.9604: Machine: 0x8664 - amd64
71110600.9604: Timestamp: 0x31288ce0
71210600.9604: Image Version: 10.0
71310600.9604: SizeOfImage: 0x20000 (131072)
71410600.9604: Resource Dir: 0x1f000 LB 0x408
71510600.9604: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
71610600.9604: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
71710600.9604: ProductName: Microsoft® Windows® Operating System
71810600.9604: ProductVersion: 10.0.19041.1
71910600.9604: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
72010600.9604: FileDescription: ApiSet Schema DLL
72110600.9604: NtOpenDirectoryObject failed on \Driver: 0xc0000022
72210600.9604: supR3HardenedWinFindAdversaries: 0x8
72310600.9604: \SystemRoot\System32\drivers\tmcomm.sys:
72410600.9604: CreationTime: 2020-10-07T09:47:28.718601900Z
72510600.9604: LastWriteTime: 2020-08-10T16:54:04.000000000Z
72610600.9604: ChangeTime: 2020-10-31T18:12:55.548634400Z
72710600.9604: FileAttributes: 0x20
72810600.9604: Size: 0x68658
72910600.9604: NT Headers: 0xf8
73010600.9604: Timestamp: 0x5ecd0040
73110600.9604: Machine: 0x8664 - amd64
73210600.9604: Timestamp: 0x5ecd0040
73310600.9604: Image Version: 10.0
73410600.9604: SizeOfImage: 0x69000 (430080)
73510600.9604: Resource Dir: 0x67000 LB 0x568
73610600.9604: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73710600.9604: [Raw version resource data: 0x67060 LB 0x508, codepage 0x0 (reserved 0x0)]
73810600.9604: ProductName: Trend Micro Eyes
73910600.9604: ProductVersion: 8.20
74010600.9604: FileVersion: 8.20.0.1040
74110600.9604: SpecialBuild: 1040
74210600.9604: PrivateBuild: Build 1040 - 5/26/2020
74310600.9604: FileDescription: TrendMicro Common Module
74410600.9604: \SystemRoot\System32\drivers\tmactmon.sys:
74510600.9604: CreationTime: 2020-10-07T09:47:28.701645800Z
74610600.9604: LastWriteTime: 2020-07-22T18:06:24.000000000Z
74710600.9604: ChangeTime: 2020-10-31T18:12:55.548634400Z
74810600.9604: FileAttributes: 0x20
74910600.9604: Size: 0x24118
75010600.9604: NT Headers: 0xf8
75110600.9604: Timestamp: 0x5f18000d
75210600.9604: Machine: 0x8664 - amd64
75310600.9604: Timestamp: 0x5f18000d
75410600.9604: Image Version: 6.0
75510600.9604: SizeOfImage: 0x27000 (159744)
75610600.9604: Resource Dir: 0x25000 LB 0x5d0
75710600.9604: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
75810600.9604: [Raw version resource data: 0x25060 LB 0x570, codepage 0x0 (reserved 0x0)]
75910600.9604: ProductName: Trend Micro AEGIS
76010600.9604: ProductVersion: 2.98
76110600.9604: FileVersion: 2.98.0.1461
76210600.9604: SpecialBuild: 1461
76310600.9604: PrivateBuild: Build 1461 - $(build_date)
76410600.9604: FileDescription: TrendMicro Activity Monitor Module
76510600.9604: \SystemRoot\System32\drivers\tmevtmgr.sys:
76610600.9604: CreationTime: 2020-10-07T09:47:28.744532500Z
76710600.9604: LastWriteTime: 2020-07-22T18:06:22.000000000Z
76810600.9604: ChangeTime: 2020-10-31T18:12:55.548634400Z
76910600.9604: FileAttributes: 0x20
77010600.9604: Size: 0x19ac0
77110600.9604: NT Headers: 0xf0
77210600.9604: Timestamp: 0x5f180008
77310600.9604: Machine: 0x8664 - amd64
77410600.9604: Timestamp: 0x5f180008
77510600.9604: Image Version: 6.0
77610600.9604: SizeOfImage: 0x19000 (102400)
77710600.9604: Resource Dir: 0x17000 LB 0x5d0
77810600.9604: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
77910600.9604: [Raw version resource data: 0x17060 LB 0x570, codepage 0x0 (reserved 0x0)]
78010600.9604: ProductName: Trend Micro AEGIS
78110600.9604: ProductVersion: 2.98
78210600.9604: FileVersion: 2.98.0.1461
78310600.9604: SpecialBuild: 1461
78410600.9604: PrivateBuild: Build 1461 - $(build_date)
78510600.9604: FileDescription: TrendMicro Event Management Module
78610600.9604: \SystemRoot\System32\drivers\tmeevw.sys:
78710600.9604: CreationTime: 2020-10-07T09:47:28.735556200Z
78810600.9604: LastWriteTime: 2020-06-22T18:39:44.000000000Z
78910600.9604: ChangeTime: 2020-10-31T18:12:55.548634400Z
79010600.9604: FileAttributes: 0x20
79110600.9604: Size: 0x25488
79210600.9604: NT Headers: 0xe8
79310600.9604: Timestamp: 0x5dba9302
79410600.9604: Machine: 0x8664 - amd64
79510600.9604: Timestamp: 0x5dba9302
79610600.9604: Image Version: 10.0
79710600.9604: SizeOfImage: 0x26000 (155648)
79810600.9604: Resource Dir: 0x1f000 LB 0x5318
79910600.9604: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
80010600.9604: [Raw version resource data: 0x23e1c LB 0x4fc, codepage 0x4e4 (reserved 0x0)]
80110600.9604: ProductName: Trend Micro EagleEye 3.5
80210600.9604: ProductVersion: 3.5
80310600.9604: FileVersion: 3.5.0.1017
80410600.9604: SpecialBuild: 1017
80510600.9604: PrivateBuild: Build 1017 - 10/31/2019
80610600.9604: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
80710600.9604: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
80810600.9604: Calling main()
80910600.9604: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
81010600.9604: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox'
81110600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
81210600.9604: '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
81310600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
81410600.9604: SUPR3HardenedMain: Final process, opening VBoxDrv...
81510600.9604: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
81610600.9604: supR3HardNtEnableThreadCreationEx:
81710600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
81810600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
81910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
82010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
82110600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
82210600.9604: supR3HardenedDllNotificationCallback: load 00007ffd485e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
82310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
82410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
82510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd485e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
82710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
82810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd485e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
83010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd485e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
83110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
83210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
83310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wintrust.dll)
83410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wintrust.dll
83510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
83610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
83710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll)
83810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
83910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
84010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
84110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msvcrt.dll)
84210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
84310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
84410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4ef50000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
84510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
84610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e8a0000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
84710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
84810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4dd40000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
84910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
85010600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4dae0000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
85110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ucrtbase.dll)
85210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ucrtbase.dll
85310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4dbe0000 LB 0x0015d000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
85410600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\crypt32.dll)
85510600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\crypt32.dll
85610600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
85710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
85810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-synch-l1-2-0'
85910600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
86010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
86110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-fibers-l1-1-1'
86210600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
86310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
86410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-fibers-l1-1-1'
86510600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
86610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
86710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-synch-l1-2-0'
86810600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
86910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
87010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-localization-l1-2-1'
87110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msasn1.dll)
87210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msasn1.dll
87310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d600000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
87410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
87510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dd40000 'C:\WINDOWS\system32\Wintrust.dll'
87610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\bcrypt.dll)
87710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
87810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
87910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4da10000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
88010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
88110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4da10000 'C:\WINDOWS\system32\bcrypt.dll'
88210600.9604: bcrypt.dll loaded at 00007ffd4da10000, BCryptOpenAlgorithmProvider at 00007ffd4da151e0, preloading providers:
88310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll)
88410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
88510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e070000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
88710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
88810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4e070000 'C:\WINDOWS\system32\bcryptprimitives.dll'
88910600.9604: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000139f390)
89010600.9604: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000139f900)
89110600.9604: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000013a0430)
89210600.9604: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000013a0750)
89310600.9604: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000013a0a70)
89410600.9604: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000013a0d90)
89510600.9604: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000013a10b0)
89610600.9604: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000013a13d0)
89710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cryptsp.dll)
89810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptsp.dll
89910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d3d0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
90010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
90110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
90210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\rsaenh.dll)
90310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
90410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
90510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
90610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
90710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
90810600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
90910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4cb20000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
91010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
91110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
91210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cryptbase.dll)
91310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptbase.dll
91410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d3f0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
91510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
91610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
91710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50190000 'C:\WINDOWS\System32\kernel32.dll'
91910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
92010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
92110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dd40000 'C:\WINDOWS\System32\WINTRUST.DLL'
92210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
92310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
92410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\CRYPT32.dll'
92510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e330000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
92610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\imagehlp.dll)
92710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\imagehlp.dll
92810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
92910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
93110600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4fd80000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
93210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
93310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\sechost.dll)
93410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\sechost.dll
93510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
93610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
93710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gpapi.dll)
93810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gpapi.dll
93910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4b9c0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
94010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
94110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\profapi.dll)
94210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\profapi.dll
94310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d940000 LB 0x00026000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
94410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\profapi.dll [lacks WinVerifyTrust]
94510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
94610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
94710600.9604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\cryptnet.dll)
94810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cryptnet.dll
94910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
95010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume7\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
95110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
95210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
95410600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
95510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
95610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
95710600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
95810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
96010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
96110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
96210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
96310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
96410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96510600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
96610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd44e80000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
96710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
96810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
96910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
97010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
97110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
97210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
97310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
97410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
97510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
97610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
97710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
97810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
97910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
98010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
98210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
98310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
98510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
98610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
98810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
99010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
99210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
99410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
99610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\WINDOWS\System32\cryptnet.dll'
99710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44e80000 'C:\Windows\System32\cryptnet.dll'
99910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4fc40000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
100010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
100110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
100210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
100310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\advapi32.dll)
100410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\advapi32.dll
100510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
100610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
100710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
100810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
100910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
101010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume7\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
101110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\sechost.dll [lacks WinVerifyTrust]
101210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
101310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
101410600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
101510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
101710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
101810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
102010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
102110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001414b90
102210600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
102310600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC9603AAA8E3B88E651DB1C09CDA930DC7E67DCE
102410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
102510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4e8a0000 'C:\WINDOWS\System32\rpcrt4.dll'
102710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
102810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
103010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
103110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
103310600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\SystemRoot\System32\ntdll.dll'
103410600.9604: g_pfnWinVerifyTrust=00007ffd4dd41da0
103510600.9604: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
103610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
103710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
103910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
104010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
104210600.9604: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\crypt32.dll'
104310600.9604: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
104410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
104510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
104710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
104810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
105010600.9604: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\wintrust.dll'
105110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
105210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
105410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
105510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
105710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\advapi32.dll'
105810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume7\Windows\System32\cryptnet.dll
105910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
106010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
106110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45ECE98858B46D7A91C9972C8F2F62C2E8A43CC
106210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
106310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
106410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
106510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\cryptnet.dll'
106610600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptnet.dll'
106810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
106910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
107010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
107110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\profapi.dll'
107210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
107410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
107510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gpapi.dll'
107610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
107810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
107910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\sechost.dll'
108010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
108110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
108210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
108310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\imagehlp.dll'
108410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
108510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
108610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
108710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptbase.dll'
108810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
108910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
109010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
109110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\rsaenh.dll'
109210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
109310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
109510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
109610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
109810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cryptsp.dll'
109910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
110010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
110110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll'
110210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
110310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
110410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\bcrypt.dll'
110510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
110610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
110710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msasn1.dll'
110810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
110910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
111010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\ucrtbase.dll'
111110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
111210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
111310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll'
111410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
111510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
111610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll'
111710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
111810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
111910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
112010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
112110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
112210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
112310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\KernelBase.dll'
112410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
112510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
112610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\kernel32.dll'
112710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\system32\crypt32.dll'
112810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
112910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x7fb9ba2e16e5e000 OU=Created by http://www.fiddler2.com, O=DO_NOT_TRUST, CN=DO_NOT_TRUST_FiddlerRoot
113010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x17d2893f1961d700 OU=Created by http://www.fiddler2.com, O=DO_NOT_TRUST, CN=DO_NOT_TRUST_FiddlerRoot
113110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
113210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
113310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
113410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
113510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
113610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
113710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa5b017953e69cbe7 O=Crossmatch, CN=Altus Local client Certificate Authority
113810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
113910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1a9b1b5312c400 CN=ekran1.empowerit.co.uk
114010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
114110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
114210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x361e6ec2d4ccd800 CN=WIN10x64
114310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
114410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
114510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x1c1a03ed3e95a700 OU=Created by http://www.fiddler2.com, O=DO_NOT_TRUST, CN=DO_NOT_TRUST_FiddlerRoot
114610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
114710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
114810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
114910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x640545bd96da8950 CN=http://openvpn.net/localca.html #1574957060
115010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
115110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
115210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
115310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
115410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
115510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
115610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
115710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
115810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
115910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
116010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
116110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
116210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
116310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
116410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
116510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
116610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
116710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
116810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
116910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
117010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
117110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
117210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
117310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
117410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
117510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
117610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
117710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
117810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
117910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
118010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
118110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
118210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
118310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
118410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
118510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
118610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
118710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
118810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
118910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
119010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
119110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
119210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
119310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
119410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
119510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
119610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
119710600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
119810600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
119910600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
120010600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
120110600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
120210600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
120310600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
120410600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
120510600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
120610600.9604: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
120710600.9604: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=79
120810600.9604: SUPR3HardenedMain: Load Runtime...
120910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
121010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
121110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
121210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
121310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
121410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
121510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
121610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
121710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
121810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
121910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
122010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
122110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
122210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ws2_32.dll) WinVerifyTrust
122310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
122410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
122510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
122610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
122710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
122810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
122910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
123010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
123110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
123210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
123310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
123410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
123510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
123610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
123710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
123810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
123910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
124010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124210600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
124310600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
124410600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll)
124510600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
124610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
124710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
124810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
124910600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
125010600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
125110600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
125210600.9604: supR3HardenedDllNotificationCallback: load 00000000553e0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
125310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
125410600.9604: supR3HardenedDllNotificationCallback: load 0000000055340000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
125510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
125610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd50120000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
125710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
125810600.9604: supR3HardenedDllNotificationCallback: load 00007ffcb8e10000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
125910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
126010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
126310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
126410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
127010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
127110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
127710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
127810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128110600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
128410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
128510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128610600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128810600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
129110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
129210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129310600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
129810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
129910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
134010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
134110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
134210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
134410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
134610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
134710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
134910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
135210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
135710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
136210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
136710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
137210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
137710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141710600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxRT.dll
142210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142610600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143110600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143410600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
143810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll'
143910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wintrust.dll
144010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
144110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dd40000 'C:\WINDOWS\system32\Wintrust.dll'
144210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
144310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
144410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
144510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
144610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
144710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
144810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\system32\crypt32.dll'
144910600.9604: SUPR3HardenedMain: Load TrustedMain...
145010600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
145110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
145210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
145310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
145410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
145510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
145610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
145710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
145810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
145910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
146010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
146110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
146210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
146310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
146410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
146510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
146610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
146710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
146810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
146910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
147010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
147110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
147210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winmm.dll) WinVerifyTrust
147310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winmm.dll
147410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
147510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
147610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
147710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
147810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
147910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
148010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
148110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
148210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
148310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
148410600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\oleaut32.dll) WinVerifyTrust
148510600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
148610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
148710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
148810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
148910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
149010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
149110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
149210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
149310600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
149410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
149510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\combase.dll)
149610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\combase.dll
149710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
149810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
149910600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
150010600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll)
150110600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
150210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
150310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
150410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
150510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
150610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
150710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
150810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
150910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
151010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
151110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
151210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ole32.dll) WinVerifyTrust
151310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ole32.dll
151410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
151710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
151810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [lacks WinVerifyTrust]
151910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
152010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
152110600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
152210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
152310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
152410600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\user32.dll)
152510600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\user32.dll
152610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
152710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
152810600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
152910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
153010600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gdi32.dll)
153110600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gdi32.dll
153210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
153310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
153410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
153510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
153610600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
153710600.9604: '\Device\HarddiskVolume7\Windows\System32\win32u.dll' has no imports
153810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\win32u.dll)
153910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\win32u.dll
154010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
154110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
154210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
154310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
154410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
154510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [lacks WinVerifyTrust]
154610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
154710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
154810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
154910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
155010600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\user32.dll) WinVerifyTrust
155110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
155210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
155310600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
155410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
155510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
155610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
155710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
155810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
155910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [lacks WinVerifyTrust]
156010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
156110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
156210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
156310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
156410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
156510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
156610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
156710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
156810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
156910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
157010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
157110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
157210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
157310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
157410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
157510600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
157610600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
157710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
157810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
157910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
158010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
158110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
158210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
158310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
158410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
158510600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
158610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
158710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
158810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
158910600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
159010600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
159110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
159210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
159310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
159410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
159510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
159610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
159710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
159810600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
159910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
160010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
160110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
160210600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
160310600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
160410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
160510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
160610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
160710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
160810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
160910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
161010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
161110600.9604: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
161210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
161310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
161410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
161510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
161610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
161710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
161810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
161910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
162010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
162110600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
162210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
162310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
162410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
162510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\shell32.dll)
162610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\shell32.dll
162710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
162810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
162910600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
163010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
163110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
163210600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
163310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
163610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
163910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
164010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
164110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
164210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
164310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
164410600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
164510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
164610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
164710600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
164810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
165110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
165210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
165310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
165410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
165510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
165610600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\opengl32.dll'.
165710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
165810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
165910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
166010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
166110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
166210600.9604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\opengl32.dll)
166310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\opengl32.dll
166410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
166510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
166610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
166710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
166810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
166910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
167010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
167110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
167210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
167310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
167410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
167510600.9604: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
167610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\mpr.dll)
167710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\mpr.dll
167810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
167910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
168010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
168110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
168210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
168310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
168410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
168510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
168610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
168710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
168810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
168910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [lacks WinVerifyTrust]
169010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
169110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
169210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
169310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
169410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
169510600.9604: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
169610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
169710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
169810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
169910600.9604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\glu32.dll)
170010600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\glu32.dll
170110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
170210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
170310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
170410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
170710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
170810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
170910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
171010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
171110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
171210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
171310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
171410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
171510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
171610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
171810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
171910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
172010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
172110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
172210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
172310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
172410600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
172510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
172610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172710600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
172810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
172910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
173010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
173110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
173210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
173310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
173410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
173510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
173610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
173710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
173810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
173910600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
174010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
174110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
174210600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
174310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
174410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
174510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
174610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
174710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
174810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
174910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
175010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
175110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [lacks WinVerifyTrust]
175210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
175310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
175410600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
175510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
175610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
175710600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
175810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
176110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
176210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
176310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
176410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
176510600.9604: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
176610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
176710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
176810600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
176910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
177010600.9604: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
177110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
177210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
177310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
177410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
177510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
177610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
177710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
177810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
177910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
178010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
178110600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
178210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
178310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
178410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
178510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
178610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
178710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
178810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
178910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
179010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
179110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
179210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
179310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
179410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
179510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
179610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume7\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
179710600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
179810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume7\Windows\System32\opengl32.dll
179910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
180010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
180110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F14F1B7D8729223C0DB5ABA6EC95E5C5A3D6D1EC
180210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
180310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
180410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
180510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
180610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
180710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
180810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
180910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
181010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
181110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
181210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
181310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
181410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
181510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [lacks WinVerifyTrust]
181610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
181710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
181810600.9604: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
181910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
182010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
182110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
182210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
182310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
182410600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
182510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
182610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
182710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
182810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
182910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
183010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
183110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\opengl32.dll'
183210600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
183310600.9604: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\opengl32.dll'
183410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
183510600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
183610600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll
183710600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
183810600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
183910600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
184010600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
184110600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
184210600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
184310600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
184410600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
184510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e0f0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
184610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
184710600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4da40000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
184810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
184910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e220000 LB 0x00109000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
185010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
185110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
185210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
185310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
185410600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\gdi32full.dll)
185510600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\gdi32full.dll
185610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd50260000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
185710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
185810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4eff0000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
185910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [avoiding WinVerifyTrust]
186010600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e540000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
186110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll [avoiding WinVerifyTrust]
186210600.9604: supR3HardenedDllNotificationCallback: load 00007ffd14480000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
186310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
186410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd144f0000 LB 0x00125000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
186510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\opengl32.dll
186610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4f2b0000 LB 0x00741000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
186710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
186810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4fa00000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
186910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
187010600.9604: supR3HardenedDllNotificationCallback: load 00007ffd3e7a0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
187110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
187210600.9604: supR3HardenedDllNotificationCallback: load 0000000053d80000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
187310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
187410600.9604: supR3HardenedDllNotificationCallback: load 00007ffcb8810000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
187510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
187610600.9604: supR3HardenedDllNotificationCallback: load 0000000053810000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
187710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
187810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4fea0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
187910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
188010600.9604: supR3HardenedDllNotificationCallback: load 00007ffc99040000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
188110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\UICommon.dll
188210600.9604: supR3HardenedDllNotificationCallback: load 00000000552e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
188310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
188410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd3dfb0000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
188510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
188610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd1fe90000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
188710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
188810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
188910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
189010600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
189110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
189210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
189310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
189410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
189510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
189610600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
189710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
189810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
189910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
190010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
190110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
190210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
190310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
190410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
190510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
190610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
190710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
190810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll
190910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
191010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
191110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [redoing WinVerifyTrust]
191210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
191310600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\win32u.dll
191410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
191610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [redoing WinVerifyTrust]
191710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
191810600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\user32.dll
191910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
192010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
192110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
192210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
192310600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\gdi32.dll
192410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
192510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
192610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
192710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
192810600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
192910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
193010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50190000 'C:\WINDOWS\System32\kernel32.dll'
193110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
193210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
193310600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
193410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
193510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
193610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
193710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
193810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
193910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
194010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
194110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
194210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
194310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
194410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
194510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
194610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
194710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
194810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
194910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
195010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
195110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
195210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
195310600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
195410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
195510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
195610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
195710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
195810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
195910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
196010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
196110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
196210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
196310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
196410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
196510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
196610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
196710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
196810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
196910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
197010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
197110600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
197210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
197310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-string-l1-1-0'
197410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
197510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
197610600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
197710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
197810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
197910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
198010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
198110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
198210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
198310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
198410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
198510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
198610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
198710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
198810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
198910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
199010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
199110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
199210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
199310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
199410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
199510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
199610600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
199710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
199810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
199910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
200010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
200110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
200210600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
200310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
200410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
200510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
200610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
200710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
200810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
200910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
201010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
201110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
201210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
201310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
201410600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
201510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
201610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-datetime-l1-1-1'
201710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
201810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
201910600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
202010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
202110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
202210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
202310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
202410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
202510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
202610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
202710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
202810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
202910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
203010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
203110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
203210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
203310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
203410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
203510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
203610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
203710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
203810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
203910600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
204010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
204110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
204210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
204310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
204410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
204510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
204610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
204710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
204810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
204910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
205010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
205110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
205210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
205310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
205410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
205510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
205610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
205710600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
205810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
205910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-localization-obsolete-l1-2-0'
206010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
206110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
206210600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
206310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
206410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
206510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
206610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
206710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
206810600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
206910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
207010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
207110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
207210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
207310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
207410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
207510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
207610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
207710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
207810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
207910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
208010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
208110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
208210600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
208310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
208410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
208510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
208610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
208710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
208810600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
208910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
209010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
209110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
209210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
209310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
209410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
209510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
209610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
209710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
209810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
209910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
210010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
210110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
210210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
210310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\imm32.dll)
210410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\imm32.dll
210510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
210610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
210710600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll [redoing WinVerifyTrust]
210810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
210910600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\win32u.dll
211010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
211110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
211210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll [redoing WinVerifyTrust]
211310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
211410600.9604: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume7\Windows\System32\user32.dll
211510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
211610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4eab0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
211710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
211810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4eab0000 'C:\WINDOWS\system32\IMM32.DLL'
211910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
212010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
212110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
212210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
212310600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
212410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
212510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
212610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
212710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
212810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
212910600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
213010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
213110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
213210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
213310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
213410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
213510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
213610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
213710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
213810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
213910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
214010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
214110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
214210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
214310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
214410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
214510600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
214610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
214710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
214810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
214910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
215010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
215110600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
215210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
215310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
215410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
215510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
215610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
215710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
215810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
215910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
216010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
216110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
216210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
216310600.9604: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
216410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
216510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
216610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
216710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
216810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
216910600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
217010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
217110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
217210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
217310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
217410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
217510600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
217610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
217710600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
217810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
217910600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
218010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
218110600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
218210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
218310600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
218410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
218510600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
218610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
218710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
218810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fc40000 'C:\WINDOWS\System32\ADVAPI32.DLL'
219010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\imm32.dll'.
219110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rescheduled]
219210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'.
219310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll' [rescheduled]
219410600.9604: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume7\Windows\System32\glu32.dll'.
219510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll' [rescheduled]
219610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\mpr.dll'.
219710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll' [rescheduled]
219810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\shell32.dll'.
219910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rescheduled]
220010600.9604: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
220110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
220210600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\win32u.dll'.
220310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rescheduled]
220410600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'.
220510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rescheduled]
220610600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\user32.dll'.
220710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rescheduled]
220810600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'.
220910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rescheduled]
221010600.9604: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\combase.dll'.
221110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rescheduled]
221210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1fe90000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
221310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
221410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
221510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\imm32.dll'
221610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
221710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
221810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gdi32full.dll'
221910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume7\Windows\System32\glu32.dll
222010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
222110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
222210600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=087A92E70231A784DB8F333F449EAE73CA72A5AC
222310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
222410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
222510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\glu32.dll'
222610600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
222710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\glu32.dll'
222810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
222910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
223010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\mpr.dll'
223110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
223210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
223310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\shell32.dll'
223410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
223510600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
223610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
223710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
223810600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\win32u.dll'
223910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
224010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
224110600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\gdi32.dll'
224210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
224310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
224410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\user32.dll'
224510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
224610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
224710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll'
224810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
224910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
225010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\combase.dll'
225110600.9604: SUPR3HardenedMain: Calling TrustedMain (00007ffd1fe916c0)...
225210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
225310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
225410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
225510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\windows.storage.dll)
225610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\windows.storage.dll
225710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wldp.dll)
225910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wldp.dll
226010600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d480000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
226110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
226210600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4c240000 LB 0x00795000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
226310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
226410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4fb30000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
226510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
226610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
226710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\SHCore.dll)
226810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\SHCore.dll
226910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e4e0000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
227010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
227110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\shlwapi.dll)
227210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
227310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
227410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
227510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
227610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
227710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
227810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
227910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
228410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume7\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
228510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wldp.dll [lacks WinVerifyTrust]
228610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
228710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
228810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
228910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
229010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
229110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
229210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
229310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
229410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll'
229510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
229610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
229710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\SHCore.dll'
229810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
229910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
230010600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\wldp.dll'
230110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
230210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
230310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\windows.storage.dll'
230410600.9604: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
230510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
230610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
230710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
230810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
230910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
231010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
231110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
231210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
231310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
231410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
231510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
231610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
231710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
231810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
231910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
232010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
232110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
232210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
232310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
232410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
232510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
232610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
232710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
232810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
232910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
233010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
233110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume7\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
233210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
233310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
233410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
233510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
233610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
233710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
233810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
233910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
234010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
234110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
234210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
234310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
234410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
234510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
234610600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
234710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
234810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
234910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235010600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
235110600.9604: supR3HardenedDllNotificationCallback: load 00007ffd232c0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
235210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
235310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd232c0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
235410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
235510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
235610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll)
235710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll
235810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4bc70000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
235910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
236010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
236110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
236210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
236310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
236410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
236510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
236610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\kernel.appcore.dll'
236710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume7\Windows\System32\uxtheme.dll
236810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
236910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
237010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F5C6EF219635A6781C1125A989876AF1D3E8DCA9
237110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
237210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
237310600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\uxtheme.dll'
237410600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
237510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
237610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
237710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
237810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\uxtheme.dll) WinVerifyTrust
237910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
238010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
238110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
238210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
238310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
238410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
238510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
238610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
238710600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
238810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4a930000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
238910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
239010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a930000 'C:\WINDOWS\system32\uxtheme.dll'
239110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
239210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
239310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
239410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
239510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'version.dll'.
239610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'userenv.dll'.
239710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll) WinVerifyTrust
239810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
239910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
240010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume7\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
240110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
240210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
240410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
240510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
240610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\userenv.dll) WinVerifyTrust
240710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\userenv.dll
240810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
240910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume7\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
241010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
241110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
241210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
241310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
241410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
241510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\version.dll) WinVerifyTrust
241610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\version.dll
241710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
241810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
241910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
242010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
242110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
242210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
242310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
242410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
242510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
242610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
242710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
242810600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
242910600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\version.dll
243010600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\userenv.dll
243110600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4bf70000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
243210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\version.dll
243310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4d900000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
243410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\userenv.dll
243510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd11300000 LB 0x000d9000 c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll [fFlags=0x0]
243610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
243710600.9604: '\Device\HarddiskVolume7\Windows\System32\tzres.dll' has no imports
243810600.9604: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\tzres.dll)
243910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\tzres.dll
244010600.9604: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000004bc (hFile=0000000000000444) with 0xc0000022 -> STATUS_TRUST_FAILURE
244110600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
244210600.9604: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000444 (hFile=00000000000004bc) with 0xc0000022 -> STATUS_TRUST_FAILURE
244310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd11300000 'c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll'
244410600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c4 pwszName=\Device\HarddiskVolume7\Windows\System32\tzres.dll
244510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
244610600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
244710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B041D6F3E08B7921D66807E55974AABE8BE918A4
244810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
244910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
245010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\tzres.dll'
245110600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
245210600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\tzres.dll'
245310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4eff0000 'C:\WINDOWS\system32\user32.dll'
245410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
245510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
245710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
245810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fb30000 'C:\WINDOWS\system32\SHCore.dll'
246010600.9604: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
246110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
246210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
246310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\system32\winmm.dll'
246510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
246610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\system32\winmm.dll'
246810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
246910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
247010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
247110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\uxtheme.dll
247210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
247310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4a930000 'C:\WINDOWS\system32\uxtheme.dll'
247410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
247510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
247610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fc40000 'C:\WINDOWS\system32\advapi32.dll'
247710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\userenv.dll
247810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
247910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4d900000 'C:\WINDOWS\system32\userenv.dll'
248010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\kernel32.dll
248110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
248210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50190000 'C:\WINDOWS\System32\kernel32.dll'
248310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4e370000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
248410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
248510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
248610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\clbcatq.dll)
248710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\clbcatq.dll
248810600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
248910600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
249010600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
249110600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
249210600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
249310600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
249410600.106c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\clbcatq.dll'
249510600.106c4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
249610600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
249710600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
249810600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
249910600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
250010600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
250110600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
250210600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
250310600.106c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
250410600.106c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
250510600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
250610600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
250710600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
250810600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
250910600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
251010600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
251110600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
251210600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
251310600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\advapi32.dll
251410600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
251510600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
251610600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
251710600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
251810600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll
251910600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
252010600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
252110600.106c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
252210600.106c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
252310600.106c4: supR3HardenedDllNotificationCallback: load 00007ffd1fa90000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
252410600.106c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
252510600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1fa90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
252610600.106c4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
252710600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
252810600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
252910600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
253010600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
253110600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
253210600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
253310600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
253410600.106c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
253510600.106c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
253610600.106c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
253710600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
253810600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
253910600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
254010600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
254110600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
254210600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
254310600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
254410600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
254510600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
254610600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
254710600.106c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shlwapi.dll
254810600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
254910600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
255010600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
255110600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
255210600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
255310600.106c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
255410600.106c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
255510600.106c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
255610600.106c4: supR3HardenedDllNotificationCallback: load 00007ffd21bf0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
255710600.106c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
255810600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd21bf0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
255910600.106c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
256010600.106c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
256110600.106c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fea0000 'C:\Windows\System32\oleaut32.dll'
256210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50260000 'C:\WINDOWS\system32\gdi32.dll'
256310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4f190000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
256410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
256610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
256710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
256810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
256910600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msctf.dll)
257010600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msctf.dll
257110600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
257210600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
257310600.10664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\imm32.dll
257410600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
257510600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
257610600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
257710600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
257810600.10664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\user32.dll
257910600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
258010600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
258110600.10664: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
258210600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258310600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258410600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
258510600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
258610600.10664: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\msctf.dll'
258710600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
258810600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
258910600.10664: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
259010600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
259110600.10664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
259210600.10664: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
259310600.10664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
259410600.10664: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
259510600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
259610600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
259710600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
259810600.10664: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
259910600.10664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260010600.10664: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
260110600.10664: supR3HardenedDllNotificationCallback: load 00007ffd46eb0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
260210600.10664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
260310600.10664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd46eb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
260410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
260510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
260710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000097c pwszName=\Device\HarddiskVolume7\Windows\System32\DataExchange.dll
260810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
260910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
261010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=783F5D82A4B979F1AE8853415E4264F3E2314DE6
261110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
261210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
261310600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\DataExchange.dll'
261410600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
261510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
261610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
261710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
261810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\DataExchange.dll) WinVerifyTrust
261910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
262010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
262110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume7\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
262210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
262310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
262410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
262510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
262610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dcomp.dll) WinVerifyTrust
262710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dcomp.dll
262810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
262910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume7\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
263010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
263110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
263210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
263310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
263410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
263510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll
263610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
263710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
263810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
263910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
264010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
264110600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\d3d11.dll) WinVerifyTrust
264210600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\d3d11.dll
264310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
264410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
264510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
264610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
264710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
264810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll
264910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
265010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume7\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
265110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
265210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
265310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
265510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dxgi.dll) WinVerifyTrust
265610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dxgi.dll
265710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
265810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
265910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
266010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume7\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
266110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\win32u.dll
266210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
266310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
266410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
266510600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
266610600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\d3d11.dll
266710600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dcomp.dll
266810600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dxgi.dll
266910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4b9f0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
267010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dxgi.dll
267110600.9604: supR3HardenedDllNotificationCallback: load 00007ffd490b0000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
267210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\d3d11.dll
267310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd49d40000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
267410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dcomp.dll
267510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd12430000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
267610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\DataExchange.dll
267710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50260000 'C:\WINDOWS\System32\gdi32.dll'
267810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd12430000 'C:\WINDOWS\system32\dataexchange.dll'
267910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
268010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
268110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
268210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll)
268310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll
268410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd45c90000 LB 0x00208000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
268510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
268610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
268710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
268810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
268910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
269010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
269110600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
269210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
269310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
269410600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rpcrt4.dll
269510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
269610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
269710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\twinapi.appcore.dll'
269810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
269910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
270010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fb30000 'C:\WINDOWS\system32\Shcore.dll'
270110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
270210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
270310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
270410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
270510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
270610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll)
270710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll
270810600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
270910600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
271010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
271110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
271210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll)
271310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll
271410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
271510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
271610600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll)
271710600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll
271810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ntmarta.dll)
271910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ntmarta.dll
272010600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
272110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
272210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
272310600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\WinTypes.dll)
272410600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\WinTypes.dll
272510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4be00000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
272610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
272710600.9604: supR3HardenedDllNotificationCallback: load 00007ffd4a610000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
272810600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
272910600.9604: supR3HardenedDllNotificationCallback: load 00007ffd48f50000 LB 0x00156000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
273010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
273110600.9604: supR3HardenedDllNotificationCallback: load 00007ffd49f30000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
273210600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
273310600.9604: supR3HardenedDllNotificationCallback: load 00007ffd40ae0000 LB 0x000fc000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
273410600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
273510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
273610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
273710600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcryptprimitives.dll
273810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
273910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
274010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
274110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume7\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
274210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\combase.dll
274310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
274410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
274510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
274610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
274710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
274810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
274910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume7\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
275010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\SHCore.dll
275110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
275210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
275310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
275410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume7\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
275510600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
275610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
275810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
275910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume7\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
276010600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
276110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
276210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume7\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
276310600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
276410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
276510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
276610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
276710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
276810600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\oleaut32.dll
276910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
277010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
277110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
277210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
277310600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\WinTypes.dll'
277410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
277510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
277610600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\ntmarta.dll'
277710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
277810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
277910600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\CoreMessaging.dll'
278010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
278110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\crypt32.dll
278210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
278310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
278410600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\CoreUIComponents.dll'
278510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
278610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
278710600.9604: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\TextInputFramework.dll'
278810600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
278910600.9604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4eff0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
279110600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
279210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4eff0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
279410600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
279510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
279610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4e540000 'api-ms-win-core-com-l1-1-0.dll'
279710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msctf.dll
279810600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
279910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f190000 'C:\WINDOWS\System32\MSCTF.dll'
280010600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ole32.dll
280110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
280210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fa00000 'C:\WINDOWS\System32\ole32.dll'
280310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fea0000 'C:\WINDOWS\System32\OLEAUT32.dll'
280410600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll
280510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
280610600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
280710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24E65BD1CEC5A0EC4647A91D813736DC7112053D
280810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
280910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
281010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll'
281110600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
281210600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
281310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
281410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
281510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
281610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll
281710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
281810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume7\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
281910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume7\Windows\System32\wbemcomn.dll
282010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
282110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
282210600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C300CB1A203662154729906A10B05CEE85D4742B
282310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
282410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
282510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\wbemcomn.dll'
282610600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
282710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
282810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wbemcomn.dll) WinVerifyTrust
282910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wbemcomn.dll
283010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
283110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
283210600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
283310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
283410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
283510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
283610600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
283710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
283810600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll
283910600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbemcomn.dll
284010600.9604: supR3HardenedDllNotificationCallback: load 00007ffd42590000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
284110600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbemcomn.dll
284210600.9604: supR3HardenedDllNotificationCallback: load 00007ffd42650000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
284310600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\wbemprox.dll
284410600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
284510600.9604: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
284610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
284710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42650000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
284810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll
284910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
285010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
285110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D16B59E56C4ED9F0BBAA653FE2F79CAF6AC8AC7B
285210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
285310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
285410600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll'
285510600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
285610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
285710600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
285810600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
285910600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll
286010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
286110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
286210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
286310600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
286410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
286510600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll
286610600.9604: supR3HardenedDllNotificationCallback: load 00007ffd41ed0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
286710600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\wbemsvc.dll
286810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41ed0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
286910600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
287010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
287110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-localization-l1-2-0.dll'
287210600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
287310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
287410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
287510600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll
287610600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
287710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
287810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
287910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
288010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
288110600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll'
288210600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
288310600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
288410600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
288510600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
288610600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll
288710600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
288810600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume7\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
288910600.9604: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbemcomn.dll
289010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
289110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
289210600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
289310600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll
289410600.9604: supR3HardenedDllNotificationCallback: load 00007ffd41f10000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
289510600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wbem\fastprox.dll
289610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f10000 'C:\WINDOWS\system32\wbem\fastprox.dll'
289710600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b74 pwszName=\Device\HarddiskVolume7\Windows\System32\amsi.dll
289810600.9604: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
289910600.9604: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
290010600.9604: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=388BAB1FF35FEBB7F89B70EE6201301E3EDDFE0B
290110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
290210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
290310600.9604: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\amsi.dll'
290410600.9604: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
290510600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
290610600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
290710600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\amsi.dll) WinVerifyTrust
290810600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\amsi.dll
290910600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291010600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291110600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
291210600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
291310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
291410600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\amsi.dll
291510600.9604: supR3HardenedDllNotificationCallback: load 00007ffd41e40000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
291610600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\amsi.dll
291710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41e40000 'C:\WINDOWS\System32\amsi.dll'
291810600.9604: \Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll: Owner is administrators group.
291910600.9604: \Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll: Signature #1/3: info status: 24202
292010600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
292110600.9604: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
292210600.9604: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll) WinVerifyTrust
292310600.9604: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll
292410600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
292510600.9604: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
292610600.9604: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292710600.9604: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll
292810600.9604: supR3HardenedDllNotificationCallback: load 00007ffd41e00000 LB 0x00039000 C:\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll [fFlags=0x0]
292910600.9604: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll
293010600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
293110600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
293210600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-synch-l1-2-0'
293310600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
293410600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
293510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-fibers-l1-1-1'
293610600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
293710600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
293810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-synch-l1-2-0'
293910600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
294010600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
294110600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-fibers-l1-1-1'
294210600.9604: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
294310600.9604: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
294410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dda0000 'api-ms-win-core-localization-l1-2-1'
294510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41e00000 'C:\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll'
294610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fc40000 'C:\WINDOWS\System32\ADVAPI32.dll'
294710600.c0a8: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
294810600.c0a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
294910600.c0a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
295010600.c0a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
295110600.c0a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
295210600.c0a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
295310600.c0a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
295410600.c0a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
295510600.c0a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
295610600.c0a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
295710600.c0a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295810600.c0a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
295910600.c0a8: supR3HardenedDllNotificationCallback: load 00007ffce3e60000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
296010600.c0a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
296110600.c0a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce3e60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
296210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
296310600.fc5c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
296410600.fc5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
296510600.fc5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
296610600.fc5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
296710600.fc5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
296810600.fc5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
296910600.fc5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
297010600.fc5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
297110600.fc5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
297210600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
297310600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
297410600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
297510600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
297610600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
297710600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
297810600.fc5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
297910600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
298010600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
298110600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
298210600.fc5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
298310600.fc5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
298410600.fc5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
298510600.fc5c: supR3HardenedDllNotificationCallback: load 00007ffd46ea0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
298610600.fc5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
298710600.fc5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd46ea0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
298810600.107cc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
298910600.107cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
299010600.107cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
299110600.107cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
299210600.107cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
299310600.107cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
299410600.107cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
299510600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
299610600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
299710600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
299810600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
299910600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
300010600.107cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
300110600.107cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll
300210600.107cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
300310600.107cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
300410600.107cc: supR3HardenedDllNotificationCallback: load 00007ffd463f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
300510600.107cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
300610600.107cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd463f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
300710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\shell32.dll
300810600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
300910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\Shell32.dll'
301010600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
301110600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce3e60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
301310600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
301410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
301510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
301610600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
301710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
301810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
301910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
302010600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
302110600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
302210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
302310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
302410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
302510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
302610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
302710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
302810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
302910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
303010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
303110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
303210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
303310600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
303410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd24fe0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
303510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
303610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fe0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
303710600.fc4c: supR3HardenedDllNotificationCallback: Unload 00007ffd24fe0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
303810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
303910600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
304010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
304110600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
304210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
304310600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
304410600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
304510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
304610600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
304710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
304810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
304910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
305010600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
305110600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
305210600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD.dll
305310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
305410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
305510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
305610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
305710600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
305810600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
305910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
306010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
306110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
306210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
306310600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
306410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
306510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
306610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
306710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
306810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
306910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
307010600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
307110600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
307210600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\setupapi.dll) WinVerifyTrust
307310600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\setupapi.dll
307410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
307510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
307610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
307710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
307810600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
307910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
308010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume7\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
308110600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\bcrypt.dll
308210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
308310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
308410600.fc4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'.
308510600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll)
308610600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
308710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
308810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
308910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
309010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
309110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
309210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
309310600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
309410600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
309510600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll
309610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
309710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
309810600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
309910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
310010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
310110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
310210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
310310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
310410600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
310510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
310610600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
310710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
310810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
310910600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
311010600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDDU.dll
311110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
311210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
311310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
311410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
311510600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
311610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
311710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
311810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
311910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume7\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
312010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
312110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
312210600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\setupapi.dll
312310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
312410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume7\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
312510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
312610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
312710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
312810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
312910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313010600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD.dll
313110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDDU.dll
313210600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll
313310600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
313410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4e1d0000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
313510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
313610600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4eae0000 LB 0x00467000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
313710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\setupapi.dll
313810600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd2c9c0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
313910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDDU.dll
314010600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffcb72e0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
314110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll
314210600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4cea0000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
314310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
314410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffca9e50000 LB 0x009e7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
314510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD.dll
314610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca9e50000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
314710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
314810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
314910600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll'
315010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
315110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
315210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
315310600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
315410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd24fe0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
315510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
315610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fe0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
315710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
315810600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxC.dll
315910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
316010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1fa90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
316110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
316210600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxDD2.dll
316310600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
316410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb72e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
316510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
316610600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
316710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
316810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
316910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
317010600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
317110600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
317210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
317310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
317410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
317510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
317610600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
317710600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
317810600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd463a0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
317910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
318010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd463a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
318110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
318210600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
318310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
318410600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
318510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
318610600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
318710600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
318810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
318910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
319010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
319110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
319210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
319310600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
319410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd46380000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
319510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
319610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd46380000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
319710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
319810600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
319910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
320010600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
320110600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
320210600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
320310600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
320410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
320510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
320610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
320710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
320810600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
320910600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
321010600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd43bd0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
321110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
321210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43bd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
321310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
321410600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
321510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
321610600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
321710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
321810600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
321910600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
322010600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
322110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
322210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
322310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
322410600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
322510600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
322610600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd40ac0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
322710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
322810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40ac0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
322910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
323010600.107bc: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
323110600.107bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
323210600.107bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
323310600.107bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
323410600.107bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
323510600.107bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
323610600.107bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
323710600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
323810600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
323910600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
324010600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
324110600.107bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
324210600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
324310600.107bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
324410600.107bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324510600.107bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
324610600.107bc: supR3HardenedDllNotificationCallback: load 00007ffd3d160000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
324710600.107bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
324810600.107bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d160000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
324910600.107c4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
325010600.107c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
325110600.107c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
325210600.107c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
325310600.107c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
325410600.107c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
325510600.107c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
325610600.107c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
325710600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
325810600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
325910600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
326010600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
326110600.107c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxVMM.dll
326210600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
326310600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
326410600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
326510600.107c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
326610600.107c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
326710600.107c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
326810600.107c4: supR3HardenedDllNotificationCallback: load 00007ffd448b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
326910600.107c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
327010600.107c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd448b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
327110600.107b4: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
327210600.107b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
327310600.107b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
327410600.107b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
327510600.107b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
327610600.107b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
327710600.107b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
327810600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
327910600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
328010600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
328110600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
328210600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
328310600.107b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
328410600.107b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
328510600.107b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
328610600.107b4: supR3HardenedDllNotificationCallback: load 00007ffd42ed0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
328710600.107b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
328810600.107b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42ed0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
328910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
329010600.fc4c: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
329110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
329210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
329310600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
329410600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
329510600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
329610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
329710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
329810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
329910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
330010600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
330110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
330210600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd48230000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
330310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
330410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48230000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
330510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\IPHLPAPI.DLL
330610600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
330710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cea0000 'C:\WINDOWS\system32\Iphlpapi.dll'
330810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
330910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
331010600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winnsi.dll)
331110600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winnsi.dll
331210600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd50250000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
331310600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\nsi.dll)
331410600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\nsi.dll
331510600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd46170000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
331610600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
331710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
331810600.fc4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll)
331910600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll
332010600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd45ea0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
332110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
332210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
332310600.fc4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll)
332410600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll
332510600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd458e0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
332610600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
332710600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dnsapi.dll)
332810600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dnsapi.dll
332910600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4cee0000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
333010600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
333110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
333210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
333310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
333410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
333510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
333610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume7\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
333710600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\nsi.dll [lacks WinVerifyTrust]
333810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
333910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
334010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
334110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
334210600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\dnsapi.dll'
334310600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001008 pwszName=\Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll
334410600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
334510600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
334610600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
334710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
334810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
334910600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll'
335010600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
335110600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\dhcpcsvc.dll'
335210600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ffc pwszName=\Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll
335310600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
335410600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
335510600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
335610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
335710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
335810600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.630.cat'; file='\Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll'
335910600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
336010600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\dhcpcsvc6.dll'
336110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
336210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
336310600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\nsi.dll'
336410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
336510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
336610600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\winnsi.dll'
336710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
336810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
336910600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
337010600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
337110600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
337210600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll) WinVerifyTrust
337310600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
337410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
337510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume7\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
337610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
337710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
337810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
337910600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\devobj.dll) WinVerifyTrust
338010600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\devobj.dll
338110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
338210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
338310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
338410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
338510600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
338610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
338710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
338810600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\cfgmgr32.dll
338910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
339010600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
339110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\devobj.dll
339210600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4d7c0000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
339310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\devobj.dll
339410600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd45760000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
339510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
339610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45760000 'C:\WINDOWS\System32\MMDevApi.dll'
339710600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e4 pwszName=\Device\HarddiskVolume7\Windows\System32\dsound.dll
339810600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
339910600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
340010600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
340110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
340210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
340310600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\dsound.dll'
340410600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
340510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
340610600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\dsound.dll) WinVerifyTrust
340710600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\dsound.dll
340810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
340910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
341010600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
341110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dsound.dll
341210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
341310600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\powrprof.dll)
341410600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\powrprof.dll
341510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341610600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\winmmbase.dll)
341710600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\winmmbase.dll
341810600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4cfc0000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
341910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
342010600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd0bcf0000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
342110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
342210600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffcb6130000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
342310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dsound.dll
342410600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\umpdc.dll)
342510600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\umpdc.dll
342610600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd4ce80000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
342710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
342810600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
342910600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
343010600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
343110600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
343210600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
343310600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
343410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dsound.dll
343510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
343610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
343710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
343810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
343910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
344010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb6130000 'C:\WINDOWS\System32\dsound.dll'
344110600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'.
344210600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll' [rescheduled]
344310600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'.
344410600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rescheduled]
344510600.fc4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'.
344610600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll' [rescheduled]
344710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb6130000 'C:\WINDOWS\System32\dsound.dll'
344810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
344910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
345010600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\umpdc.dll'
345110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\rsaenh.dll
345210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
345310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
345410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
345510600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll'
345610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
345710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
345810600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\powrprof.dll'
345910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dsound.dll
346010600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb6130000 'C:\WINDOWS\system32\dsound.dll'
346210600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
346310600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45760000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
346510600.34b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
346610600.34b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
346710600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
346810600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
346910600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
347010600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
347110600.34b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\AudioSes.dll) WinVerifyTrust
347210600.34b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\AudioSes.dll
347310600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
347410600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
347510600.34b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
347610600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
347710600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume7\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
347810600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
347910600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
348010600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
348110600.34b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
348210600.34b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcp_win.dll
348310600.34b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
348410600.34b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\AudioSes.dll
348510600.34b0: supR3HardenedDllNotificationCallback: load 00007ffd45f10000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
348610600.34b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\AudioSes.dll
348710600.34b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45f10000 'C:\WINDOWS\System32\AUDIOSES.DLL'
348810600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
348910600.34b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
349010600.34b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ResourcePolicyClient.dll)
349110600.34b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ResourcePolicyClient.dll
349210600.34b0: supR3HardenedDllNotificationCallback: load 00007ffd4afc0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
349310600.34b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
349410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
349510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
349610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
349710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
349810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
349910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
350010600.fc4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\Windows\System32\ResourcePolicyClient.dll'
350110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
350210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
350410600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000111c pwszName=\Device\HarddiskVolume7\Windows\System32\wdmaud.drv
350510600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
350610600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
350710600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
350810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
350910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
351010600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\wdmaud.drv'
351110600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
351210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
351310600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
351410600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
351510600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
351610600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\wdmaud.drv) WinVerifyTrust
351710600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
351810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
351910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
352010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
352110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
352210600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\avrt.dll) WinVerifyTrust
352310600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\avrt.dll
352410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
352510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume7\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
352610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
352710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
352810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
352910600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\ksuser.dll) WinVerifyTrust
353010600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\ksuser.dll
353110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
353210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
353310600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
353410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
353610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
353810600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msvcrt.dll
353910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
354010600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
354110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ksuser.dll
354210600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\avrt.dll
354310600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd480e0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
354410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ksuser.dll
354510600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd47890000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
354610600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\avrt.dll
354710600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd00400000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
354810600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
354910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
355010600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
355110600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
355310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
355410600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
355610600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
355710600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
355910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
356010600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
356210600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
356310600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
356510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
356610600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
356810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
356910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357510600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\wdmaud.drv
357610600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
357710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
357910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
358010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
358110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
358210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00400000 'C:\WINDOWS\System32\wdmaud.drv'
358310600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001140 pwszName=\Device\HarddiskVolume7\Windows\System32\msacm32.drv
358410600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
358510600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
358610600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F871EA11D693E9807F8DF13D54497BA0E40D30AB
358710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
358810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
358910600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\msacm32.drv'
359010600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
359110600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
359210600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
359310600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
359410600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msacm32.drv) WinVerifyTrust
359510600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msacm32.drv
359610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
359710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume7\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
359810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
359910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
360010600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
360110600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\msacm32.dll) WinVerifyTrust
360210600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\msacm32.dll
360310600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
360410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume7\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
360510600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\MMDevAPI.dll
360610600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
360710600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
360810600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
360910600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
361010600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361110600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
361210600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.dll
361310600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd003b0000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
361410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.dll
361510600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd003d0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
361610600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
361710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
361810600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
361910600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
362010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
362110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
362210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
362310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
362410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
362510600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
362610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
362710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
362810600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
362910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363010600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
363110600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
363210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\msacm32.drv
363410600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
363510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003d0000 'C:\WINDOWS\System32\msacm32.drv'
363910600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001150 pwszName=\Device\HarddiskVolume7\Windows\System32\midimap.dll
364010600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001414b90
364110600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001414b90
364210600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B1E0F68F4DF584853FE4112795D7092EFE15F7D
364310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
364410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
364510600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.572.cat'; file='\Device\HarddiskVolume7\Windows\System32\midimap.dll'
364610600.fc4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
364710600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
364810600.fc4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
364910600.fc4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\midimap.dll) WinVerifyTrust
365010600.fc4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\midimap.dll
365110600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
365210600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume7\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
365310600.fc4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmmbase.dll
365410600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
365510600.fc4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume7\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
365610600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
365710600.fc4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\midimap.dll
365810600.fc4c: supR3HardenedDllNotificationCallback: load 00007ffd003a0000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
365910600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\midimap.dll
366010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003a0000 'C:\WINDOWS\System32\midimap.dll'
366110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\midimap.dll
366210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003a0000 'C:\WINDOWS\System32\midimap.dll'
366410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\midimap.dll
366510600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003a0000 'C:\WINDOWS\System32\midimap.dll'
366710600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\midimap.dll
366810600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
366910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd003a0000 'C:\WINDOWS\System32\midimap.dll'
367010600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
367110600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
367310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
367410600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
367610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
367710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
367810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
367910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368310600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
368410600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
368510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
368910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
369910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
370010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
370110600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\dsound.dll
370210600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
370310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb6130000 'C:\WINDOWS\system32\dsound.dll'
370410600.fc4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\winmm.dll
370510600.fc4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
370610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
370710600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
370810600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
370910600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371010600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371110600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371210600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371310600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371410600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371510600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dfb0000 'C:\WINDOWS\System32\winmm.dll'
371610600.fc4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
371710600.1006c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4cb20000 'C:\WINDOWS\system32\rsaenh.dll'
371810600.1006c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4dbe0000 'C:\WINDOWS\System32\crypt32.dll'
371910600.1006c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
372010600.1006c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
372110600.1006c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\Windows\System32\mswsock.dll) WinVerifyTrust
372210600.1006c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\Windows\System32\mswsock.dll
372310600.1006c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
372410600.1006c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume7\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
372510600.1006c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
372610600.1006c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume7\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
372710600.1006c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\ws2_32.dll
372810600.1006c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372910600.1006c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mswsock.dll
373010600.1006c: supR3HardenedDllNotificationCallback: load 00007ffd4d200000 LB 0x0006a000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
373110600.1006c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\Windows\System32\mswsock.dll
373210600.1006c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4d200000 'C:\WINDOWS\system32\mswsock.dll'
373310600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4fa00000 'C:\WINDOWS\system32\ole32.dll'
373410600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
373510600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
373610600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
373710600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
373810600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'
373910600.9604: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4f2b0000 'C:\WINDOWS\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy