VirtualBox

Ticket #20141: VBoxHardening.log

File VBoxHardening.log, 403.7 KB (added by JochenW, 4 years ago)

VBoxHardening.log

Line 
1235c.466c: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6100
2235c.466c: \SystemRoot\System32\ntdll.dll:
3235c.466c: CreationTime: 2020-12-16T08:07:28.646996800Z
4235c.466c: LastWriteTime: 2020-12-16T08:07:28.676996400Z
5235c.466c: ChangeTime: 2021-01-20T08:11:42.326379600Z
6235c.466c: FileAttributes: 0x20
7235c.466c: Size: 0x1ee738
8235c.466c: NT Headers: 0xe8
9235c.466c: Timestamp: 0x27bfa5f0
10235c.466c: Machine: 0x8664 - amd64
11235c.466c: Timestamp: 0x27bfa5f0
12235c.466c: Image Version: 10.0
13235c.466c: SizeOfImage: 0x1f6000 (2056192)
14235c.466c: Resource Dir: 0x185000 LB 0x6fdc8
15235c.466c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16235c.466c: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17235c.466c: ProductName: Microsoft® Windows® Operating System
18235c.466c: ProductVersion: 10.0.19041.662
19235c.466c: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
20235c.466c: FileDescription: NT Layer DLL
21235c.466c: \SystemRoot\System32\kernel32.dll:
22235c.466c: CreationTime: 2020-12-16T08:07:19.093210800Z
23235c.466c: LastWriteTime: 2020-12-16T08:07:19.107259300Z
24235c.466c: ChangeTime: 2021-01-20T08:11:41.787404000Z
25235c.466c: FileAttributes: 0x20
26235c.466c: Size: 0xbac30
27235c.466c: NT Headers: 0xe8
28235c.466c: Timestamp: 0x4b3a140f
29235c.466c: Machine: 0x8664 - amd64
30235c.466c: Timestamp: 0x4b3a140f
31235c.466c: Image Version: 10.0
32235c.466c: SizeOfImage: 0xbd000 (774144)
33235c.466c: Resource Dir: 0xbb000 LB 0x520
34235c.466c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35235c.466c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36235c.466c: ProductName: Microsoft® Windows® Operating System
37235c.466c: ProductVersion: 10.0.19041.662
38235c.466c: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
39235c.466c: FileDescription: Windows NT BASE API Client DLL
40235c.466c: \SystemRoot\System32\KernelBase.dll:
41235c.466c: CreationTime: 2020-12-16T08:07:29.379996400Z
42235c.466c: LastWriteTime: 2020-12-16T08:07:29.428995900Z
43235c.466c: ChangeTime: 2021-01-20T08:11:42.326379600Z
44235c.466c: FileAttributes: 0x20
45235c.466c: Size: 0x2c9798
46235c.466c: NT Headers: 0xf0
47235c.466c: Timestamp: 0xec58f015
48235c.466c: Machine: 0x8664 - amd64
49235c.466c: Timestamp: 0xec58f015
50235c.466c: Image Version: 10.0
51235c.466c: SizeOfImage: 0x2c9000 (2920448)
52235c.466c: Resource Dir: 0x2a0000 LB 0x548
53235c.466c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54235c.466c: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55235c.466c: ProductName: Microsoft® Windows® Operating System
56235c.466c: ProductVersion: 10.0.19041.662
57235c.466c: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
58235c.466c: FileDescription: Windows NT BASE API Client DLL
59235c.466c: \SystemRoot\System32\apisetschema.dll:
60235c.466c: CreationTime: 2019-12-07T09:08:13.518339400Z
61235c.466c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62235c.466c: ChangeTime: 2021-01-20T08:11:41.756154000Z
63235c.466c: FileAttributes: 0x20
64235c.466c: Size: 0x1f538
65235c.466c: NT Headers: 0xd0
66235c.466c: Timestamp: 0x31288ce0
67235c.466c: Machine: 0x8664 - amd64
68235c.466c: Timestamp: 0x31288ce0
69235c.466c: Image Version: 10.0
70235c.466c: SizeOfImage: 0x20000 (131072)
71235c.466c: Resource Dir: 0x1f000 LB 0x408
72235c.466c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73235c.466c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74235c.466c: ProductName: Microsoft® Windows® Operating System
75235c.466c: ProductVersion: 10.0.19041.1
76235c.466c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77235c.466c: FileDescription: ApiSet Schema DLL
78235c.466c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79235c.466c: supR3HardenedWinFindAdversaries: 0x0
80235c.466c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
81235c.466c: Calling main()
82235c.466c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
83235c.466c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
84235c.466c: SUPR3HardenedMain: Respawn #1
85235c.466c: System32: \Device\HarddiskVolume3\Windows\System32
86235c.466c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
87235c.466c: KnownDllPath: C:\windows\System32
88235c.466c: supR3HardenedWinInit: Performing a limited self purification...
89235c.466c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
90235c.466c: *0000000000000000-0000000000c6ffff 0x0001/0x0000 0x0000000
91235c.466c: *0000000000c70000-0000000000c7ffff 0x0004/0x0004 0x0040000
92235c.466c: 0000000000c80000-0000000000c8ffff 0x0001/0x0000 0x0000000
93235c.466c: *0000000000c90000-0000000000cacfff 0x0002/0x0002 0x0040000
94235c.466c: 0000000000cad000-0000000000caffff 0x0001/0x0000 0x0000000
95235c.466c: *0000000000cb0000-0000000000d68fff 0x0000/0x0004 0x0020000
96235c.466c: 0000000000d69000-0000000000d6bfff 0x0104/0x0004 0x0020000
97235c.466c: 0000000000d6c000-0000000000daffff 0x0004/0x0004 0x0020000
98235c.466c: *0000000000db0000-0000000000db3fff 0x0002/0x0002 0x0040000
99235c.466c: 0000000000db4000-0000000000dbffff 0x0001/0x0000 0x0000000
100235c.466c: *0000000000dc0000-0000000000dc1fff 0x0004/0x0004 0x0020000
101235c.466c: 0000000000dc2000-0000000000dfffff 0x0001/0x0000 0x0000000
102235c.466c: *0000000000e00000-0000000000f5afff 0x0000/0x0004 0x0020000
103235c.466c: 0000000000f5b000-0000000000f5dfff 0x0004/0x0004 0x0020000
104235c.466c: 0000000000f5e000-0000000000ffffff 0x0000/0x0004 0x0020000
105235c.466c: *0000000001000000-0000000001001fff 0x0004/0x0004 0x0020000
106235c.466c: 0000000001002000-0000000001061fff 0x0000/0x0004 0x0020000
107235c.466c: 0000000001062000-00000000010affff 0x0001/0x0000 0x0000000
108235c.466c: *00000000010b0000-00000000010b4fff 0x0004/0x0004 0x0020000
109235c.466c: 00000000010b5000-00000000011affff 0x0000/0x0004 0x0020000
110235c.466c: *00000000011b0000-0000000001278fff 0x0002/0x0002 0x0040000
111235c.466c: 0000000001279000-000000000135ffff 0x0001/0x0000 0x0000000
112235c.466c: *0000000001360000-000000000136efff 0x0004/0x0004 0x0020000
113235c.466c: 000000000136f000-000000000136ffff 0x0000/0x0004 0x0020000
114235c.466c: *0000000001370000-0000000001375fff 0x0000/0x0004 0x0020000
115235c.466c: 0000000001376000-000000000156cfff 0x0004/0x0004 0x0020000
116235c.466c: 000000000156d000-000000000156dfff 0x0000/0x0004 0x0020000
117235c.466c: 000000000156e000-000000000156ffff 0x0001/0x0000 0x0000000
118235c.466c: *0000000001570000-000000000158cfff 0x0004/0x0004 0x0020000
119235c.466c: 000000000158d000-000000000166ffff 0x0000/0x0004 0x0020000
120235c.466c: 0000000001670000-000000007ffdffff 0x0001/0x0000 0x0000000
121235c.466c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
122235c.466c: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
123235c.466c: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
124235c.466c: 000000007fff0000-00007ff3feb9ffff 0x0001/0x0000 0x0000000
125235c.466c: *00007ff3feba0000-00007ff3feba4fff 0x0002/0x0002 0x0040000
126235c.466c: 00007ff3feba5000-00007ff3fec9ffff 0x0000/0x0002 0x0040000
127235c.466c: *00007ff3feca0000-00007ff4fecbffff 0x0000/0x0004 0x0020000
128235c.466c: *00007ff4fecc0000-00007ff500cbffff 0x0000/0x0004 0x0020000
129235c.466c: 00007ff500cc0000-00007ff500cc0fff 0x0004/0x0004 0x0020000
130235c.466c: 00007ff500cc1000-00007ff500ccffff 0x0001/0x0000 0x0000000
131235c.466c: *00007ff500cd0000-00007ff500cd0fff 0x0002/0x0002 0x0040000
132235c.466c: 00007ff500cd1000-00007ff500cdffff 0x0001/0x0000 0x0000000
133235c.466c: *00007ff500ce0000-00007ff500d02fff 0x0002/0x0002 0x0040000
134235c.466c: 00007ff500d03000-00007ff62f5bffff 0x0001/0x0000 0x0000000
135235c.466c: *00007ff62f5c0000-00007ff62f5c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
136235c.466c: 00007ff62f5c1000-00007ff62f637fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
137235c.466c: 00007ff62f638000-00007ff62f638fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
138235c.466c: 00007ff62f639000-00007ff62f681fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
139235c.466c: 00007ff62f682000-00007ff62f684fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
140235c.466c: 00007ff62f685000-00007ff62f687fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
141235c.466c: 00007ff62f688000-00007ff62f68afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
142235c.466c: 00007ff62f68b000-00007ff62f68bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
143235c.466c: 00007ff62f68c000-00007ff62f68dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
144235c.466c: 00007ff62f68e000-00007ff62f68efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
145235c.466c: 00007ff62f68f000-00007ff62f6d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
146235c.466c: 00007ff62f6d8000-00007ff80a32ffff 0x0001/0x0000 0x0000000
147235c.466c: *00007ff80a330000-00007ff80a330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
148235c.466c: 00007ff80a331000-00007ff80a442fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
149235c.466c: 00007ff80a443000-00007ff80a5bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
150235c.466c: 00007ff80a5bb000-00007ff80a5befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
151235c.466c: 00007ff80a5bf000-00007ff80a5bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
152235c.466c: 00007ff80a5c0000-00007ff80a5f8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
153235c.466c: 00007ff80a5f9000-00007ff80ae8ffff 0x0001/0x0000 0x0000000
154235c.466c: *00007ff80ae90000-00007ff80ae90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
155235c.466c: 00007ff80ae91000-00007ff80af0efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
156235c.466c: 00007ff80af0f000-00007ff80af41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
157235c.466c: 00007ff80af42000-00007ff80af42fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
158235c.466c: 00007ff80af43000-00007ff80af43fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
159235c.466c: 00007ff80af44000-00007ff80af4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
160235c.466c: 00007ff80af4d000-00007ff80ca8ffff 0x0001/0x0000 0x0000000
161235c.466c: *00007ff80ca90000-00007ff80ca90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
162235c.466c: 00007ff80ca91000-00007ff80cbabfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
163235c.466c: 00007ff80cbac000-00007ff80cbf4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
164235c.466c: 00007ff80cbf5000-00007ff80cbf5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
165235c.466c: 00007ff80cbf6000-00007ff80cbf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
166235c.466c: 00007ff80cbf8000-00007ff80cc00fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
167235c.466c: 00007ff80cc01000-00007ff80cc85fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
168235c.466c: 00007ff80cc86000-00007ffffffeffff 0x0001/0x0000 0x0000000
169235c.466c: kernel32.dll: timestamp 0x4b3a140f (rc=VINF_SUCCESS)
170235c.466c: kernelbase.dll: timestamp 0xec58f015 (rc=VINF_SUCCESS)
171235c.466c: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
172235c.466c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
173235c.466c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
174235c.466c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
175235c.466c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
176235c.466c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
177235c.466c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
178235c.466c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
179235c.466c: supR3HardNtEnableThreadCreationEx:
180235c.466c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff80cb04970 pvNtTerminateThread=00007ff80cb2ca00
181235c.466c: supR3HardenedWinDoReSpawn(1): New child 2154.27c4 [kernel32].
182235c.466c: supR3HardNtChildGatherData: PebBaseAddress=0000000000b47000 cbPeb=0x388
183235c.466c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff80ca90000 uNtDllChildAddr=00007ff80ca90000
184235c.466c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff80cb04970
185235c.466c: supR3HardenedWinSetupChildInit: Initial context:
186 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62f5c7900 rdx=0000000000b47000
187 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
188 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
189 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
190 rip=00007ff80cadd0b0 rsp=0000000000cff928 rbp=0000000000000000 ctxflags=0010001b
191 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
192 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
193 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
194 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
195 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
196235c.466c: supR3HardenedWinSetupChildInit: Start child.
197235c.466c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
198235c.466c: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 16 sleeps
199235c.466c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
200235c.466c: *0000000000000000-000000000099ffff 0x0001/0x0000 0x0000000
201235c.466c: *00000000009a0000-00000000009bffff 0x0004/0x0004 0x0020000
202235c.466c: *00000000009c0000-00000000009dcfff 0x0002/0x0002 0x0040000
203235c.466c: 00000000009dd000-00000000009dffff 0x0001/0x0000 0x0000000
204235c.466c: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
205235c.466c: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
206235c.466c: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
207235c.466c: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
208235c.466c: *0000000000a00000-0000000000b46fff 0x0000/0x0004 0x0020000
209235c.466c: 0000000000b47000-0000000000b49fff 0x0004/0x0004 0x0020000
210235c.466c: 0000000000b4a000-0000000000bfffff 0x0000/0x0004 0x0020000
211235c.466c: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
212235c.466c: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
213235c.466c: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
214235c.466c: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
215235c.466c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
216235c.466c: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
217235c.466c: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
218235c.466c: 000000007fff0000-00007ff52b6effff 0x0001/0x0000 0x0000000
219235c.466c: *00007ff52b6f0000-00007ff52b6f0fff 0x0002/0x0002 0x0040000
220235c.466c: 00007ff52b6f1000-00007ff52b6fffff 0x0001/0x0000 0x0000000
221235c.466c: *00007ff52b700000-00007ff52b722fff 0x0002/0x0002 0x0040000
222235c.466c: 00007ff52b723000-00007ff62f5bffff 0x0001/0x0000 0x0000000
223235c.466c: *00007ff62f5c0000-00007ff62f5c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
224235c.466c: 00007ff62f5c1000-00007ff62f637fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
225235c.466c: 00007ff62f638000-00007ff62f638fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
226235c.466c: 00007ff62f639000-00007ff62f681fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
227235c.466c: 00007ff62f682000-00007ff62f682fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
228235c.466c: 00007ff62f683000-00007ff62f683fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
229235c.466c: 00007ff62f684000-00007ff62f688fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
230235c.466c: 00007ff62f689000-00007ff62f689fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
231235c.466c: 00007ff62f68a000-00007ff62f68afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
232235c.466c: 00007ff62f68b000-00007ff62f68efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
233235c.466c: 00007ff62f68f000-00007ff62f6d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
234235c.466c: 00007ff62f6d8000-00007ff80ca8ffff 0x0001/0x0000 0x0000000
235235c.466c: *00007ff80ca90000-00007ff80ca90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
236235c.466c: 00007ff80ca91000-00007ff80cbabfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
237235c.466c: 00007ff80cbac000-00007ff80cbf4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
238235c.466c: 00007ff80cbf5000-00007ff80cc00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
239235c.466c: 00007ff80cc01000-00007ff80cc0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
240235c.466c: 00007ff80cc10000-00007ff80cc10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
241235c.466c: 00007ff80cc11000-00007ff80cc13fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
242235c.466c: 00007ff80cc14000-00007ff80cc85fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
243235c.466c: 00007ff80cc86000-00007ffffffeffff 0x0001/0x0000 0x0000000
244235c.466c: supR3HardNtChildPurify: Done after 267 ms and 0 fixes (loop #0).
2452154.27c4: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
2462154.27c4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff80ca90000 g_uNtVerCombined=0xa04a6100 (stack ~0000000000cff3b8)
2472154.27c4: ntdll.dll: timestamp 0x27bfa5f0 (rc=VINF_SUCCESS)
2482154.27c4: New simple heap: #1 0000000000e00000 LB 0x400000 (for 2056192 allocation)
249235c.466c: supR3HardNtEnableThreadCreationEx:
2502154.27c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2512154.27c4: System32: \Device\HarddiskVolume3\Windows\System32
2522154.27c4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2532154.27c4: KnownDllPath: C:\windows\System32
2542154.27c4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2552154.27c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2562154.27c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2572154.27c4: Registered Dll notification callback with NTDLL.
2582154.27c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2592154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2602154.27c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2612154.27c4: supR3HardenedDllNotificationCallback: load 00007ff80a330000 LB 0x002c9000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
2622154.27c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2632154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2642154.27c4: supR3HardenedDllNotificationCallback: load 00007ff80ae90000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
2652154.27c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2662154.27c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\KERNEL32.DLL'
2672154.27c4: supR3HardenedDllNotificationCallback: load 00007ff62f5c0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2682154.27c4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2692154.27c4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2702154.27c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2712154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2722154.27c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff80cb04970 pvNtTerminateThread=00007ff80cb2ca00
273235c.466c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
2742154.27c4: \SystemRoot\System32\ntdll.dll:
2752154.27c4: CreationTime: 2020-12-16T08:07:28.646996800Z
2762154.27c4: LastWriteTime: 2020-12-16T08:07:28.676996400Z
2772154.27c4: ChangeTime: 2021-01-20T08:11:42.326379600Z
2782154.27c4: FileAttributes: 0x20
2792154.27c4: Size: 0x1ee738
2802154.27c4: NT Headers: 0xe8
2812154.27c4: Timestamp: 0x27bfa5f0
2822154.27c4: Machine: 0x8664 - amd64
2832154.27c4: Timestamp: 0x27bfa5f0
2842154.27c4: Image Version: 10.0
2852154.27c4: SizeOfImage: 0x1f6000 (2056192)
2862154.27c4: Resource Dir: 0x185000 LB 0x6fdc8
2872154.27c4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2882154.27c4: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2892154.27c4: ProductName: Microsoft® Windows® Operating System
2902154.27c4: ProductVersion: 10.0.19041.662
2912154.27c4: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
2922154.27c4: FileDescription: NT Layer DLL
2932154.27c4: \SystemRoot\System32\kernel32.dll:
2942154.27c4: CreationTime: 2020-12-16T08:07:19.093210800Z
2952154.27c4: LastWriteTime: 2020-12-16T08:07:19.107259300Z
2962154.27c4: ChangeTime: 2021-01-20T08:11:41.787404000Z
2972154.27c4: FileAttributes: 0x20
2982154.27c4: Size: 0xbac30
2992154.27c4: NT Headers: 0xe8
3002154.27c4: Timestamp: 0x4b3a140f
3012154.27c4: Machine: 0x8664 - amd64
3022154.27c4: Timestamp: 0x4b3a140f
3032154.27c4: Image Version: 10.0
3042154.27c4: SizeOfImage: 0xbd000 (774144)
3052154.27c4: Resource Dir: 0xbb000 LB 0x520
3062154.27c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3072154.27c4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3082154.27c4: ProductName: Microsoft® Windows® Operating System
3092154.27c4: ProductVersion: 10.0.19041.662
3102154.27c4: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
3112154.27c4: FileDescription: Windows NT BASE API Client DLL
3122154.27c4: \SystemRoot\System32\KernelBase.dll:
3132154.27c4: CreationTime: 2020-12-16T08:07:29.379996400Z
3142154.27c4: LastWriteTime: 2020-12-16T08:07:29.428995900Z
3152154.27c4: ChangeTime: 2021-01-20T08:11:42.326379600Z
3162154.27c4: FileAttributes: 0x20
3172154.27c4: Size: 0x2c9798
3182154.27c4: NT Headers: 0xf0
3192154.27c4: Timestamp: 0xec58f015
3202154.27c4: Machine: 0x8664 - amd64
3212154.27c4: Timestamp: 0xec58f015
3222154.27c4: Image Version: 10.0
3232154.27c4: SizeOfImage: 0x2c9000 (2920448)
3242154.27c4: Resource Dir: 0x2a0000 LB 0x548
3252154.27c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3262154.27c4: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3272154.27c4: ProductName: Microsoft® Windows® Operating System
3282154.27c4: ProductVersion: 10.0.19041.662
3292154.27c4: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
3302154.27c4: FileDescription: Windows NT BASE API Client DLL
3312154.27c4: \SystemRoot\System32\apisetschema.dll:
3322154.27c4: CreationTime: 2019-12-07T09:08:13.518339400Z
3332154.27c4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
3342154.27c4: ChangeTime: 2021-01-20T08:11:41.756154000Z
3352154.27c4: FileAttributes: 0x20
3362154.27c4: Size: 0x1f538
3372154.27c4: NT Headers: 0xd0
3382154.27c4: Timestamp: 0x31288ce0
3392154.27c4: Machine: 0x8664 - amd64
3402154.27c4: Timestamp: 0x31288ce0
3412154.27c4: Image Version: 10.0
3422154.27c4: SizeOfImage: 0x20000 (131072)
3432154.27c4: Resource Dir: 0x1f000 LB 0x408
3442154.27c4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3452154.27c4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3462154.27c4: ProductName: Microsoft® Windows® Operating System
3472154.27c4: ProductVersion: 10.0.19041.1
3482154.27c4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3492154.27c4: FileDescription: ApiSet Schema DLL
3502154.27c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3512154.27c4: supR3HardenedWinFindAdversaries: 0x0
3522154.27c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3532154.27c4: Calling main()
3542154.27c4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3552154.27c4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3562154.27c4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3572154.27c4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3582154.27c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3592154.27c4: SUPR3HardenedMain: Respawn #2
3602154.27c4: supR3HardNtEnableThreadCreationEx:
3612154.27c4: supR3HardenedDllNotificationCallback: load 00007ff80b5b0000 LB 0x0012b000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
3622154.27c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3632154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3642154.27c4: supR3HardenedDllNotificationCallback: load 00007ff80b4f0000 LB 0x0009c000 C:\windows\System32\sechost.dll [fFlags=0x0]
3652154.27c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3662154.27c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
3672154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
3682154.27c4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3692154.27c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
3702154.27c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3712154.27c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3722154.27c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3732154.27c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3742154.27c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3752154.27c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ca90000 'C:\windows\System32\ntdll.dll'
3762154.27c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff80cb04970 pvNtTerminateThread=00007ff80cb2ca00
3772154.27c4: supR3HardenedWinDoReSpawn(2): New child 3080.1010 [kernel32].
3782154.27c4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3792154.27c4: supR3HardNtChildGatherData: PebBaseAddress=00000000010d5000 cbPeb=0x388
3802154.27c4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff80ca90000 uNtDllChildAddr=00007ff80ca90000
3812154.27c4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff80cb04970
3822154.27c4: supR3HardenedWinSetupChildInit: Initial context:
383 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62f5c7900 rdx=00000000010d5000
384 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
385 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
386 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
387 rip=00007ff80cadd0b0 rsp=00000000012ffce8 rbp=0000000000000000 ctxflags=0010001b
388 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
389 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
390 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
391 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
392 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3932154.27c4: kernel32.dll: timestamp 0x4b3a140f (rc=VINF_SUCCESS)
3942154.27c4: supR3HardenedWinSetupChildInit: Start child.
3952154.27c4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3962154.27c4: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
3972154.27c4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3982154.27c4: *0000000000000000-0000000000fbffff 0x0001/0x0000 0x0000000
3992154.27c4: *0000000000fc0000-0000000000fdffff 0x0004/0x0004 0x0020000
4002154.27c4: *0000000000fe0000-0000000000ffcfff 0x0002/0x0002 0x0040000
4012154.27c4: 0000000000ffd000-0000000000ffffff 0x0001/0x0000 0x0000000
4022154.27c4: *0000000001000000-00000000010d4fff 0x0000/0x0004 0x0020000
4032154.27c4: 00000000010d5000-00000000010d7fff 0x0004/0x0004 0x0020000
4042154.27c4: 00000000010d8000-00000000011fffff 0x0000/0x0004 0x0020000
4052154.27c4: *0000000001200000-00000000012fafff 0x0000/0x0004 0x0020000
4062154.27c4: 00000000012fb000-00000000012fdfff 0x0104/0x0004 0x0020000
4072154.27c4: 00000000012fe000-00000000012fffff 0x0004/0x0004 0x0020000
4082154.27c4: *0000000001300000-0000000001303fff 0x0002/0x0002 0x0040000
4092154.27c4: 0000000001304000-000000000130ffff 0x0001/0x0000 0x0000000
4102154.27c4: *0000000001310000-0000000001311fff 0x0004/0x0004 0x0020000
4112154.27c4: 0000000001312000-000000007ffdffff 0x0001/0x0000 0x0000000
4122154.27c4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4132154.27c4: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
4142154.27c4: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
4152154.27c4: 000000007fff0000-00007ff527b4ffff 0x0001/0x0000 0x0000000
4162154.27c4: *00007ff527b50000-00007ff527b50fff 0x0002/0x0002 0x0040000
4172154.27c4: 00007ff527b51000-00007ff527b5ffff 0x0001/0x0000 0x0000000
4182154.27c4: *00007ff527b60000-00007ff527b82fff 0x0002/0x0002 0x0040000
4192154.27c4: 00007ff527b83000-00007ff62f5bffff 0x0001/0x0000 0x0000000
4202154.27c4: *00007ff62f5c0000-00007ff62f5c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4212154.27c4: 00007ff62f5c1000-00007ff62f637fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4222154.27c4: 00007ff62f638000-00007ff62f638fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4232154.27c4: 00007ff62f639000-00007ff62f681fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4242154.27c4: 00007ff62f682000-00007ff62f682fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4252154.27c4: 00007ff62f683000-00007ff62f683fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4262154.27c4: 00007ff62f684000-00007ff62f688fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4272154.27c4: 00007ff62f689000-00007ff62f689fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4282154.27c4: 00007ff62f68a000-00007ff62f68afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4292154.27c4: 00007ff62f68b000-00007ff62f68efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4302154.27c4: 00007ff62f68f000-00007ff62f6d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4312154.27c4: 00007ff62f6d8000-00007ff80ca8ffff 0x0001/0x0000 0x0000000
4322154.27c4: *00007ff80ca90000-00007ff80ca90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4332154.27c4: 00007ff80ca91000-00007ff80cbabfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4342154.27c4: 00007ff80cbac000-00007ff80cbf4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4352154.27c4: 00007ff80cbf5000-00007ff80cc00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4362154.27c4: 00007ff80cc01000-00007ff80cc0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4372154.27c4: 00007ff80cc10000-00007ff80cc10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4382154.27c4: 00007ff80cc11000-00007ff80cc13fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4392154.27c4: 00007ff80cc14000-00007ff80cc85fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4402154.27c4: 00007ff80cc86000-00007ffffffeffff 0x0001/0x0000 0x0000000
4412154.27c4: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
4422154.27c4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4432154.27c4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4442154.27c4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4452154.27c4: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
4462154.27c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
4473080.1010: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
4482154.27c4: supR3HardNtEnableThreadCreationEx:
4493080.1010: supR3HardenedVmProcessInit: uNtDllAddr=00007ff80ca90000 g_uNtVerCombined=0xa04a6100 (stack ~00000000012ff778)
4503080.1010: ntdll.dll: timestamp 0x27bfa5f0 (rc=VINF_SUCCESS)
4513080.1010: New simple heap: #1 0000000001420000 LB 0x400000 (for 2056192 allocation)
4523080.1010: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4533080.1010: System32: \Device\HarddiskVolume3\Windows\System32
4543080.1010: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
4553080.1010: KnownDllPath: C:\windows\System32
4563080.1010: supR3HardenedVmProcessInit: Opening vboxdrv...
4573080.1010: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4583080.1010: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4593080.1010: Registered Dll notification callback with NTDLL.
4603080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
4613080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4623080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4633080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a330000 LB 0x002c9000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
4643080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4653080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4663080.1010: supR3HardenedDllNotificationCallback: load 00007ff80ae90000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
4673080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\KERNEL32.DLL'
4693080.1010: supR3HardenedDllNotificationCallback: load 00007ff62f5c0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
4703080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4713080.1010: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4723080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4733080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4743080.1010: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff80cb04970 pvNtTerminateThread=00007ff80cb2ca00
4752154.27c4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 93 ms.
4763080.1010: \SystemRoot\System32\ntdll.dll:
4773080.1010: CreationTime: 2020-12-16T08:07:28.646996800Z
4783080.1010: LastWriteTime: 2020-12-16T08:07:28.676996400Z
4793080.1010: ChangeTime: 2021-01-20T08:11:42.326379600Z
4803080.1010: FileAttributes: 0x20
4813080.1010: Size: 0x1ee738
4823080.1010: NT Headers: 0xe8
4833080.1010: Timestamp: 0x27bfa5f0
4843080.1010: Machine: 0x8664 - amd64
4853080.1010: Timestamp: 0x27bfa5f0
4863080.1010: Image Version: 10.0
4873080.1010: SizeOfImage: 0x1f6000 (2056192)
4883080.1010: Resource Dir: 0x185000 LB 0x6fdc8
4893080.1010: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4903080.1010: [Raw version resource data: 0x1850f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4913080.1010: ProductName: Microsoft® Windows® Operating System
4923080.1010: ProductVersion: 10.0.19041.662
4933080.1010: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
4943080.1010: FileDescription: NT Layer DLL
4953080.1010: \SystemRoot\System32\kernel32.dll:
4963080.1010: CreationTime: 2020-12-16T08:07:19.093210800Z
4973080.1010: LastWriteTime: 2020-12-16T08:07:19.107259300Z
4983080.1010: ChangeTime: 2021-01-20T08:11:41.787404000Z
4993080.1010: FileAttributes: 0x20
5003080.1010: Size: 0xbac30
5013080.1010: NT Headers: 0xe8
5023080.1010: Timestamp: 0x4b3a140f
5033080.1010: Machine: 0x8664 - amd64
5043080.1010: Timestamp: 0x4b3a140f
5053080.1010: Image Version: 10.0
5063080.1010: SizeOfImage: 0xbd000 (774144)
5073080.1010: Resource Dir: 0xbb000 LB 0x520
5083080.1010: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5093080.1010: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5103080.1010: ProductName: Microsoft® Windows® Operating System
5113080.1010: ProductVersion: 10.0.19041.662
5123080.1010: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
5133080.1010: FileDescription: Windows NT BASE API Client DLL
5143080.1010: \SystemRoot\System32\KernelBase.dll:
5153080.1010: CreationTime: 2020-12-16T08:07:29.379996400Z
5163080.1010: LastWriteTime: 2020-12-16T08:07:29.428995900Z
5173080.1010: ChangeTime: 2021-01-20T08:11:42.326379600Z
5183080.1010: FileAttributes: 0x20
5193080.1010: Size: 0x2c9798
5203080.1010: NT Headers: 0xf0
5213080.1010: Timestamp: 0xec58f015
5223080.1010: Machine: 0x8664 - amd64
5233080.1010: Timestamp: 0xec58f015
5243080.1010: Image Version: 10.0
5253080.1010: SizeOfImage: 0x2c9000 (2920448)
5263080.1010: Resource Dir: 0x2a0000 LB 0x548
5273080.1010: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5283080.1010: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5293080.1010: ProductName: Microsoft® Windows® Operating System
5303080.1010: ProductVersion: 10.0.19041.662
5313080.1010: FileVersion: 10.0.19041.662 (WinBuild.160101.0800)
5323080.1010: FileDescription: Windows NT BASE API Client DLL
5333080.1010: \SystemRoot\System32\apisetschema.dll:
5343080.1010: CreationTime: 2019-12-07T09:08:13.518339400Z
5353080.1010: LastWriteTime: 2019-12-07T09:08:13.518339400Z
5363080.1010: ChangeTime: 2021-01-20T08:11:41.756154000Z
5373080.1010: FileAttributes: 0x20
5383080.1010: Size: 0x1f538
5393080.1010: NT Headers: 0xd0
5403080.1010: Timestamp: 0x31288ce0
5413080.1010: Machine: 0x8664 - amd64
5423080.1010: Timestamp: 0x31288ce0
5433080.1010: Image Version: 10.0
5443080.1010: SizeOfImage: 0x20000 (131072)
5453080.1010: Resource Dir: 0x1f000 LB 0x408
5463080.1010: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5473080.1010: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5483080.1010: ProductName: Microsoft® Windows® Operating System
5493080.1010: ProductVersion: 10.0.19041.1
5503080.1010: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5513080.1010: FileDescription: ApiSet Schema DLL
5523080.1010: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5533080.1010: supR3HardenedWinFindAdversaries: 0x0
5543080.1010: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5553080.1010: Calling main()
5563080.1010: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
5573080.1010: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5583080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5593080.1010: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5603080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5613080.1010: SUPR3HardenedMain: Final process, opening VBoxDrv...
5623080.1010: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001420000 LB 0x400000)
5633080.1010: supR3HardNtEnableThreadCreationEx:
5643080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
5653080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5663080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5673080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5683080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5693080.1010: supR3HardenedDllNotificationCallback: load 00007ff805f60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5703080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5713080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5723080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5733080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805f60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5743080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5753080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5763080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805f60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805f60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5783080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5793080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
5803080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
5813080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
5823080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5843080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
5853080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
5863080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5873080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5883080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
5893080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
5903080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5913080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b6e0000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
5923080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5933080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b5b0000 LB 0x0012b000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
5943080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5953080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a7a0000 LB 0x00060000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
5963080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5973080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a600000 LB 0x00100000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
5983080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
5993080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
6003080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a1d0000 LB 0x00156000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
6013080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
6023080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6033080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6043080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6053080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-synch-l1-2-0'
6063080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6073080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6083080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-fibers-l1-1-1'
6093080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6103080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6113080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-fibers-l1-1-1'
6123080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6133080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6143080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-synch-l1-2-0'
6153080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6163080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6173080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-localization-l1-2-1'
6183080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
6193080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
6203080.1010: supR3HardenedDllNotificationCallback: load 00007ff809db0000 LB 0x00012000 C:\windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
6213080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6223080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a7a0000 'C:\windows\system32\Wintrust.dll'
6233080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
6243080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6253080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6263080.1010: supR3HardenedDllNotificationCallback: load 00007ff80aac0000 LB 0x00027000 C:\windows\System32\bcrypt.dll [fFlags=0x0]
6273080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6283080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80aac0000 'C:\windows\system32\bcrypt.dll'
6293080.1010: bcrypt.dll loaded at 00007ff80aac0000, BCryptOpenAlgorithmProvider at 00007ff80aac51e0, preloading providers:
6303080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
6313080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6323080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6333080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a8b0000 LB 0x00080000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
6343080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6353080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a8b0000 'C:\windows\system32\bcryptprimitives.dll'
6363080.1010: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000018be150)
6373080.1010: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000018befe0)
6383080.1010: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000018bf300)
6393080.1010: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000018bf620)
6403080.1010: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000018bf940)
6413080.1010: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000018bfc60)
6423080.1010: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000018bff80)
6433080.1010: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000018c06b0)
6443080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6453080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6463080.1010: supR3HardenedDllNotificationCallback: load 00007ff809ba0000 LB 0x00018000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6473080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6483080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
6493080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6503080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6523080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6533080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6543080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6553080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6563080.1010: supR3HardenedDllNotificationCallback: load 00007ff8091a0000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
6573080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6583080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
6593080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
6603080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
6613080.1010: supR3HardenedDllNotificationCallback: load 00007ff809b80000 LB 0x0000c000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6623080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6633080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6643080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6653080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\kernel32.dll'
6663080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6673080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a7a0000 'C:\windows\System32\WINTRUST.DLL'
6693080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6703080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6713080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\CRYPT32.dll'
6723080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b590000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
6733080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
6743080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
6753080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6763080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
6783080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b4f0000 LB 0x0009c000 C:\windows\System32\sechost.dll [fFlags=0x0]
6793080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6803080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
6813080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
6823080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6833080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6843080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
6853080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
6863080.1010: supR3HardenedDllNotificationCallback: load 00007ff808990000 LB 0x00023000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
6873080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6883080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
6893080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
6903080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a100000 LB 0x00026000 C:\windows\SYSTEM32\profapi.dll [fFlags=0x0]
6913080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
6923080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6933080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6943080.1010: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
6953080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
6963080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6973080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6983080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6993080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7003080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7013080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7023080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7033080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7043080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7063080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7073080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7083080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7093080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7103080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7113080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7123080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7133080.1010: supR3HardenedDllNotificationCallback: load 00007ffffac00000 LB 0x00031000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
7143080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7153080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7163080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7173080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7183080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7193080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7203080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7213080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7223080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7233080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7243080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7253080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7263080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7273080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7283080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7293080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7303080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7313080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7323080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7333080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7343080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7353080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7363080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7373080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7383080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7393080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7403080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7413080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7423080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7433080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\windows\System32\cryptnet.dll'
7443080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7453080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffac00000 'C:\Windows\System32\cryptnet.dll'
7463080.1010: supR3HardenedDllNotificationCallback: load 00007ff80c940000 LB 0x000ac000 C:\windows\System32\advapi32.dll [fFlags=0x0]
7473080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7483080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
7493080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
7503080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
7513080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
7523080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7533080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7543080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7553080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7573080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7583080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7603080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7613080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7623080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7633080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
7643080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7653080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7663080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
7673080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7683080.1010: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000190fb90
7693080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
7703080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDADA16BDB86A4B5501C8597570857AAF3BB0A69
7713080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7723080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7733080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b5b0000 'C:\windows\System32\rpcrt4.dll'
7743080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7753080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7763080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
7773080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7783080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7793080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
7803080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\SystemRoot\System32\ntdll.dll'
7813080.1010: g_pfnWinVerifyTrust=00007ff80a7a1da0
7823080.1010: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7833080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7843080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7853080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
7863080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7873080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7883080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
7893080.1010: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
7903080.1010: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7913080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7923080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7933080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
7943080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7953080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7963080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
7973080.1010: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
7983080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7993080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8003080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8013080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8023080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8033080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8043080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
8053080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8063080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
8073080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
8083080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45ECE98858B46D7A91C9972C8F2F62C2E8A43CC
8093080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8103080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8113080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8123080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8133080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8143080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8153080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8163080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8173080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8183080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
8193080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8203080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8213080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8223080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
8233080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8243080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8253080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
8273080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8283080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8293080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8303080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
8313080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8323080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8333080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
8353080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8363080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8373080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8383080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
8393080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8403080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8413080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8423080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8433080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8443080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8453080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
8463080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8483080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
8493080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8503080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8513080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
8523080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8533080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8543080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
8553080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8563080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8573080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
8583080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8593080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8603080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
8613080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8623080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8633080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
8643080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8653080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8663080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8673080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
8683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8693080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8703080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
8713080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
8723080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
8733080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
8743080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\system32\crypt32.dll'
8753080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8763080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8773080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8783080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8793080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8803080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xdf8012250dd51135 CN=SAG-82W87S2
8813080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8823080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc2fca4bb98afb800 O=Software AG, CN=Software AG Root CA 2020
8833080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8843080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
8853080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8863080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8873080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xf99d8f3e8a37d100 CN=Microsoft Intune Root Certification Authority
8883080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
8893080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
8903080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
8913080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8923080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
8933080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8943080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8953080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8963080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xbedf2fa01f59a400 C=TW, O=Chunghwa Telecom Co., Ltd., CN=ePKI Root Certification Authority - G2
8973080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
8983080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8993080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9003080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9013080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
9023080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
9033080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
9043080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9053080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9063080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9073080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
9083080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9093080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9103080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9113080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
9123080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9133080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9143080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9153080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
9163080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9173080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
9183080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9193080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9203080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
9213080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9223080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
9233080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
9243080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
9253080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9263080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9273080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9283080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
9293080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9303080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9313080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9323080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
9333080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9343080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
9353080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9363080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9373080.1010: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9383080.1010: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=63
9393080.1010: SUPR3HardenedMain: Load Runtime...
9403080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
9413080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
9423080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9433080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9443080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9453080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
9463080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9473080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9483080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9493080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9503080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
9513080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
9523080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9533080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
9543080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9553080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9573080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9603080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
9613080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9623080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9633080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9643080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
9653080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9663080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9673080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9683080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9693080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9703080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
9713080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9723080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9733080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
9743080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9753080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
9763080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
9773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
9783080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9793080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9803080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9813080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9823080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9833080.1010: supR3HardenedDllNotificationCallback: load 00000000560e0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9843080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9853080.1010: supR3HardenedDllNotificationCallback: load 0000000055560000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9863080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9873080.1010: supR3HardenedDllNotificationCallback: load 00007ff80c7a0000 LB 0x0006b000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
9883080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9893080.1010: supR3HardenedDllNotificationCallback: load 00007fffdf4a0000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9903080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9913080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9923080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9933080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9943080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9953080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9963080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9973080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9983080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9993080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10003080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10013080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10023080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10033080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10043080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10053080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10063080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10073080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10083080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10093080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10103080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10113080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10123080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10133080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10143080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10153080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10163080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10173080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10183080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10193080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10203080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10213080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10223080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10233080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10243080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10253080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10263080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10273080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10283080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10293080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10303080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10313080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10323080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10333080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10353080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10363080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10373080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10383080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10393080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10403080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10413080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10423080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10433080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10443080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10453080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10463080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10473080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10483080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10493080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10503080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10513080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10523080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10533080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10543080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10553080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10563080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10573080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10583080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10593080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10603080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10613080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10623080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10633080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10643080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10653080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10663080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10673080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10683080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10703080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10713080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10723080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10733080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10743080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10753080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10763080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10783080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10793080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10803080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10813080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10823080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10833080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10843080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10853080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10863080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10873080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10883080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10893080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10903080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10913080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10923080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10933080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10943080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10953080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10963080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10973080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10983080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10993080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11003080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11013080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11023080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11033080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11043080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11053080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11063080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11073080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11083080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11093080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11103080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11113080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11123080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11133080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11143080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11153080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11163080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11173080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11183080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11193080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11203080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11213080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11223080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11233080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11243080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11253080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11273080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11283080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11293080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11303080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11313080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11323080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11333080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11353080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11363080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11373080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11383080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11393080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11403080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11413080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11423080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11433080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11443080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11453080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11463080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11483080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11493080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11503080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11513080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11523080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11533080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11543080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11553080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11563080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11573080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11583080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11593080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11603080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11613080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11623080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11633080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11643080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11653080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11663080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11673080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffdf4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
11693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
11703080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
11713080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11723080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a7a0000 'C:\windows\system32\Wintrust.dll'
11733080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
11743080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11753080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
11763080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
11773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
11783080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
11793080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\system32\crypt32.dll'
11803080.1010: SUPR3HardenedMain: Load TrustedMain...
11813080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
11823080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
11833080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11843080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
11853080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
11863080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
11873080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
11883080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
11893080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
11903080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
11913080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
11923080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
11933080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
11943080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
11953080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
11963080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
11973080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
11983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
11993080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12003080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
12013080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
12023080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12033080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
12043080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
12053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12063080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12073080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12083080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12093080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12103080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
12113080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
12123080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12133080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12143080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
12153080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
12163080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12173080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12183080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12193080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12203080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12213080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12223080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12233080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12243080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
12253080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12263080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
12273080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
12283080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12293080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12303080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
12313080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
12323080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
12333080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12343080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12353080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
12363080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12373080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12383080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
12393080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
12403080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
12413080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
12423080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
12433080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
12443080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
12453080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12463080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12473080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12483080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12493080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
12503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12523080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
12533080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12543080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
12553080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
12563080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
12573080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12593080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
12603080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
12613080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
12623080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
12633080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12643080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12653080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12663080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12673080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
12683080.1010: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
12693080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
12703080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
12713080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12723080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12733080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12743080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12753080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12763080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
12783080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
12793080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12803080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
12813080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
12823080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
12833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
12843080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
12853080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12863080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12873080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12883080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12893080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12903080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12913080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
12923080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
12933080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
12943080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12953080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12963080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
12973080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
12983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12993080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13003080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
13013080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13023080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13033080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13043080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13063080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
13073080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13083080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13093080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13103080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13113080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13123080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13133080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13143080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13153080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13163080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13173080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13183080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13193080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13203080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
13213080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13223080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13233080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13243080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13253080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13263080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13273080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13283080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13293080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13303080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13313080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13323080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13333080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
13343080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
13353080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13363080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13373080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13383080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13393080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13403080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13413080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13423080.1010: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
13433080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13443080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13453080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13463080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13473080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13483080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13493080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13523080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
13533080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13543080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
13553080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
13563080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
13573080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
13583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13603080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13613080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13623080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13633080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13643080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13653080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13663080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13673080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13683080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13693080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13703080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13713080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13723080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
13733080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13743080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13753080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13763080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13773080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13783080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13793080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13803080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13813080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13823080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13843080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13853080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13863080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13873080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
13883080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13893080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
13903080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13913080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
13923080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
13933080.1010: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
13943080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
13953080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13963080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13973080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
13983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13993080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14003080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14013080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14023080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14033080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14043080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14063080.1010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
14073080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
14083080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
14093080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14103080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14113080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14123080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14133080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14143080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14153080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14163080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14173080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14183080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14193080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14203080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14213080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14223080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14233080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14243080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14253080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14263080.1010: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
14273080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14283080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14293080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14303080.1010: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
14313080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
14323080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14333080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14343080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14353080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14363080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14373080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14383080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14393080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14403080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14413080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14423080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14433080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14443080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14453080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14463080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14473080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14483080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14493080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14523080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
14533080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14543080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14553080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14573080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14583080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14603080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14613080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14623080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
14633080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14643080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14653080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14663080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14673080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14683080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14693080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14703080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14713080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14723080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14733080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
14743080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14753080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14763080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14773080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14783080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14793080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14803080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14813080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14823080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14843080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14853080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14863080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14873080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14883080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14893080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14903080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14913080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14923080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14933080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14943080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14953080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
14963080.1010: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
14973080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14993080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15003080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
15013080.1010: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15023080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15033080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15043080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15063080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15073080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15083080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15093080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15103080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15113080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15123080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
15133080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
15143080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15153080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15163080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15173080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15183080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15193080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15203080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15213080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15223080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15233080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15243080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
15253080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
15263080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15273080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15283080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15293080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
15303080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
15313080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
15323080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F14F1B7D8729223C0DB5ABA6EC95E5C5A3D6D1EC
15333080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15343080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15353080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15363080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15373080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15383080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15393080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15403080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15413080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15423080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15433080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15443080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15453080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15463080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15473080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15483080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15493080.1010: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
15503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15523080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15533080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15543080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15553080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15573080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15603080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
15613080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
15623080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.662.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
15633080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15643080.1010: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
15653080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15663080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
15673080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15683080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
15693080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15703080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15713080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
15723080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15733080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
15743080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15753080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
15763080.1010: supR3HardenedDllNotificationCallback: load 00007ff80aa90000 LB 0x00022000 C:\windows\System32\win32u.dll [fFlags=0x0]
15773080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
15783080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a700000 LB 0x0009d000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
15793080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15803080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a980000 LB 0x0010b000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
15813080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15823080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
15833080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
15843080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
15853080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
15863080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
15873080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b4c0000 LB 0x0002a000 C:\windows\System32\GDI32.dll [fFlags=0x0]
15883080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
15893080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b780000 LB 0x001a0000 C:\windows\System32\USER32.dll [fFlags=0x0]
15903080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
15913080.1010: supR3HardenedDllNotificationCallback: load 00007ff80af50000 LB 0x00356000 C:\windows\System32\combase.dll [fFlags=0x0]
15923080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15933080.1010: supR3HardenedDllNotificationCallback: load 00007ffff42f0000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
15943080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15953080.1010: supR3HardenedDllNotificationCallback: load 00007ffff4320000 LB 0x00125000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
15963080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15973080.1010: supR3HardenedDllNotificationCallback: load 00007ff80c050000 LB 0x00743000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
15983080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
15993080.1010: supR3HardenedDllNotificationCallback: load 00007ff80ad60000 LB 0x0012a000 C:\windows\System32\ole32.dll [fFlags=0x0]
16003080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16013080.1010: supR3HardenedDllNotificationCallback: load 00007ff802070000 LB 0x0001d000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
16023080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16033080.1010: supR3HardenedDllNotificationCallback: load 0000000055b70000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
16043080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16053080.1010: supR3HardenedDllNotificationCallback: load 00007fffc55b0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
16063080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16073080.1010: supR3HardenedDllNotificationCallback: load 0000000055600000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
16083080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16093080.1010: supR3HardenedDllNotificationCallback: load 00007ff80ba60000 LB 0x000cd000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
16103080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16113080.1010: supR3HardenedDllNotificationCallback: load 00007fff9ea70000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
16123080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
16133080.1010: supR3HardenedDllNotificationCallback: load 0000000055500000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
16143080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16153080.1010: supR3HardenedDllNotificationCallback: load 00007ffff5db0000 LB 0x00027000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
16163080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16173080.1010: supR3HardenedDllNotificationCallback: load 00007ffff8e10000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
16183080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16193080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16203080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16213080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16223080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16233080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16243080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16253080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16273080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16283080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16293080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16303080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16313080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16323080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16333080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
16353080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16363080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
16373080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16383080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
16393080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
16403080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16413080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16423080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16433080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16443080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
16453080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16463080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16473080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
16483080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16493080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
16503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16523080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16533080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16543080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16553080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16573080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
16583080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16593080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
16603080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16613080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\kernel32.dll'
16623080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16633080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16643080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16653080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16663080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16673080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16683080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16703080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16713080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16723080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16733080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16743080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16753080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16763080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16773080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
16783080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16793080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
16803080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16813080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
16823080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16833080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16843080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16853080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16863080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16873080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16883080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16893080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16903080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16913080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16923080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16933080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16943080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16953080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16963080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16973080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
16983080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16993080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17003080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17013080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17023080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17033080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17043080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-string-l1-1-0'
17053080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17063080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17073080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17083080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17093080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17103080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17113080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17123080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17133080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17143080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17153080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17163080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17173080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17183080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17193080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17203080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17213080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17223080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17233080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17243080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17253080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17273080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17283080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17293080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17303080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17313080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17323080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17333080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17353080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17363080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17373080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17383080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17393080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17403080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17413080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17423080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17433080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17443080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17453080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
17463080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-datetime-l1-1-1'
17483080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17493080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17503080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17513080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17523080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17533080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17543080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17553080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17563080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17573080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17583080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17593080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17603080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17613080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17623080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17633080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17643080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17653080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17663080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17673080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17683080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17703080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17713080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17723080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17733080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17743080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17753080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17763080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17773080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17783080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17793080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17803080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17813080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17823080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17833080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17843080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17853080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17863080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17873080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17883080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
17893080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17903080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-localization-obsolete-l1-2-0'
17913080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17923080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17933080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17943080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17953080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17963080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17973080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17983080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17993080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18003080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18013080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18023080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18033080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18043080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18053080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18063080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18073080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18083080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18093080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18103080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18113080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18123080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18133080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18143080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18153080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18163080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18173080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18183080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18193080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18203080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18213080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18223080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18233080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18243080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18253080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18273080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18283080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18293080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18303080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18313080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18323080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
18333080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
18343080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
18353080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
18363080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18373080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18383080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18393080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18403080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18413080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18423080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18433080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18443080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18453080.1010: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18463080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18473080.1010: supR3HardenedDllNotificationCallback: load 00007ff80c910000 LB 0x00030000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
18483080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
18493080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c910000 'C:\windows\system32\IMM32.DLL'
18503080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18513080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
18523080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18533080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18543080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18553080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18563080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18573080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18583080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18593080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18603080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18613080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18623080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18633080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18643080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18653080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18663080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18673080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18683080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18703080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18713080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18723080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18733080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
18743080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18753080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18763080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18773080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18783080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18793080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18803080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
18813080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
18823080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18833080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18843080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18853080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18863080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18873080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18883080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18893080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
18903080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18913080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
18923080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18933080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18943080.1010: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\edgegdi.dll': 0 (NtPath=\??\C:\windows\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
18953080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\edgegdi.dll'
18963080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18973080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
18983080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18993080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19003080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19013080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19023080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19033080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19043080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19053080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19063080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19073080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19083080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19093080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19103080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19113080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19123080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19133080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19143080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19153080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19163080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19173080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19183080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19193080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19203080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c940000 'C:\windows\System32\ADVAPI32.DLL'
19213080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19223080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19233080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
19243080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
19253080.1010: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
19263080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
19273080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
19283080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
19293080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
19303080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
19313080.1010: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19323080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19333080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
19353080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
19363080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
19373080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
19383080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
19393080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
19403080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
19413080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
19423080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
19433080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff8e10000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
19443080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19453080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19463080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
19473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19483080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19493080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
19503080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
19513080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
19523080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
19533080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=087A92E70231A784DB8F333F449EAE73CA72A5AC
19543080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19553080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19563080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.662.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
19573080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19583080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
19593080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19603080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19613080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
19623080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19633080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19643080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
19653080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19663080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
19673080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
19703080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19713080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19723080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
19733080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19743080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19753080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
19763080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19773080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19783080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
19793080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
19803080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
19813080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
19823080.1010: SUPR3HardenedMain: Calling TrustedMain (00007ffff8e116c0)...
19833080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
19843080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
19853080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
19863080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
19873080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
19883080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19893080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
19903080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
19913080.1010: supR3HardenedDllNotificationCallback: load 00007ff809b50000 LB 0x0002c000 C:\windows\SYSTEM32\Wldp.dll [fFlags=0x0]
19923080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
19933080.1010: supR3HardenedDllNotificationCallback: load 00007ff8081f0000 LB 0x0078f000 C:\windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
19943080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
19953080.1010: supR3HardenedDllNotificationCallback: load 00007ff80acb0000 LB 0x000ae000 C:\windows\System32\SHCORE.dll [fFlags=0x0]
19963080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19973080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
19983080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
19993080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20003080.1010: supR3HardenedDllNotificationCallback: load 00007ff80b2b0000 LB 0x00055000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
20013080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20023080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
20033080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
20043080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20053080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20063080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20073080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20083080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20093080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20103080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20113080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20123080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20133080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20143080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
20153080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
20163080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
20173080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20183080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20193080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
20203080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20213080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20223080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20233080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20243080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
20253080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
20263080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20273080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
20283080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
20293080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20303080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
20313080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
20323080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20333080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
20343080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
20353080.1010: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
20363080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20373080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20383080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
20393080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
20403080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
20413080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
20423080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20433080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
20443080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
20453080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
20463080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
20473080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
20483080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
20493080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20523080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20533080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20543080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20553080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20573080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20603080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20613080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20623080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20633080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20643080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20653080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20663080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20673080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20683080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20693080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20703080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
20713080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
20723080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
20733080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20743080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20753080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20763080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20773080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20783080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20793080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20803080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20813080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20823080.1010: supR3HardenedDllNotificationCallback: load 00007fffe3f80000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
20833080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20843080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe3f80000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
20853080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
20863080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
20873080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
20883080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
20893080.1010: supR3HardenedDllNotificationCallback: load 00007ff807ff0000 LB 0x00012000 C:\windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
20903080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
20913080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20923080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20933080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20943080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20953080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
20963080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
20973080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
20983080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20993080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
21003080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
21013080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D4518D2FDDF5F612DEA6801698B1EA0650EE8486
21023080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
21033080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
21043080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
21053080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21063080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21073080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
21083080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
21093080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
21103080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21113080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21123080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21133080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21143080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21153080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21163080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21173080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21183080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21193080.1010: supR3HardenedDllNotificationCallback: load 00007ff807a50000 LB 0x0009e000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
21203080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21213080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a50000 'C:\windows\system32\uxtheme.dll'
21223080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b780000 'C:\windows\system32\user32.dll'
21233080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21243080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21253080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\shell32.dll'
21263080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
21273080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21283080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80acb0000 'C:\windows\system32\SHCore.dll'
21293080.1010: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
21303080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
21313080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21323080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21333080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\system32\winmm.dll'
21343080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21353080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21363080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\system32\winmm.dll'
21373080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21383080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21393080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\shell32.dll'
21403080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
21413080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21423080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a50000 'C:\windows\system32\uxtheme.dll'
21433080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
21443080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21453080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c940000 'C:\windows\system32\advapi32.dll'
21463080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
21473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
21483080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
21493080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
21503080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
21513080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21523080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21533080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21543080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
21553080.1010: supR3HardenedDllNotificationCallback: load 00007ff80a0c0000 LB 0x0002e000 C:\windows\system32\userenv.dll [fFlags=0x0]
21563080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
21573080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a0c0000 'C:\windows\system32\userenv.dll'
21583080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
21593080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21603080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\kernel32.dll'
21613080.1010: supR3HardenedDllNotificationCallback: load 00007ff80bb30000 LB 0x000a9000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
21623080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21633080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
21643080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
21653080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
21663080.1e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
21673080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21683080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21693080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21703080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21713080.1e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21723080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
21733080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
21743080.1e24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
21753080.1e24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
21763080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
21773080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21783080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21793080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21803080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21813080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21823080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21833080.1e24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
21843080.1e24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21853080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21863080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21873080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21883080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21893080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21903080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21913080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21923080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21933080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
21943080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21953080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21963080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21973080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21983080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
21993080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22003080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22013080.1e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22023080.1e24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
22033080.1e24: supR3HardenedDllNotificationCallback: load 00007fffca810000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
22043080.1e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
22053080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffca810000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
22063080.1e24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
22073080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
22083080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22093080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22103080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22113080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
22123080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22133080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22143080.1e24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22153080.1e24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
22163080.1e24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22173080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22183080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22193080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22203080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22213080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22223080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22233080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22243080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
22253080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22263080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22273080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
22283080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22293080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22303080.1e24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
22313080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22323080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22333080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22343080.1e24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22353080.1e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22363080.1e24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22373080.1e24: supR3HardenedDllNotificationCallback: load 00007fffe45e0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
22383080.1e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22393080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe45e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
22403080.1e24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22413080.1e24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22423080.1e24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ba60000 'C:\Windows\System32\oleaut32.dll'
22433080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b4c0000 'C:\windows\system32\gdi32.dll'
22443080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22453080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22463080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\shell32.dll'
22473080.1010: supR3HardenedDllNotificationCallback: load 00007ff80aaf0000 LB 0x00116000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
22483080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22493080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
22503080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
22513080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
22523080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
22533080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
22543080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
22553080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22573080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
22583080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22593080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22603080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22613080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22623080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22633080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22643080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22653080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22663080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22673080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
22683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
22693080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
22703080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22713080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
22723080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
22733080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3E635B51EBB2CF2245E98541D1AF5FE327DC975
22743080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
22753080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
22763080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
22773080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22783080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22793080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
22803080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
22813080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
22823080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
22843080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
22853080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
22863080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
22873080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
22883080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
22893080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
22903080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22913080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22923080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22933080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22943080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22953080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
22963080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22973080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22983080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
22993080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
23003080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
23013080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23023080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
23033080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
23043080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
23053080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
23063080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23073080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23083080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23093080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23103080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
23113080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
23123080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
23133080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
23143080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
23153080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23163080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
23173080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
23183080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
23193080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23203080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23213080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
23223080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23233080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23243080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
23253080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23263080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23273080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23283080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
23293080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
23303080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
23313080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
23323080.1010: supR3HardenedDllNotificationCallback: load 00007ff808b00000 LB 0x000f3000 C:\windows\system32\dxgi.dll [fFlags=0x0]
23333080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
23343080.1010: supR3HardenedDllNotificationCallback: load 00007ff8061d0000 LB 0x00264000 C:\windows\system32\d3d11.dll [fFlags=0x0]
23353080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
23363080.1010: supR3HardenedDllNotificationCallback: load 00007ff806e60000 LB 0x001e7000 C:\windows\system32\dcomp.dll [fFlags=0x0]
23373080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
23383080.1010: supR3HardenedDllNotificationCallback: load 00007fffd4d90000 LB 0x0003e000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
23393080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
23403080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b4c0000 'C:\windows\System32\gdi32.dll'
23413080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4d90000 'C:\windows\system32\dataexchange.dll'
23423080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
23433080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
23443080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
23453080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
23463080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
23473080.1010: supR3HardenedDllNotificationCallback: load 00007fffe9540000 LB 0x00201000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
23483080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
23493080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23503080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23513080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
23523080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23533080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23543080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
23553080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23573080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
23583080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
23593080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
23603080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
23613080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
23623080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23633080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80acb0000 'C:\windows\system32\Shcore.dll'
23643080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23653080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
23663080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
23673080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
23683080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
23693080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
23703080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
23713080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23723080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
23733080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
23743080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
23753080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
23763080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
23773080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23783080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
23793080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
23803080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
23813080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
23823080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
23833080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
23843080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
23853080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
23863080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
23873080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
23883080.1010: supR3HardenedDllNotificationCallback: load 00007ff808dd0000 LB 0x00033000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
23893080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
23903080.1010: supR3HardenedDllNotificationCallback: load 00007ff807730000 LB 0x000f2000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
23913080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23923080.1010: supR3HardenedDllNotificationCallback: load 00007ff806070000 LB 0x00154000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
23933080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23943080.1010: supR3HardenedDllNotificationCallback: load 00007ff8073d0000 LB 0x0035e000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
23953080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23963080.1010: supR3HardenedDllNotificationCallback: load 00007fffeaa80000 LB 0x000fb000 C:\windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
23973080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23993080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
24003080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
24013080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24023080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24033080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24043080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24053080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
24063080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24073080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24083080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24093080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24103080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24113080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
24123080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
24133080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
24143080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24153080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24163080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
24173080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
24183080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
24193080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24203080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24213080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
24223080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
24233080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
24243080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
24253080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
24263080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
24273080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24283080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24293080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24303080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24313080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24323080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24333080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24343080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24353080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24363080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
24373080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24383080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24393080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
24403080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24413080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24423080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
24433080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24443080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24453080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
24463080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24473080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24483080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
24493080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
24503080.1010: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24513080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b780000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
24523080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
24533080.1010: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24543080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b780000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
24553080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
24563080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24573080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80af50000 'api-ms-win-core-com-l1-1-0.dll'
24583080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
24593080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24603080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80aaf0000 'C:\windows\System32\MSCTF.dll'
24613080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24623080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24633080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\shell32.dll'
24643080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\shell32.dll'
24653080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
24663080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
24673080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24683080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
24693080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24703080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
24713080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
24723080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
24733080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
24743080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
24753080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24763080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24773080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24783080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24793080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
24803080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24813080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24823080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24833080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24843080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24853080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
24863080.1010: supR3HardenedDllNotificationCallback: load 00007ff807d00000 LB 0x0002f000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
24873080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
24883080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807d00000 'C:\windows\system32\dwmapi.dll'
24893080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24903080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24913080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a50000 'C:\windows\system32\uxtheme.dll'
24923080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24933080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextShaping.dll)
24943080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextShaping.dll
24953080.1010: supR3HardenedDllNotificationCallback: load 00007fffe5fc0000 LB 0x000ac000 C:\windows\SYSTEM32\TextShaping.dll [fFlags=0x0]
24963080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextShaping.dll [avoiding WinVerifyTrust]
24973080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24983080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24993080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
25003080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
25013080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextShaping.dll'
25023080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
25033080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25043080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807d00000 'C:\windows\SYSTEM32\dwmapi.dll'
25053080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
25063080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25073080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ad60000 'C:\windows\System32\ole32.dll'
25083080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ba60000 'C:\windows\System32\OLEAUT32.dll'
25093080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b14 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25103080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
25113080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
25123080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24E65BD1CEC5A0EC4647A91D813736DC7112053D
25133080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
25143080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
25153080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
25163080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25173080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25183080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25193080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25203080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
25213080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25223080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25233080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25243080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b08 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25253080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
25263080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
25273080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C300CB1A203662154729906A10B05CEE85D4742B
25283080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
25293080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
25303080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
25313080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25323080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25333080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
25343080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25353080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25363080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25373080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25383080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25393080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25403080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25413080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25423080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25433080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25443080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25453080.1010: supR3HardenedDllNotificationCallback: load 00007ff802730000 LB 0x00086000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
25463080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25473080.1010: supR3HardenedDllNotificationCallback: load 00007ff8017d0000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
25483080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25493080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
25503080.1010: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25513080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
25523080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8017d0000 'C:\windows\system32\wbem\wbemprox.dll'
25533080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25543080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
25553080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
25563080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D16B59E56C4ED9F0BBAA653FE2F79CAF6AC8AC7B
25573080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
25583080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
25593080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
25603080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25613080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25623080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
25633080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
25643080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25653080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25663080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25673080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25683080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25693080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25703080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25713080.1010: supR3HardenedDllNotificationCallback: load 00007ff800e80000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
25723080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25733080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff800e80000 'C:\windows\system32\wbem\wbemsvc.dll'
25743080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
25753080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25763080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-localization-l1-2-0.dll'
25773080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
25783080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25793080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
25803080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b88 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25813080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
25823080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
25833080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
25843080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
25853080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
25863080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
25873080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25883080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25893080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
25903080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25913080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25923080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25933080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25943080.1010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25953080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25963080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25973080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25983080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25993080.1010: supR3HardenedDllNotificationCallback: load 00007ff800ec0000 LB 0x0010b000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
26003080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
26013080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff800ec0000 'C:\windows\system32\wbem\fastprox.dll'
26023080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
26033080.1010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
26043080.1010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
26053080.1010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
26063080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26073080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
26083080.1010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
26093080.1010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26103080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26113080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
26123080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
26133080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
26143080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26153080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26163080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26173080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26183080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26193080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
26203080.1010: supR3HardenedDllNotificationCallback: load 00007ff800460000 LB 0x00019000 C:\windows\System32\amsi.dll [fFlags=0x0]
26213080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
26223080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff800460000 'C:\windows\System32\amsi.dll'
26233080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26243080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
26253080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
26263080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
26273080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
26283080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpOAV.dll) WinVerifyTrust
26293080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpOAV.dll
26303080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26313080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26323080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26333080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26343080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26353080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26363080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26373080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpOAV.dll
26383080.1010: supR3HardenedDllNotificationCallback: load 00007ff801ee0000 LB 0x00079000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpOav.dll [fFlags=0x0]
26393080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpOAV.dll
26403080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
26413080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26423080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-synch-l1-2-0'
26433080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
26443080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26453080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-fibers-l1-1-1'
26463080.1010: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
26473080.1010: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26483080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a330000 'api-ms-win-core-localization-l1-2-1'
26493080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
26503080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26513080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ae90000 'C:\windows\System32\kernel32.dll'
26523080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
26533080.1010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26543080.1010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
26553080.1010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
26563080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26573080.1010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26583080.1010: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26593080.1010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
26603080.1010: supR3HardenedDllNotificationCallback: load 00007ff801bf0000 LB 0x0000a000 C:\windows\system32\version.dll [fFlags=0x0]
26613080.1010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
26623080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801bf0000 'C:\windows\system32\version.dll'
26633080.1010: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
26643080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
26653080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff801ee0000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpOav.dll'
26663080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26673080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
26683080.1010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
26693080.1010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c940000 'C:\windows\System32\ADVAPI32.dll'
26703080.90c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
26713080.90c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26723080.90c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26733080.90c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26743080.90c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
26753080.90c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26763080.90c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26773080.90c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26783080.90c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26793080.90c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26803080.90c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26813080.90c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26823080.90c: supR3HardenedDllNotificationCallback: load 00007fffc5230000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26833080.90c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26843080.90c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc5230000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26853080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26863080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c88 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
26873080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
26883080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
26893080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAC8C290E6A586220883FAD5DCDC734D078E5A36
26903080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
26913080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
26923080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04111~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
26933080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26943080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
26953080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
26963080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
26973080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
26983080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
26993080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
27003080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
27013080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
27023080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
27033080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
27043080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
27053080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce8 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
27063080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
27073080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
27083080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBF6397EB75AA0F0A1F00943D02D98D1F9C5BA
27093080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27103080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27113080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
27123080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27133080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) WinVerifyTrust
27143080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
27153080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27163080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27173080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27183080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27193080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27203080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
27213080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
27223080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
27233080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
27243080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
27253080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
27263080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
27273080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
27283080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
27293080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
27303080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27313080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27323080.3c38: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
27333080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
27343080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
27353080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27363080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27373080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27383080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27393080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27403080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27413080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27423080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
27433080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
27443080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
27453080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27463080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27473080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
27483080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27493080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27503080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27513080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27523080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27533080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27543080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
27553080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27563080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27573080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27583080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27593080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27603080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
27613080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
27623080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
27633080.3c38: supR3HardenedDllNotificationCallback: load 00007ff80a930000 LB 0x0004e000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
27643080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
27653080.3c38: supR3HardenedDllNotificationCallback: load 00007ff801fe0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
27663080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
27673080.3c38: supR3HardenedDllNotificationCallback: load 00007ff80bbe0000 LB 0x00467000 C:\windows\System32\setupapi.dll [fFlags=0x0]
27683080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
27693080.3c38: supR3HardenedDllNotificationCallback: load 00007ff803070000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
27703080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
27713080.3c38: supR3HardenedDllNotificationCallback: load 00007ffff8ae0000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
27723080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
27733080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff8ae0000 'C:\Windows\System32\NetSetupShim.dll'
27743080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27753080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27763080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
27773080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27783080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27793080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27803080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
27813080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
27823080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
27833080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
27843080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
27853080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
27863080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
27873080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
27883080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
27893080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
27903080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
27913080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
27923080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
27933080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27943080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27953080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27963080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27973080.3c38: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
27983080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
27993080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
28003080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28013080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28023080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28033080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
28043080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
28053080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28063080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28073080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28083080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28093080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28103080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
28113080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
28123080.3c38: supR3HardenedDllNotificationCallback: load 00007ff80c900000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
28133080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
28143080.3c38: supR3HardenedDllNotificationCallback: load 00007ff8024e0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
28153080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
28163080.3c38: supR3HardenedDllNotificationCallback: load 00007fffae200000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
28173080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
28183080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffae200000 'C:\Windows\System32\NetSetupEngine.dll'
28193080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28203080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
28213080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
28223080.3c38: supR3HardenedDllNotificationCallback: Unload 00007fffae200000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
28233080.3c38: supR3HardenedDllNotificationCallback: Unload 00007ff8024e0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [flags=0x0]
28243080.3c38: supR3HardenedDllNotificationCallback: Unload 00007ff80c900000 LB 0x00008000 C:\windows\System32\NSI.dll [flags=0x0]
28253080.634: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
28263080.634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28273080.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28283080.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28293080.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
28303080.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
28313080.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28323080.634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
28333080.634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28343080.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28353080.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28363080.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28373080.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28383080.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28393080.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28403080.634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28413080.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28423080.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28433080.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28443080.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28453080.634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28463080.634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28473080.634: supR3HardenedDllNotificationCallback: load 00007ff805e90000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
28483080.634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28493080.634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805e90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
28503080.133c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
28513080.133c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28523080.133c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28533080.133c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28543080.133c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28553080.133c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
28563080.133c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28573080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28583080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28593080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28603080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28613080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28623080.133c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28633080.133c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28643080.133c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28653080.133c: supR3HardenedDllNotificationCallback: load 00007ff805e80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
28663080.133c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28673080.133c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805e80000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28683080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c050000 'C:\windows\system32\Shell32.dll'
28693080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
28703080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
28713080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
28723080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4C882F4212D993AB8CD1218452ADE578B4E8723
28733080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28743080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
28753080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
28763080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28773080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
28783080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
28793080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
28803080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
28813080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
28823080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28833080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
28843080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
28853080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
28863080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28873080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
28883080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
28893080.3c38: supR3HardenedDllNotificationCallback: load 00007ff802380000 LB 0x0001b000 C:\windows\SYSTEM32\vid.dll [fFlags=0x0]
28903080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
28913080.3c38: supR3HardenedDllNotificationCallback: load 00007ff805e50000 LB 0x00026000 C:\windows\system32\WinHvPlatform.dll [fFlags=0x0]
28923080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
28933080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805e50000 'C:\windows\system32\WinHvPlatform.dll'
28943080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
28953080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28963080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff802380000 'C:\windows\system32\vid.dll'
28973080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
28983080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
28993080.3c38: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
29003080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
29013080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29023080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29033080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80ca90000 'C:\windows\system32\NTDLL.DLL'
29043080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29053080.3c38: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
29063080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29073080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29083080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29093080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29103080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
29113080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
29123080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29133080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29143080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29153080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29163080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29173080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
29183080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
29193080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29203080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29213080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29223080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
29233080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
29243080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
29253080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29263080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29273080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29283080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29293080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
29303080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29313080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29323080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
29333080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29343080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29353080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
29363080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
29373080.3c38: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
29383080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29393080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29403080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29413080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
29423080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29433080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
29443080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
29453080.3c38: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
29463080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29473080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29483080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29493080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29503080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
29513080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29523080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29533080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29543080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29553080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
29563080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
29573080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
29583080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29593080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29603080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29613080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29623080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29633080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29643080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29653080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29663080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29673080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29683080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29693080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29703080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
29713080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29723080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29733080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29743080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29753080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29763080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29773080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29783080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
29793080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29803080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29813080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
29823080.3c38: supR3HardenedDllNotificationCallback: load 00007fffe4170000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
29833080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29843080.3c38: supR3HardenedDllNotificationCallback: load 00007fffc3fe0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
29853080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29863080.3c38: supR3HardenedDllNotificationCallback: load 00007ff809610000 LB 0x0003b000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
29873080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
29883080.3c38: supR3HardenedDllNotificationCallback: load 00007fffc4840000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
29893080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
29903080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4840000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
29913080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29923080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
29933080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29943080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffca810000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
29953080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
29963080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29973080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29983080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc3fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
29993080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30003080.2320: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
30013080.2320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30023080.2320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30033080.2320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30043080.2320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30053080.2320: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
30063080.2320: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30073080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30083080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30093080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30103080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30113080.2320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30123080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30133080.2320: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30143080.2320: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30153080.2320: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30163080.2320: supR3HardenedDllNotificationCallback: load 00007ff805e30000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
30173080.2320: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30183080.2320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805e30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
30193080.1c18: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
30203080.1c18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30213080.1c18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30223080.1c18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30233080.1c18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
30243080.1c18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
30253080.1c18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
30263080.1c18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30273080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30283080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30293080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30303080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30313080.1c18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30323080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30333080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30343080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30353080.1c18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30363080.1c18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30373080.1c18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30383080.1c18: supR3HardenedDllNotificationCallback: load 00007ff805e20000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
30393080.1c18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30403080.1c18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805e20000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
30413080.1e14: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
30423080.1e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30433080.1e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30443080.1e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30453080.1e14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30463080.1e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
30473080.1e14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30483080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30493080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30503080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30513080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30523080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30533080.1e14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30543080.1e14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30553080.1e14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30563080.1e14: supR3HardenedDllNotificationCallback: load 00007ff805d60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
30573080.1e14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30583080.1e14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805d60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
30593080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
30603080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30613080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff809610000 'C:\windows\system32\Iphlpapi.dll'
30623080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
30633080.3c38: supR3HardenedDllNotificationCallback: load 00007ff80c900000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
30643080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
30653080.3c38: supR3HardenedDllNotificationCallback: load 00007ff8024e0000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
30663080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
30673080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30683080.3c38: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
30693080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
30703080.3c38: supR3HardenedDllNotificationCallback: load 00007ff801f60000 LB 0x00017000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
30713080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
30723080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30733080.3c38: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
30743080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
30753080.3c38: supR3HardenedDllNotificationCallback: load 00007ff801c90000 LB 0x0001d000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
30763080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
30773080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
30783080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
30793080.3c38: supR3HardenedDllNotificationCallback: load 00007ff809650000 LB 0x000cb000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
30803080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
30813080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30823080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30833080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30843080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30853080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30863080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
30873080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
30883080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
30893080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
30903080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
30913080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
30923080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
30933080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
30943080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
30953080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30963080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
30973080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000101c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
30983080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
30993080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
31003080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
31013080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31023080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31033080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.746.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
31043080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31053080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
31063080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31073080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31083080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
31093080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
31103080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
31113080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
31123080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31133080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
31143080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
31153080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31163080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31173080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
31183080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
31193080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
31203080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31213080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31223080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31233080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31243080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
31253080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
31263080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
31273080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
31283080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31293080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31303080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
31313080.3c38: supR3HardenedDllNotificationCallback: load 00007ff809f70000 LB 0x0002c000 C:\windows\System32\DEVOBJ.dll [fFlags=0x0]
31323080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
31333080.3c38: supR3HardenedDllNotificationCallback: load 00007ff8032f0000 LB 0x00085000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
31343080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31353080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8032f0000 'C:\windows\System32\MMDevApi.dll'
31363080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001128 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
31373080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
31383080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
31393080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
31403080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31413080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31423080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
31433080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31443080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31453080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
31463080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
31473080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31483080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31493080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
31503080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31513080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
31523080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
31533080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
31543080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
31553080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31563080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
31573080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
31583080.3c38: supR3HardenedDllNotificationCallback: load 00007ff809780000 LB 0x0004b000 C:\windows\SYSTEM32\powrprof.dll [fFlags=0x0]
31593080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
31603080.3c38: supR3HardenedDllNotificationCallback: load 00007ffff55f0000 LB 0x00026000 C:\windows\SYSTEM32\winmmbase.dll [fFlags=0x0]
31613080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
31623080.3c38: supR3HardenedDllNotificationCallback: load 00007fffe47b0000 LB 0x0009c000 C:\windows\System32\dsound.dll [fFlags=0x0]
31633080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
31643080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
31653080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
31663080.3c38: supR3HardenedDllNotificationCallback: load 00007ff8095f0000 LB 0x00012000 C:\windows\SYSTEM32\UMPDC.dll [fFlags=0x0]
31673080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
31683080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
31693080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
31703080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
31713080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
31723080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
31733080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
31743080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
31753080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31763080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31773080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31783080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31793080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31803080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe47b0000 'C:\windows\System32\dsound.dll'
31813080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
31823080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
31833080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
31843080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
31853080.3c38: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
31863080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
31873080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe47b0000 'C:\windows\System32\dsound.dll'
31883080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31893080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31903080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
31913080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31923080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31933080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
31943080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
31953080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
31963080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
31973080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
31983080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31993080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe47b0000 'C:\windows\system32\dsound.dll'
32003080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
32013080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32023080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8032f0000 'C:\windows\System32\MMDEVAPI.DLL'
32033080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
32043080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32053080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
32063080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000115c pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32073080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
32083080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
32093080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
32103080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
32113080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
32123080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
32133080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32143080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32153080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
32163080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
32173080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
32183080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
32193080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32203080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32213080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32223080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
32233080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
32243080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
32253080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
32263080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
32273080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
32283080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
32293080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
32303080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32313080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
32323080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
32333080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32343080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32353080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
32363080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32373080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32383080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32393080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32403080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32413080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32423080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
32433080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
32443080.3c38: supR3HardenedDllNotificationCallback: load 00007ff805d50000 LB 0x00009000 C:\windows\SYSTEM32\ksuser.dll [fFlags=0x0]
32453080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
32463080.3c38: supR3HardenedDllNotificationCallback: load 00007ff803940000 LB 0x0000a000 C:\windows\SYSTEM32\AVRT.dll [fFlags=0x0]
32473080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
32483080.3c38: supR3HardenedDllNotificationCallback: load 00007ffffa140000 LB 0x00046000 C:\windows\System32\wdmaud.drv [fFlags=0x0]
32493080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32503080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32513080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32523080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32533080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32543080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32553080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32563080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32573080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32583080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32593080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32603080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32613080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32623080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32633080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
32643080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
32653080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
32663080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
32673080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
32683080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
32693080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
32703080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
32713080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32723080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32733080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
32743080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32753080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32763080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32773080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32783080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
32793080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
32803080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32813080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
32823080.3c38: supR3HardenedDllNotificationCallback: load 00007ff803380000 LB 0x00183000 C:\windows\System32\AUDIOSES.DLL [fFlags=0x0]
32833080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
32843080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff803380000 'C:\windows\System32\AUDIOSES.DLL'
32853080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32863080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32873080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32883080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32893080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32903080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32913080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32923080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32933080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32943080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32953080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32963080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32973080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
32983080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
32993080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33003080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
33013080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
33023080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffa140000 'C:\windows\System32\wdmaud.drv'
33033080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001028 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
33043080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
33053080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
33063080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F871EA11D693E9807F8DF13D54497BA0E40D30AB
33073080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
33083080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
33093080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
33103080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33113080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33123080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
33133080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
33143080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
33153080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33163080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
33173080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
33183080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
33193080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33203080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
33213080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
33223080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33233080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
33243080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
33253080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33263080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33273080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33283080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33293080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33303080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33313080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33323080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33333080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33343080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
33353080.3c38: supR3HardenedDllNotificationCallback: load 00007ff803ca0000 LB 0x0001e000 C:\windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
33363080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
33373080.3c38: supR3HardenedDllNotificationCallback: load 00007ff805c90000 LB 0x0000d000 C:\windows\System32\msacm32.drv [fFlags=0x0]
33383080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33393080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33403080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33413080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33423080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33433080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33443080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33453080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33463080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33473080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33483080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33493080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33503080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33513080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33523080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33533080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33543080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33553080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
33563080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33573080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33583080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33593080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33603080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805c90000 'C:\windows\System32\msacm32.drv'
33613080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b8 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
33623080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000190fb90
33633080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000190fb90
33643080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B1E0F68F4DF584853FE4112795D7092EFE15F7D
33653080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
33663080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
33673080.3c38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.685.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
33683080.3c38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33693080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33703080.3c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
33713080.3c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
33723080.3c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
33733080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
33743080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
33753080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
33763080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33773080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33783080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33793080.3c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
33803080.3c38: supR3HardenedDllNotificationCallback: load 00007ff8043a0000 LB 0x0000b000 C:\windows\System32\midimap.dll [fFlags=0x0]
33813080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
33823080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8043a0000 'C:\windows\System32\midimap.dll'
33833080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
33843080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33853080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8043a0000 'C:\windows\System32\midimap.dll'
33863080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
33873080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33883080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8043a0000 'C:\windows\System32\midimap.dll'
33893080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
33903080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
33913080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8043a0000 'C:\windows\System32\midimap.dll'
33923080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
33933080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33943080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
33953080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
33963080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33973080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
33983080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
33993080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34003080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34013080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34023080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34033080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34043080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34053080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
34063080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34073080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34083080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34093080.41dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34103080.41dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
34113080.41dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
34123080.41dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
34133080.41dc: supR3HardenedDllNotificationCallback: load 00007ff807c10000 LB 0x00014000 C:\windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
34143080.41dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
34153080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34163080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34173080.3c38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
34183080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34193080.3c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34203080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091a0000 'C:\windows\system32\rsaenh.dll'
34213080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a1d0000 'C:\windows\System32\crypt32.dll'
34223080.3c38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
34233080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34243080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34253080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34263080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34273080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34283080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34293080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34303080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
34313080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34323080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffe47b0000 'C:\windows\system32\dsound.dll'
34333080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34343080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34353080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34363080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34373080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34383080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34393080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'
34403080.3c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
34413080.3c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34423080.3c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff5db0000 'C:\windows\System32\winmm.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy