VirtualBox

Ticket #20160: VBoxHardening.log

File VBoxHardening.log, 446.0 KB (added by vas, 4 years ago)

VBoxHardening

Line 
12c78.3160: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa042ee00
22c78.3160: \SystemRoot\System32\ntdll.dll:
32c78.3160: CreationTime: 2020-04-20T04:52:36.807209200Z
42c78.3160: LastWriteTime: 2020-03-31T04:33:14.425385100Z
52c78.3160: ChangeTime: 2021-01-14T17:17:24.599707300Z
62c78.3160: FileAttributes: 0x20
72c78.3160: Size: 0x1da658
82c78.3160: NT Headers: 0xe8
92c78.3160: Timestamp: 0x4c780f2c
102c78.3160: Machine: 0x8664 - amd64
112c78.3160: Timestamp: 0x4c780f2c
122c78.3160: Image Version: 10.0
132c78.3160: SizeOfImage: 0x1e1000 (1970176)
142c78.3160: Resource Dir: 0x174000 LB 0x6b3e8
152c78.3160: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162c78.3160: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172c78.3160: ProductName: Microsoft® Windows® Operating System
182c78.3160: ProductVersion: 10.0.17134.1425
192c78.3160: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
202c78.3160: FileDescription: NT Layer DLL
212c78.3160: \SystemRoot\System32\kernel32.dll:
222c78.3160: CreationTime: 2020-04-20T04:52:08.266069600Z
232c78.3160: LastWriteTime: 2020-03-31T09:55:44.524621800Z
242c78.3160: ChangeTime: 2021-01-14T17:17:24.361342900Z
252c78.3160: FileAttributes: 0x20
262c78.3160: Size: 0xafc80
272c78.3160: NT Headers: 0xe8
282c78.3160: Timestamp: 0x474d3da1
292c78.3160: Machine: 0x8664 - amd64
302c78.3160: Timestamp: 0x474d3da1
312c78.3160: Image Version: 10.0
322c78.3160: SizeOfImage: 0xb1000 (724992)
332c78.3160: Resource Dir: 0xaf000 LB 0x520
342c78.3160: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352c78.3160: [Raw version resource data: 0xaf0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362c78.3160: ProductName: Microsoft® Windows® Operating System
372c78.3160: ProductVersion: 10.0.17134.1425
382c78.3160: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
392c78.3160: FileDescription: Windows NT BASE API Client DLL
402c78.3160: \SystemRoot\System32\KernelBase.dll:
412c78.3160: CreationTime: 2020-10-16T07:06:52.049443600Z
422c78.3160: LastWriteTime: 2020-09-30T04:01:10.703687100Z
432c78.3160: ChangeTime: 2021-01-14T17:17:24.593723300Z
442c78.3160: FileAttributes: 0x20
452c78.3160: Size: 0x273b70
462c78.3160: NT Headers: 0xf0
472c78.3160: Timestamp: 0xc9a4f29d
482c78.3160: Machine: 0x8664 - amd64
492c78.3160: Timestamp: 0xc9a4f29d
502c78.3160: Image Version: 10.0
512c78.3160: SizeOfImage: 0x273000 (2568192)
522c78.3160: Resource Dir: 0x251000 LB 0x548
532c78.3160: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542c78.3160: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552c78.3160: ProductName: Microsoft® Windows® Operating System
562c78.3160: ProductVersion: 10.0.17134.1792
572c78.3160: FileVersion: 10.0.17134.1792 (WinBuild.160101.0800)
582c78.3160: FileDescription: Windows NT BASE API Client DLL
592c78.3160: \SystemRoot\System32\apisetschema.dll:
602c78.3160: CreationTime: 2018-04-11T23:34:44.042150700Z
612c78.3160: LastWriteTime: 2018-04-11T23:34:44.042150700Z
622c78.3160: ChangeTime: 2018-10-31T01:22:03.656374800Z
632c78.3160: FileAttributes: 0x20
642c78.3160: Size: 0x1bd98
652c78.3160: NT Headers: 0xd0
662c78.3160: Timestamp: 0xd02ff418
672c78.3160: Machine: 0x8664 - amd64
682c78.3160: Timestamp: 0xd02ff418
692c78.3160: Image Version: 10.0
702c78.3160: SizeOfImage: 0x1c000 (114688)
712c78.3160: Resource Dir: 0x1b000 LB 0x408
722c78.3160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732c78.3160: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742c78.3160: ProductName: Microsoft® Windows® Operating System
752c78.3160: ProductVersion: 10.0.17134.1
762c78.3160: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
772c78.3160: FileDescription: ApiSet Schema DLL
782c78.3160: supR3HardenedWinFindAdversaries: 0x0
792c78.3160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
802c78.3160: Calling main()
812c78.3160: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
822c78.3160: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
832c78.3160: SUPR3HardenedMain: Respawn #1
842c78.3160: System32: \Device\HarddiskVolume4\Windows\System32
852c78.3160: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
862c78.3160: KnownDllPath: C:\windows\System32
872c78.3160: supR3HardenedWinInit: Performing a limited self purification...
882c78.3160: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
892c78.3160: *0000000000000000-00000000003bffff 0x0001/0x0000 0x0000000
902c78.3160: *00000000003c0000-00000000003cffff 0x0004/0x0004 0x0040000
912c78.3160: 00000000003d0000-00000000003dffff 0x0001/0x0000 0x0000000
922c78.3160: *00000000003e0000-00000000003f8fff 0x0002/0x0002 0x0040000
932c78.3160: 00000000003f9000-00000000003fffff 0x0001/0x0000 0x0000000
942c78.3160: *0000000000400000-0000000000551fff 0x0000/0x0004 0x0020000
952c78.3160: 0000000000552000-0000000000554fff 0x0004/0x0004 0x0020000
962c78.3160: 0000000000555000-00000000005fffff 0x0000/0x0004 0x0020000
972c78.3160: *0000000000600000-00000000006b8fff 0x0000/0x0004 0x0020000
982c78.3160: 00000000006b9000-00000000006bbfff 0x0104/0x0004 0x0020000
992c78.3160: 00000000006bc000-00000000006fffff 0x0004/0x0004 0x0020000
1002c78.3160: *0000000000700000-0000000000703fff 0x0002/0x0002 0x0040000
1012c78.3160: 0000000000704000-000000000070ffff 0x0001/0x0000 0x0000000
1022c78.3160: *0000000000710000-0000000000710fff 0x0004/0x0004 0x0020000
1032c78.3160: 0000000000711000-000000000071ffff 0x0001/0x0000 0x0000000
1042c78.3160: *0000000000720000-0000000000720fff 0x0004/0x0004 0x0020000
1052c78.3160: 0000000000721000-0000000000751fff 0x0000/0x0004 0x0020000
1062c78.3160: 0000000000752000-000000000075ffff 0x0001/0x0000 0x0000000
1072c78.3160: *0000000000760000-000000000076cfff 0x0004/0x0004 0x0020000
1082c78.3160: 000000000076d000-000000000085ffff 0x0000/0x0004 0x0020000
1092c78.3160: *0000000000860000-0000000000924fff 0x0002/0x0002 0x0040000
1102c78.3160: 0000000000925000-000000000092ffff 0x0001/0x0000 0x0000000
1112c78.3160: *0000000000930000-0000000000931fff 0x0004/0x0004 0x0020000
1122c78.3160: 0000000000932000-0000000000961fff 0x0000/0x0004 0x0020000
1132c78.3160: 0000000000962000-0000000000a5ffff 0x0001/0x0000 0x0000000
1142c78.3160: *0000000000a60000-0000000000a6efff 0x0004/0x0004 0x0020000
1152c78.3160: 0000000000a6f000-0000000000a6ffff 0x0000/0x0004 0x0020000
1162c78.3160: *0000000000a70000-0000000000a7cfff 0x0000/0x0004 0x0020000
1172c78.3160: 0000000000a7d000-0000000000c5efff 0x0004/0x0004 0x0020000
1182c78.3160: 0000000000c5f000-0000000000c5ffff 0x0000/0x0004 0x0020000
1192c78.3160: *0000000000c60000-0000000000c7cfff 0x0004/0x0004 0x0020000
1202c78.3160: 0000000000c7d000-0000000000d5ffff 0x0000/0x0004 0x0020000
1212c78.3160: 0000000000d60000-000000007ffdffff 0x0001/0x0000 0x0000000
1222c78.3160: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1232c78.3160: 000000007ffe1000-00007ff41bfcffff 0x0001/0x0000 0x0000000
1242c78.3160: *00007ff41bfd0000-00007ff41bfd4fff 0x0002/0x0002 0x0040000
1252c78.3160: 00007ff41bfd5000-00007ff41c0cffff 0x0000/0x0002 0x0040000
1262c78.3160: *00007ff41c0d0000-00007ff51c0effff 0x0000/0x0004 0x0020000
1272c78.3160: *00007ff51c0f0000-00007ff51e0effff 0x0000/0x0004 0x0020000
1282c78.3160: 00007ff51e0f0000-00007ff51e0f0fff 0x0004/0x0004 0x0020000
1292c78.3160: 00007ff51e0f1000-00007ff51e0fffff 0x0001/0x0000 0x0000000
1302c78.3160: *00007ff51e100000-00007ff51e122fff 0x0002/0x0002 0x0040000
1312c78.3160: 00007ff51e123000-00007ff79c89ffff 0x0001/0x0000 0x0000000
1322c78.3160: *00007ff79c8a0000-00007ff79c8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1332c78.3160: 00007ff79c8a1000-00007ff79c917fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1342c78.3160: 00007ff79c918000-00007ff79c918fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1352c78.3160: 00007ff79c919000-00007ff79c961fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1362c78.3160: 00007ff79c962000-00007ff79c964fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1372c78.3160: 00007ff79c965000-00007ff79c967fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1382c78.3160: 00007ff79c968000-00007ff79c96afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1392c78.3160: 00007ff79c96b000-00007ff79c96bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1402c78.3160: 00007ff79c96c000-00007ff79c96dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1412c78.3160: 00007ff79c96e000-00007ff79c96efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1422c78.3160: 00007ff79c96f000-00007ff79c9b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1432c78.3160: 00007ff79c9b8000-00007ff864c0ffff 0x0001/0x0000 0x0000000
1442c78.3160: *00007ff864c10000-00007ff864c10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1452c78.3160: 00007ff864c11000-00007ff864c5afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1462c78.3160: 00007ff864c5b000-00007ff864c7bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1472c78.3160: 00007ff864c7c000-00007ff864c7dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1482c78.3160: 00007ff864c7e000-00007ff864c7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1492c78.3160: 00007ff864c7f000-00007ff864c9afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
1502c78.3160: 00007ff864c9b000-00007ff867e4ffff 0x0001/0x0000 0x0000000
1512c78.3160: *00007ff867e50000-00007ff867e50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1522c78.3160: 00007ff867e51000-00007ff867f40fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1532c78.3160: 00007ff867f41000-00007ff86808bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1542c78.3160: 00007ff86808c000-00007ff86808ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1552c78.3160: 00007ff868090000-00007ff868090fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1562c78.3160: 00007ff868091000-00007ff8680c2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1572c78.3160: 00007ff8680c3000-00007ff86ac8ffff 0x0001/0x0000 0x0000000
1582c78.3160: *00007ff86ac90000-00007ff86ac90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1592c78.3160: 00007ff86ac91000-00007ff86ad04fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1602c78.3160: 00007ff86ad05000-00007ff86ad36fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1612c78.3160: 00007ff86ad37000-00007ff86ad37fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1622c78.3160: 00007ff86ad38000-00007ff86ad38fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1632c78.3160: 00007ff86ad39000-00007ff86ad40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1642c78.3160: 00007ff86ad41000-00007ff86b20ffff 0x0001/0x0000 0x0000000
1652c78.3160: *00007ff86b210000-00007ff86b210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1662c78.3160: 00007ff86b211000-00007ff86b31ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1672c78.3160: 00007ff86b320000-00007ff86b365fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1682c78.3160: 00007ff86b366000-00007ff86b366fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1692c78.3160: 00007ff86b367000-00007ff86b368fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1702c78.3160: 00007ff86b369000-00007ff86b370fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1712c78.3160: 00007ff86b371000-00007ff86b3f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1722c78.3160: 00007ff86b3f1000-00007ffffffeffff 0x0001/0x0000 0x0000000
1732c78.3160: kernel32.dll: timestamp 0x474d3da1 (rc=VINF_SUCCESS)
1742c78.3160: kernelbase.dll: timestamp 0xc9a4f29d (rc=VINF_SUCCESS)
1752c78.3160: apphelp.dll: timestamp 0xbdce45bd (rc=VINF_SUCCESS)
1762c78.3160: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
1772c78.3160: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1782c78.3160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1792c78.3160: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1802c78.3160: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
1812c78.3160: 00007ff864c5cd90 / 0x004cd90: 80 != 30
1822c78.3160: 00007ff864c5cd91 / 0x004cd91: 87 != 0c
1832c78.3160: 00007ff864c5cd92 / 0x004cd92: ea != cb
1842c78.3160: 00007ff864c5cd93 / 0x004cd93: 67 != 6a
1852c78.3160: 00007ff864c5cd98 / 0x004cd98: d0 != f0
1862c78.3160: 00007ff864c5cd99 / 0x004cd99: f0 != e8
1872c78.3160: 00007ff864c5cd9a / 0x004cd9a: eb != ca
1882c78.3160: 00007ff864c5cd9b / 0x004cd9b: 67 != 6a
1892c78.3160: 00007ff864c5cda0 / 0x004cda0: b0 != 50
1902c78.3160: 00007ff864c5cda1 / 0x004cda1: 8b != 4c
1912c78.3160: 00007ff864c5cda2 / 0x004cda2: e7 != ca
1922c78.3160: 00007ff864c5cda3 / 0x004cda3: 67 != 6a
1932c78.3160: 00007ff864c5cda8 / 0x004cda8: 00 != 80
1942c78.3160: 00007ff864c5cda9 / 0x004cda9: 97 != 79
1952c78.3160: 00007ff864c5cdaa / 0x004cdaa: ea != ca
1962c78.3160: 00007ff864c5cdab / 0x004cdab: 67 != 6a
1972c78.3160: 00007ff864c5cdb0 / 0x004cdb0: 60 != 40
1982c78.3160: 00007ff864c5cdb1 / 0x004cdb1: 22 != 0c
1992c78.3160: 00007ff864c5cdb2 / 0x004cdb2: ea != cb
2002c78.3160: 00007ff864c5cdb3 / 0x004cdb3: 67 != 6a
2012c78.3160: 00007ff864c5cdb8 / 0x004cdb8: c0 != 90
2022c78.3160: 00007ff864c5cdb9 / 0x004cdb9: 90 != b9
2032c78.3160: 00007ff864c5cdba / 0x004cdba: eb != ca
2042c78.3160: 00007ff864c5cdbb / 0x004cdbb: 67 != 6a
2052c78.3160: 00007ff864c5cdc0 / 0x004cdc0: 90 != 40
2062c78.3160: 00007ff864c5cdc1 / 0x004cdc1: df != b1
2072c78.3160: 00007ff864c5cdc2 / 0x004cdc2: ea != ca
2082c78.3160: 00007ff864c5cdc3 / 0x004cdc3: 67 != 6a
2092c78.3160: 00007ff864c5cdd0 / 0x004cdd0: 90 != a0
2102c78.3160: 00007ff864c5cdd1 / 0x004cdd1: fc != 97
2112c78.3160: 00007ff864c5cdd2 / 0x004cdd2: e7 != ca
2122c78.3160: 00007ff864c5cdd3 / 0x004cdd3: 67 != 6a
2132c78.3160: Restored 0x2000 bytes of original file content at 00007ff864c5b000
2142c78.3160: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
2152c78.3160: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2162c78.3160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2172c78.3160: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2182c78.3160: supR3HardNtEnableThreadCreationEx:
2192c78.3160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86b284f90 pvNtTerminateThread=00007ff86b2ab3f0
2202c78.3160: supR3HardenedWinDoReSpawn(1): New child 1ef4.2b04 [kernel32].
2212c78.3160: supR3HardNtChildGatherData: PebBaseAddress=0000000000cd3000 cbPeb=0x388
2222c78.3160: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff86b210000 uNtDllChildAddr=00007ff86b210000
2232c78.3160: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff86b284f90
2242c78.3160: supR3HardenedWinSetupChildInit: Initial context:
225 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff79c8a7900 rdx=0000000000cd3000
226 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
227 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
228 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
229 rip=00007ff86b283670 rsp=0000000000b9fe48 rbp=0000000000000000 ctxflags=0010001b
230 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
231 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
232 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
233 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
234 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2352c78.3160: supR3HardenedWinSetupChildInit: Start child.
2362c78.3160: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2372c78.3160: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
2382c78.3160: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2392c78.3160: *0000000000000000-0000000000a5ffff 0x0001/0x0000 0x0000000
2402c78.3160: *0000000000a60000-0000000000a7ffff 0x0004/0x0004 0x0020000
2412c78.3160: *0000000000a80000-0000000000a98fff 0x0002/0x0002 0x0040000
2422c78.3160: 0000000000a99000-0000000000a9ffff 0x0001/0x0000 0x0000000
2432c78.3160: *0000000000aa0000-0000000000b9afff 0x0000/0x0004 0x0020000
2442c78.3160: 0000000000b9b000-0000000000b9dfff 0x0104/0x0004 0x0020000
2452c78.3160: 0000000000b9e000-0000000000b9ffff 0x0004/0x0004 0x0020000
2462c78.3160: *0000000000ba0000-0000000000ba3fff 0x0002/0x0002 0x0040000
2472c78.3160: 0000000000ba4000-0000000000baffff 0x0001/0x0000 0x0000000
2482c78.3160: *0000000000bb0000-0000000000bb0fff 0x0004/0x0004 0x0020000
2492c78.3160: 0000000000bb1000-0000000000bfffff 0x0001/0x0000 0x0000000
2502c78.3160: *0000000000c00000-0000000000cd2fff 0x0000/0x0004 0x0020000
2512c78.3160: 0000000000cd3000-0000000000cd5fff 0x0004/0x0004 0x0020000
2522c78.3160: 0000000000cd6000-0000000000dfffff 0x0000/0x0004 0x0020000
2532c78.3160: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
2542c78.3160: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2552c78.3160: 000000007ffe1000-00007ff55200ffff 0x0001/0x0000 0x0000000
2562c78.3160: *00007ff552010000-00007ff552032fff 0x0002/0x0002 0x0040000
2572c78.3160: 00007ff552033000-00007ff79c89ffff 0x0001/0x0000 0x0000000
2582c78.3160: *00007ff79c8a0000-00007ff79c8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2592c78.3160: 00007ff79c8a1000-00007ff79c917fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2602c78.3160: 00007ff79c918000-00007ff79c918fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2612c78.3160: 00007ff79c919000-00007ff79c961fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2622c78.3160: 00007ff79c962000-00007ff79c962fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2632c78.3160: 00007ff79c963000-00007ff79c963fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2642c78.3160: 00007ff79c964000-00007ff79c968fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2652c78.3160: 00007ff79c969000-00007ff79c969fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2662c78.3160: 00007ff79c96a000-00007ff79c96afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2672c78.3160: 00007ff79c96b000-00007ff79c96efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2682c78.3160: 00007ff79c96f000-00007ff79c9b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2692c78.3160: 00007ff79c9b8000-00007ff86b20ffff 0x0001/0x0000 0x0000000
2702c78.3160: *00007ff86b210000-00007ff86b210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2712c78.3160: 00007ff86b211000-00007ff86b31ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2722c78.3160: 00007ff86b320000-00007ff86b365fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2732c78.3160: 00007ff86b366000-00007ff86b370fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2742c78.3160: 00007ff86b371000-00007ff86b37efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2752c78.3160: 00007ff86b37f000-00007ff86b37ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2762c78.3160: 00007ff86b380000-00007ff86b382fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2772c78.3160: 00007ff86b383000-00007ff86b3f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2782c78.3160: 00007ff86b3f1000-00007ffffffeffff 0x0001/0x0000 0x0000000
2792c78.3160: supR3HardNtChildPurify: Done after 266 ms and 0 fixes (loop #0).
2801ef4.2b04: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
2811ef4.2b04: supR3HardenedVmProcessInit: uNtDllAddr=00007ff86b210000 g_uNtVerCombined=0xa042ee00 (stack ~0000000000b9f8f8)
2821ef4.2b04: ntdll.dll: timestamp 0x4c780f2c (rc=VINF_SUCCESS)
2831ef4.2b04: New simple heap: #1 0000000000f00000 LB 0x400000 (for 1970176 allocation)
2842c78.3160: supR3HardNtEnableThreadCreationEx:
2851ef4.2b04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2861ef4.2b04: System32: \Device\HarddiskVolume4\Windows\System32
2871ef4.2b04: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2881ef4.2b04: KnownDllPath: C:\windows\System32
2891ef4.2b04: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2901ef4.2b04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2911ef4.2b04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2921ef4.2b04: Registered Dll notification callback with NTDLL.
2931ef4.2b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
2941ef4.2b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2951ef4.2b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2961ef4.2b04: supR3HardenedDllNotificationCallback: load 00007ff867e50000 LB 0x00273000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
2971ef4.2b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
2981ef4.2b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
2991ef4.2b04: supR3HardenedDllNotificationCallback: load 00007ff86ac90000 LB 0x000b1000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
3001ef4.2b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3011ef4.2b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ac90000 'C:\windows\System32\KERNEL32.DLL'
3021ef4.2b04: supR3HardenedDllNotificationCallback: load 00007ff79c8a0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3031ef4.2b04: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3041ef4.2b04: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3051ef4.2b04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3061ef4.2b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3071ef4.2b04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86b284f90 pvNtTerminateThread=00007ff86b2ab3f0
3082c78.3160: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
3091ef4.2b04: \SystemRoot\System32\ntdll.dll:
3101ef4.2b04: CreationTime: 2020-04-20T04:52:36.807209200Z
3111ef4.2b04: LastWriteTime: 2020-03-31T04:33:14.425385100Z
3121ef4.2b04: ChangeTime: 2021-01-14T17:17:24.599707300Z
3131ef4.2b04: FileAttributes: 0x20
3141ef4.2b04: Size: 0x1da658
3151ef4.2b04: NT Headers: 0xe8
3161ef4.2b04: Timestamp: 0x4c780f2c
3171ef4.2b04: Machine: 0x8664 - amd64
3181ef4.2b04: Timestamp: 0x4c780f2c
3191ef4.2b04: Image Version: 10.0
3201ef4.2b04: SizeOfImage: 0x1e1000 (1970176)
3211ef4.2b04: Resource Dir: 0x174000 LB 0x6b3e8
3221ef4.2b04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3231ef4.2b04: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3241ef4.2b04: ProductName: Microsoft® Windows® Operating System
3251ef4.2b04: ProductVersion: 10.0.17134.1425
3261ef4.2b04: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
3271ef4.2b04: FileDescription: NT Layer DLL
3281ef4.2b04: \SystemRoot\System32\kernel32.dll:
3291ef4.2b04: CreationTime: 2020-04-20T04:52:08.266069600Z
3301ef4.2b04: LastWriteTime: 2020-03-31T09:55:44.524621800Z
3311ef4.2b04: ChangeTime: 2021-01-14T17:17:24.361342900Z
3321ef4.2b04: FileAttributes: 0x20
3331ef4.2b04: Size: 0xafc80
3341ef4.2b04: NT Headers: 0xe8
3351ef4.2b04: Timestamp: 0x474d3da1
3361ef4.2b04: Machine: 0x8664 - amd64
3371ef4.2b04: Timestamp: 0x474d3da1
3381ef4.2b04: Image Version: 10.0
3391ef4.2b04: SizeOfImage: 0xb1000 (724992)
3401ef4.2b04: Resource Dir: 0xaf000 LB 0x520
3411ef4.2b04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3421ef4.2b04: [Raw version resource data: 0xaf0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3431ef4.2b04: ProductName: Microsoft® Windows® Operating System
3441ef4.2b04: ProductVersion: 10.0.17134.1425
3451ef4.2b04: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
3461ef4.2b04: FileDescription: Windows NT BASE API Client DLL
3471ef4.2b04: \SystemRoot\System32\KernelBase.dll:
3481ef4.2b04: CreationTime: 2020-10-16T07:06:52.049443600Z
3491ef4.2b04: LastWriteTime: 2020-09-30T04:01:10.703687100Z
3501ef4.2b04: ChangeTime: 2021-01-14T17:17:24.593723300Z
3511ef4.2b04: FileAttributes: 0x20
3521ef4.2b04: Size: 0x273b70
3531ef4.2b04: NT Headers: 0xf0
3541ef4.2b04: Timestamp: 0xc9a4f29d
3551ef4.2b04: Machine: 0x8664 - amd64
3561ef4.2b04: Timestamp: 0xc9a4f29d
3571ef4.2b04: Image Version: 10.0
3581ef4.2b04: SizeOfImage: 0x273000 (2568192)
3591ef4.2b04: Resource Dir: 0x251000 LB 0x548
3601ef4.2b04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3611ef4.2b04: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3621ef4.2b04: ProductName: Microsoft® Windows® Operating System
3631ef4.2b04: ProductVersion: 10.0.17134.1792
3641ef4.2b04: FileVersion: 10.0.17134.1792 (WinBuild.160101.0800)
3651ef4.2b04: FileDescription: Windows NT BASE API Client DLL
3661ef4.2b04: \SystemRoot\System32\apisetschema.dll:
3671ef4.2b04: CreationTime: 2018-04-11T23:34:44.042150700Z
3681ef4.2b04: LastWriteTime: 2018-04-11T23:34:44.042150700Z
3691ef4.2b04: ChangeTime: 2018-10-31T01:22:03.656374800Z
3701ef4.2b04: FileAttributes: 0x20
3711ef4.2b04: Size: 0x1bd98
3721ef4.2b04: NT Headers: 0xd0
3731ef4.2b04: Timestamp: 0xd02ff418
3741ef4.2b04: Machine: 0x8664 - amd64
3751ef4.2b04: Timestamp: 0xd02ff418
3761ef4.2b04: Image Version: 10.0
3771ef4.2b04: SizeOfImage: 0x1c000 (114688)
3781ef4.2b04: Resource Dir: 0x1b000 LB 0x408
3791ef4.2b04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3801ef4.2b04: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3811ef4.2b04: ProductName: Microsoft® Windows® Operating System
3821ef4.2b04: ProductVersion: 10.0.17134.1
3831ef4.2b04: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
3841ef4.2b04: FileDescription: ApiSet Schema DLL
3851ef4.2b04: supR3HardenedWinFindAdversaries: 0x0
3861ef4.2b04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3871ef4.2b04: Calling main()
3881ef4.2b04: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3891ef4.2b04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3901ef4.2b04: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3911ef4.2b04: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3921ef4.2b04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3931ef4.2b04: SUPR3HardenedMain: Respawn #2
3941ef4.2b04: supR3HardNtEnableThreadCreationEx:
3951ef4.2b04: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3961ef4.2b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
3971ef4.2b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3981ef4.2b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3991ef4.2b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b210000 'C:\windows\System32\ntdll.dll'
4001ef4.2b04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
4011ef4.2b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
4021ef4.2b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4031ef4.2b04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4041ef4.2b04: supR3HardenedDllNotificationCallback: load 00007ff864c10000 LB 0x0008b000 C:\windows\system32\apphelp.dll [fFlags=0x0]
4051ef4.2b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4061ef4.2b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
4071ef4.2b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4081ef4.2b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b210000 'C:\windows\System32\ntdll.dll'
4091ef4.2b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff864c10000 'C:\windows\system32\apphelp.dll'
4101ef4.2b04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86b284f90 pvNtTerminateThread=00007ff86b2ab3f0
4111ef4.2b04: supR3HardenedWinDoReSpawn(2): New child 7e8.30f4 [kernel32].
4121ef4.2b04: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
4131ef4.2b04: supR3HardNtChildGatherData: PebBaseAddress=00000000005a4000 cbPeb=0x388
4141ef4.2b04: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff86b210000 uNtDllChildAddr=00007ff86b210000
4151ef4.2b04: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff86b284f90
4161ef4.2b04: supR3HardenedWinSetupChildInit: Initial context:
417 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff79c8a7900 rdx=00000000005a4000
418 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
419 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
420 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
421 rip=00007ff86b283670 rsp=00000000006ff988 rbp=0000000000000000 ctxflags=0010001b
422 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
423 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
424 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
425 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
426 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4271ef4.2b04: kernel32.dll: timestamp 0x474d3da1 (rc=VINF_SUCCESS)
4281ef4.2b04: supR3HardenedWinSetupChildInit: Start child.
4291ef4.2b04: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4301ef4.2b04: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
4311ef4.2b04: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4321ef4.2b04: *0000000000000000-00000000002dffff 0x0001/0x0000 0x0000000
4331ef4.2b04: *00000000002e0000-00000000002fffff 0x0004/0x0004 0x0020000
4341ef4.2b04: *0000000000300000-0000000000318fff 0x0002/0x0002 0x0040000
4351ef4.2b04: 0000000000319000-000000000031ffff 0x0001/0x0000 0x0000000
4361ef4.2b04: *0000000000320000-0000000000323fff 0x0002/0x0002 0x0040000
4371ef4.2b04: 0000000000324000-000000000032ffff 0x0001/0x0000 0x0000000
4381ef4.2b04: *0000000000330000-0000000000330fff 0x0004/0x0004 0x0020000
4391ef4.2b04: 0000000000331000-00000000003fffff 0x0001/0x0000 0x0000000
4401ef4.2b04: *0000000000400000-00000000005a3fff 0x0000/0x0004 0x0020000
4411ef4.2b04: 00000000005a4000-00000000005a6fff 0x0004/0x0004 0x0020000
4421ef4.2b04: 00000000005a7000-00000000005fffff 0x0000/0x0004 0x0020000
4431ef4.2b04: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
4441ef4.2b04: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
4451ef4.2b04: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
4461ef4.2b04: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
4471ef4.2b04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4481ef4.2b04: 000000007ffe1000-00007ff56fd8ffff 0x0001/0x0000 0x0000000
4491ef4.2b04: *00007ff56fd90000-00007ff56fdb2fff 0x0002/0x0002 0x0040000
4501ef4.2b04: 00007ff56fdb3000-00007ff79c89ffff 0x0001/0x0000 0x0000000
4511ef4.2b04: *00007ff79c8a0000-00007ff79c8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4521ef4.2b04: 00007ff79c8a1000-00007ff79c917fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4531ef4.2b04: 00007ff79c918000-00007ff79c918fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4541ef4.2b04: 00007ff79c919000-00007ff79c961fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4551ef4.2b04: 00007ff79c962000-00007ff79c962fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4561ef4.2b04: 00007ff79c963000-00007ff79c963fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4571ef4.2b04: 00007ff79c964000-00007ff79c968fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4581ef4.2b04: 00007ff79c969000-00007ff79c969fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4591ef4.2b04: 00007ff79c96a000-00007ff79c96afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4601ef4.2b04: 00007ff79c96b000-00007ff79c96efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4611ef4.2b04: 00007ff79c96f000-00007ff79c9b7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4621ef4.2b04: 00007ff79c9b8000-00007ff86b20ffff 0x0001/0x0000 0x0000000
4631ef4.2b04: *00007ff86b210000-00007ff86b210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4641ef4.2b04: 00007ff86b211000-00007ff86b31ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4651ef4.2b04: 00007ff86b320000-00007ff86b365fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4661ef4.2b04: 00007ff86b366000-00007ff86b370fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4671ef4.2b04: 00007ff86b371000-00007ff86b37efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4681ef4.2b04: 00007ff86b37f000-00007ff86b37ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4691ef4.2b04: 00007ff86b380000-00007ff86b382fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4701ef4.2b04: 00007ff86b383000-00007ff86b3f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4711ef4.2b04: 00007ff86b3f1000-00007ffffffeffff 0x0001/0x0000 0x0000000
4721ef4.2b04: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
4731ef4.2b04: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4741ef4.2b04: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4751ef4.2b04: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4761ef4.2b04: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
4771ef4.2b04: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
4787e8.30f4: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
4797e8.30f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff86b210000 g_uNtVerCombined=0xa042ee00 (stack ~00000000006ff438)
4801ef4.2b04: supR3HardNtEnableThreadCreationEx:
4817e8.30f4: ntdll.dll: timestamp 0x4c780f2c (rc=VINF_SUCCESS)
4827e8.30f4: New simple heap: #1 0000000000800000 LB 0x400000 (for 1970176 allocation)
4837e8.30f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4847e8.30f4: System32: \Device\HarddiskVolume4\Windows\System32
4857e8.30f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
4867e8.30f4: KnownDllPath: C:\windows\System32
4877e8.30f4: supR3HardenedVmProcessInit: Opening vboxdrv...
4887e8.30f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4897e8.30f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4907e8.30f4: Registered Dll notification callback with NTDLL.
4917e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
4927e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
4937e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4947e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867e50000 LB 0x00273000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
4957e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
4967e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4977e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86ac90000 LB 0x000b1000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
4987e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ac90000 'C:\windows\System32\KERNEL32.DLL'
5007e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff79c8a0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5017e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5027e8.30f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5037e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5047e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5057e8.30f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86b284f90 pvNtTerminateThread=00007ff86b2ab3f0
5061ef4.2b04: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 93 ms.
5077e8.30f4: \SystemRoot\System32\ntdll.dll:
5087e8.30f4: CreationTime: 2020-04-20T04:52:36.807209200Z
5097e8.30f4: LastWriteTime: 2020-03-31T04:33:14.425385100Z
5107e8.30f4: ChangeTime: 2021-01-14T17:17:24.599707300Z
5117e8.30f4: FileAttributes: 0x20
5127e8.30f4: Size: 0x1da658
5137e8.30f4: NT Headers: 0xe8
5147e8.30f4: Timestamp: 0x4c780f2c
5157e8.30f4: Machine: 0x8664 - amd64
5167e8.30f4: Timestamp: 0x4c780f2c
5177e8.30f4: Image Version: 10.0
5187e8.30f4: SizeOfImage: 0x1e1000 (1970176)
5197e8.30f4: Resource Dir: 0x174000 LB 0x6b3e8
5207e8.30f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5217e8.30f4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5227e8.30f4: ProductName: Microsoft® Windows® Operating System
5237e8.30f4: ProductVersion: 10.0.17134.1425
5247e8.30f4: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
5257e8.30f4: FileDescription: NT Layer DLL
5267e8.30f4: \SystemRoot\System32\kernel32.dll:
5277e8.30f4: CreationTime: 2020-04-20T04:52:08.266069600Z
5287e8.30f4: LastWriteTime: 2020-03-31T09:55:44.524621800Z
5297e8.30f4: ChangeTime: 2021-01-14T17:17:24.361342900Z
5307e8.30f4: FileAttributes: 0x20
5317e8.30f4: Size: 0xafc80
5327e8.30f4: NT Headers: 0xe8
5337e8.30f4: Timestamp: 0x474d3da1
5347e8.30f4: Machine: 0x8664 - amd64
5357e8.30f4: Timestamp: 0x474d3da1
5367e8.30f4: Image Version: 10.0
5377e8.30f4: SizeOfImage: 0xb1000 (724992)
5387e8.30f4: Resource Dir: 0xaf000 LB 0x520
5397e8.30f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5407e8.30f4: [Raw version resource data: 0xaf0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5417e8.30f4: ProductName: Microsoft® Windows® Operating System
5427e8.30f4: ProductVersion: 10.0.17134.1425
5437e8.30f4: FileVersion: 10.0.17134.1425 (WinBuild.160101.0800)
5447e8.30f4: FileDescription: Windows NT BASE API Client DLL
5457e8.30f4: \SystemRoot\System32\KernelBase.dll:
5467e8.30f4: CreationTime: 2020-10-16T07:06:52.049443600Z
5477e8.30f4: LastWriteTime: 2020-09-30T04:01:10.703687100Z
5487e8.30f4: ChangeTime: 2021-01-14T17:17:24.593723300Z
5497e8.30f4: FileAttributes: 0x20
5507e8.30f4: Size: 0x273b70
5517e8.30f4: NT Headers: 0xf0
5527e8.30f4: Timestamp: 0xc9a4f29d
5537e8.30f4: Machine: 0x8664 - amd64
5547e8.30f4: Timestamp: 0xc9a4f29d
5557e8.30f4: Image Version: 10.0
5567e8.30f4: SizeOfImage: 0x273000 (2568192)
5577e8.30f4: Resource Dir: 0x251000 LB 0x548
5587e8.30f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5597e8.30f4: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5607e8.30f4: ProductName: Microsoft® Windows® Operating System
5617e8.30f4: ProductVersion: 10.0.17134.1792
5627e8.30f4: FileVersion: 10.0.17134.1792 (WinBuild.160101.0800)
5637e8.30f4: FileDescription: Windows NT BASE API Client DLL
5647e8.30f4: \SystemRoot\System32\apisetschema.dll:
5657e8.30f4: CreationTime: 2018-04-11T23:34:44.042150700Z
5667e8.30f4: LastWriteTime: 2018-04-11T23:34:44.042150700Z
5677e8.30f4: ChangeTime: 2018-10-31T01:22:03.656374800Z
5687e8.30f4: FileAttributes: 0x20
5697e8.30f4: Size: 0x1bd98
5707e8.30f4: NT Headers: 0xd0
5717e8.30f4: Timestamp: 0xd02ff418
5727e8.30f4: Machine: 0x8664 - amd64
5737e8.30f4: Timestamp: 0xd02ff418
5747e8.30f4: Image Version: 10.0
5757e8.30f4: SizeOfImage: 0x1c000 (114688)
5767e8.30f4: Resource Dir: 0x1b000 LB 0x408
5777e8.30f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5787e8.30f4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5797e8.30f4: ProductName: Microsoft® Windows® Operating System
5807e8.30f4: ProductVersion: 10.0.17134.1
5817e8.30f4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
5827e8.30f4: FileDescription: ApiSet Schema DLL
5837e8.30f4: supR3HardenedWinFindAdversaries: 0x0
5847e8.30f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
5857e8.30f4: Calling main()
5867e8.30f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
5877e8.30f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
5887e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5897e8.30f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5907e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5917e8.30f4: SUPR3HardenedMain: Final process, opening VBoxDrv...
5927e8.30f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
5937e8.30f4: supR3HardNtEnableThreadCreationEx:
5947e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
5957e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5967e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5977e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5987e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5997e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff861570000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6007e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6017e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6027e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff861570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6047e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6057e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff861570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff861570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6087e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6097e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6107e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
6117e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
6127e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
6137e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
6147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6167e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
6177e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
6187e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6197e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6207e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
6217e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
6227e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
6237e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6257e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
6267e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
6277e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6287e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6297e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
6307e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
6317e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6327e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6337e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6347e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6357e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff869200000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
6367e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6377e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867530000 LB 0x00012000 C:\windows\System32\MSASN1.dll [fFlags=0x0]
6387e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6397e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868370000 LB 0x000f8000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
6407e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
6417e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
6427e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868180000 LB 0x001e2000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
6437e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6447e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86aa70000 LB 0x00123000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
6457e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6467e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868ed0000 LB 0x0005b000 C:\windows\System32\sechost.dll [fFlags=0x0]
6477e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
6487e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
6497e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
6507e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86a750000 LB 0x000a1000 C:\windows\System32\advapi32.dll [fFlags=0x0]
6517e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6527e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
6537e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6547e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
6557e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
6567e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867660000 LB 0x00057000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
6577e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6587e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6597e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6607e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-synch-l1-2-0'
6617e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6627e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6637e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-fibers-l1-1-1'
6647e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6657e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6667e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-fibers-l1-1-1'
6677e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6687e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6697e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-synch-l1-2-0'
6707e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6717e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6727e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-localization-l1-2-1'
6737e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867660000 'C:\windows\system32\Wintrust.dll'
6747e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
6757e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
6767e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6777e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6787e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6797e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6807e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6817e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6827e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6847e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6857e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6867e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6877e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6887e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6897e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6907e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867000000 LB 0x00025000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
6917e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867000000 'C:\windows\system32\bcrypt.dll'
6937e8.30f4: bcrypt.dll loaded at 00007ff867000000, BCryptOpenAlgorithmProvider at 00007ff867002770, preloading providers:
6947e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
6957e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
6967e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6977e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868610000 LB 0x00079000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
6987e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868610000 'C:\windows\system32\bcryptprimitives.dll'
7007e8.30f4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000d75220)
7017e8.30f4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000d7c8d0)
7027e8.30f4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000d7f950)
7037e8.30f4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000d7fc20)
7047e8.30f4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000d7fef0)
7057e8.30f4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000d801c0)
7067e8.30f4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000d80490)
7077e8.30f4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000d80760)
7087e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
7097e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7107e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff866ed0000 LB 0x00017000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
7117e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7127e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
7137e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
7147e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
7157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7167e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7177e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7187e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7197e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7207e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8668d0000 LB 0x00033000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
7217e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7227e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
7237e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7247e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
7257e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
7267e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff866ef0000 LB 0x0000b000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7277e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7287e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7297e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7307e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7317e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7327e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7337e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ac90000 'C:\windows\System32\kernel32.dll'
7347e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7357e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7367e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867660000 'C:\windows\System32\WINTRUST.DLL'
7377e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7387e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7397e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\CRYPT32.dll'
7407e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868f30000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
7417e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
7427e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
7437e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7447e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7457e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
7467e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7477e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7487e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
7497e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
7507e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff865f20000 LB 0x00022000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
7517e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7527e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867510000 LB 0x0001f000 C:\windows\System32\profapi.dll [fFlags=0x0]
7537e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
7547e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
7557e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7567e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
7577e8.30f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
7587e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7617e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7627e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7647e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7657e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7667e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7677e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7687e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7697e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7707e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7717e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7727e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7737e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff860db0000 LB 0x0002e000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
7747e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7757e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7767e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7777e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7787e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7797e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7807e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7817e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7827e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7837e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7847e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7857e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7867e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7877e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7887e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7897e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7907e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7917e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7937e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7957e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7967e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7977e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7987e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
7997e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
8017e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
8037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\windows\System32\cryptnet.dll'
8047e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8057e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860db0000 'C:\Windows\System32\cryptnet.dll'
8067e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8077e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8087e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8097e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8107e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8117e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8127e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8137e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ddcc70
8147e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
8157e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29B9B903474F4D87FB07F1980086BDEFC7BA6587
8167e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8177e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8187e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86aa70000 'C:\windows\System32\rpcrt4.dll'
8197e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8207e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8217e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8227e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8237e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8247e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8257e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_981_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
8267e8.30f4: g_pfnWinVerifyTrust=00007ff867669950
8277e8.30f4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8287e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8297e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8307e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8317e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8327e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8337e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8347e8.30f4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
8357e8.30f4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8367e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8377e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8387e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8397e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
8407e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8417e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8427e8.30f4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
8437e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
8447e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
8457e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
8467e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
8477e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8487e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8497e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8507e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8517e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
8527e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
8547e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8557e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8567e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8577e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
8587e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8597e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8607e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8617e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
8627e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8637e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8647e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8657e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
8667e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8677e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8687e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8697e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
8707e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8717e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8727e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8737e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
8747e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8757e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8767e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
8777e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8787e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
8797e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8807e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8817e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
8827e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
8837e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8847e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8857e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
8877e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8887e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8897e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
8907e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8917e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8927e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
8937e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8957e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
8967e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
8977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
8987e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
8997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
9017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
9027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
9047e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
9057e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9067e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9087e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
9097e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9107e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
9117e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
9127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9137e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
9147e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
9157e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\system32\crypt32.dll'
9167e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9177e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9187e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9197e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9207e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9217e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9227e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf8c8eb675137a400 O=Quest Software Inc, CN=konea-ci
9237e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9247e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9257e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9267e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9277e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
9287e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
9297e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
9307e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9317e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9327e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
9337e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
9347e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
9357e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
9367e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9377e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9387e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9397e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9407e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9417e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
9427e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9437e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
9447e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
9457e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9467e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9477e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9487e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9497e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9507e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9517e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
9527e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9537e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
9547e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9557e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9567e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
9577e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9587e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
9597e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9607e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9617e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9627e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9637e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
9647e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9657e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
9667e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
9677e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9687e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9697e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9707e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9717e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9727e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9737e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
9747e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9757e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
9767e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
9777e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9787e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
9797e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9807e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9817e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x90868843a6af400 DC=com, DC=qualys, DC=corp, CN=corp-US01SV-CA01-CA
9827e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xe374d462fa5cd200 C=US, ST=CA, L=SFO, O=Qualys, Inc., OU=Operations, CN=Qualys Operations Legacy Root, Email=ops@qualys.com
9837e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x9076d9d20b7064dd Email=manager-it@qualys.com, C=US, ST=California, L=Redwood Shores, O=Qualys, OU=Corporate, CN=Qualys Corp CA
9847e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xac0952f08dd9ee00 O=Cisco, CN=Cisco Umbrella Root CA
9857e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x749990696b1ea600 C=US, ST=CA, L=SFO, O=Qualys, Inc., OU=Operations, CN=Qualys Operations Root CA, Email=ops@qualys.com
9867e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x2bae37e9b81fb400 C=US, ST=California, L=Redwood City, O=Qualys, Inc., OU=Operations, CN=Qualys Ops Root, Email=ops@qualys.com
9877e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x90868843a6af400 DC=com, DC=qualys, DC=corp, CN=corp-US01SV-CA01-CA
9887e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0xb66b7eabdfc5f200 C=US, ST=California, L=Foster City, O=Qualys, OU=qualys, Email=qgs@qualys.com, CN=qgs.proxy
9897e8.30f4: supR3HardenedWinIsDesiredRootCA: Adding 0x90868843a6af400 DC=com, DC=qualys, DC=corp, CN=corp-US01SV-CA01-CA
9907e8.30f4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=74
9917e8.30f4: SUPR3HardenedMain: Load Runtime...
9927e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
9937e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
9947e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9957e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9967e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9977e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
9987e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9997e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10007e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10017e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
10037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
10047e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10057e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
10067e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
10077e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10087e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10097e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10107e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10117e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10127e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
10137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10157e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10167e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
10177e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10187e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10197e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
10207e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10217e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10227e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
10237e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10257e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
10267e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10277e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
10287e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
10297e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
10307e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10317e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10327e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10337e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10347e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
10357e8.30f4: supR3HardenedDllNotificationCallback: load 0000000077010000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10367e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10377e8.30f4: supR3HardenedDllNotificationCallback: load 0000000076f70000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
10387e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
10397e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868f50000 LB 0x0006c000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
10407e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
10417e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff830830000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10427e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10437e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10447e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10457e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10467e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10477e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10487e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10497e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10507e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10527e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10537e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10547e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10557e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10567e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10577e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10587e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10597e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10607e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10617e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10627e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10637e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10647e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10657e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10667e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10677e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10687e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10697e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10707e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10717e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10727e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10737e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10747e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10757e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10767e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10777e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10787e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10797e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10807e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
10817e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10827e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10837e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10847e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10857e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10877e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10887e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10897e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10907e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10917e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10937e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10947e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10957e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10967e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10987e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10997e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11007e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11037e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11047e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11057e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11067e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11087e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11097e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11107e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11117e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11137e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11147e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11157e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11167e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11177e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11187e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11197e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11207e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11217e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11227e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11237e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11247e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11257e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11267e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11277e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11287e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11297e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11307e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11317e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11327e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11337e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11347e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11357e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11367e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11377e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11387e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11397e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11407e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11417e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11427e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11437e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11447e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11457e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11467e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11477e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11487e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11497e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11507e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11527e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11547e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11557e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11567e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11577e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11587e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11597e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11607e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11617e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11627e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11637e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11647e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11657e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11667e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11677e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11687e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11697e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11707e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11717e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11727e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11737e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11747e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11757e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11767e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11777e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11797e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11807e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11817e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11827e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11837e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11847e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11857e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11877e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11887e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11897e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11907e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11917e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11927e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11937e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11957e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11967e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11977e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11987e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12007e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12027e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12037e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12047e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
12057e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12077e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12087e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12097e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12107e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12117e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12127e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12137e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12147e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12157e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12167e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12177e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12187e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12197e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830830000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12207e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12217e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
12227e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
12237e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12247e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867660000 'C:\windows\system32\Wintrust.dll'
12257e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
12267e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12277e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12287e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
12297e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12307e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
12317e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\system32\crypt32.dll'
12327e8.30f4: SUPR3HardenedMain: Load TrustedMain...
12337e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
12347e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12357e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12367e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
12377e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12387e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12397e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12407e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12417e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12427e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12437e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12447e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12457e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12467e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12477e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12487e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12497e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12507e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12527e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12537e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
12547e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
12557e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12567e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
12577e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
12587e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12627e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
12657e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
12667e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12677e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
12687e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
12697e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12707e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12717e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12727e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
12737e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
12747e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12757e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
12767e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12777e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12787e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
12797e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
12807e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
12817e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12827e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12847e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12857e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
12867e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12877e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12887e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
12897e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12907e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'bcryptprimitives.dll'.
12917e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
12927e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
12937e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12947e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12957e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
12967e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
12977e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
12987e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
12997e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13007e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
13017e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13027e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
13047e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
13057e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13067e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
13077e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
13087e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
13097e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
13107e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
13117e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13157e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
13167e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13177e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13187e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
13197e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13207e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13217e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
13227e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
13237e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13257e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
13267e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
13277e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
13287e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13297e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13307e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13317e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13327e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13337e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13347e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13357e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
13367e8.30f4: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
13377e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
13387e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
13397e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
13407e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
13417e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13427e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13437e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
13447e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13467e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
13477e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13497e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13507e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13527e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13537e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
13547e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13557e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13567e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13577e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13587e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13597e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13627e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
13637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13657e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
13667e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13677e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13687e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
13697e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13707e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13717e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13727e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13737e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13747e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13757e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13767e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13777e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13787e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13797e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13807e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13817e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13827e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
13837e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13847e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13857e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13867e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13877e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13887e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13897e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13907e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13917e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13927e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13937e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13947e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13957e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
13967e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
13977e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13987e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13997e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14007e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14017e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14027e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14037e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14047e8.30f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14057e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14067e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14077e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14087e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14097e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14107e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14117e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14147e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
14157e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14167e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
14177e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
14187e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
14197e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
14207e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14217e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14227e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14237e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14257e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14267e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14277e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14287e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14297e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14307e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14317e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14327e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14337e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14347e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14357e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14367e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14377e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14387e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14397e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14407e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14417e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14427e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14437e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14447e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14467e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14477e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14497e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
14507e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14517e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14527e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14537e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14547e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14557e8.30f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
14567e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14577e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14587e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14597e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14627e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14657e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14667e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14677e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14687e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
14697e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
14707e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
14717e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14737e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
14747e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14757e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14767e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
14777e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14787e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14797e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14807e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14817e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14827e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14847e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14857e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14867e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14877e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14887e8.30f4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
14897e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14907e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14917e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14927e8.30f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
14937e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
14947e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14957e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14967e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14977e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14987e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14997e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15007e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15017e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15027e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15037e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15047e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15057e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
15067e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15077e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15087e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15097e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15107e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15117e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15147e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
15157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15167e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15177e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15187e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15197e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15207e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15217e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15227e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15237e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
15247e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15257e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15267e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15277e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15287e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15297e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15307e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15317e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15327e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15337e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15347e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15357e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15367e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15377e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15387e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15397e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15407e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15417e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15427e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15437e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15447e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15467e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15477e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15497e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15507e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15527e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15537e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15547e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15557e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15567e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
15577e8.30f4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15587e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15607e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15617e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
15627e8.30f4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15657e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15667e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15677e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15687e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15697e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15707e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15717e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15737e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
15747e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
15757e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15767e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15777e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15787e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15797e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15807e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15817e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15827e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15837e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15847e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15857e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
15867e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
15877e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15887e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15897e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15907e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
15917e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
15927e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
15937e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
15947e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15957e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15967e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15977e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15987e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15997e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16007e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16017e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16027e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16037e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16047e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16057e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16067e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16077e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
16087e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16097e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16107e8.30f4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16117e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16137e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16167e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16177e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16187e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16197e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16207e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16217e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
16227e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
16237e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
16247e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16257e8.30f4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
16267e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16277e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16287e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
16297e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
16307e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16317e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16327e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16337e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16347e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16357e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16367e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16377e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16387e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867710000 LB 0x00020000 C:\windows\System32\win32u.dll [fFlags=0x0]
16397e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16407e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8675c0000 LB 0x0009f000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
16417e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16427e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868470000 LB 0x00194000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
16437e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16447e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16457e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16467e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16477e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
16487e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
16497e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86b1b0000 LB 0x00028000 C:\windows\System32\GDI32.dll [fFlags=0x0]
16507e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16517e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86ad80000 LB 0x00190000 C:\windows\System32\USER32.dll [fFlags=0x0]
16527e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16537e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff83cdc0000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
16547e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16557e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff83c520000 LB 0x00120000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16567e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
16577e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8676c0000 LB 0x00049000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
16587e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
16597e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
16607e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868690000 LB 0x00322000 C:\windows\System32\combase.dll [fFlags=0x0]
16617e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16627e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86af10000 LB 0x000a8000 C:\windows\System32\shcore.dll [fFlags=0x0]
16637e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16647e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
16657e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
16667e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
16677e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
16687e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86a6f0000 LB 0x00051000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
16697e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16707e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
16717e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
16727e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
16737e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
16747e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8675a0000 LB 0x00011000 C:\windows\System32\kernel.appcore.dll [fFlags=0x0]
16757e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
16767e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
16777e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
16787e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
16797e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867550000 LB 0x0004c000 C:\windows\System32\powrprof.dll [fFlags=0x0]
16807e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
16817e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
16827e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
16837e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867500000 LB 0x0000a000 C:\windows\System32\FLTLIB.DLL [fFlags=0x0]
16847e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\fltLib.dll)
16857e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\fltLib.dll
16867e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867730000 LB 0x00713000 C:\windows\System32\windows.storage.dll [fFlags=0x0]
16877e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16887e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
16897e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
16907e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
16917e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
16927e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
16937e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
16947e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8692a0000 LB 0x01445000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
16957e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16967e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86b040000 LB 0x00152000 C:\windows\System32\ole32.dll [fFlags=0x0]
16977e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16987e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff855260000 LB 0x0001a000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
16997e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17007e8.30f4: supR3HardenedDllNotificationCallback: load 0000000076370000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17017e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17027e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff82e0e0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17037e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17047e8.30f4: supR3HardenedDllNotificationCallback: load 0000000075e00000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17057e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
17067e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86abc0000 LB 0x000c2000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
17077e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17087e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff81edc0000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
17097e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
17107e8.30f4: supR3HardenedDllNotificationCallback: load 0000000076f10000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
17117e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17127e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff864ce0000 LB 0x0002a000 C:\windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17137e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17147e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff864d10000 LB 0x00023000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
17157e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
17167e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff856550000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
17177e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
17187e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
17197e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
17207e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
17217e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
17227e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
17237e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
17247e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
17257e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
17267e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
17277e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
17287e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
17297e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
17307e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
17317e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
17327e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
17337e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
17347e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
17357e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
17367e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
17377e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
17387e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
17397e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
17407e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17417e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17427e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
17437e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
17447e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
17457e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
17467e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
17477e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
17487e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
17497e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
17507e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
17527e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
17537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
17547e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17557e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
17567e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume4\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
17577e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
17587e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
17597e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\fltLib.dll
17607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17627e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
17637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17657e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
17667e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17677e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
17687e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17697e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17707e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17717e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17737e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17747e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17757e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17767e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17777e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17787e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17797e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17807e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
17817e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
17827e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
17837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17847e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17857e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17867e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
17877e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17887e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17897e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17907e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17917e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17927e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
17937e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17947e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
17957e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17967e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17977e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17987e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17997e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18007e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18017e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18027e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18037e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
18047e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18057e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18067e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18077e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18087e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
18097e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18107e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18117e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18127e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18137e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
18147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18167e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18177e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18187e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
18197e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18207e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ac90000 'C:\windows\System32\kernel32.dll'
18217e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
18227e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
18237e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
18247e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
18257e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
18267e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
18277e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
18287e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
18297e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
18307e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
18317e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
18327e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
18337e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
18347e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
18357e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
18367e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
18377e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
18387e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
18397e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
18407e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
18417e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
18427e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
18437e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18447e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18457e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18467e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
18477e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18487e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
18497e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18507e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
18517e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18527e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
18537e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
18547e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
18557e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
18567e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
18577e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
18587e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
18597e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
18607e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
18617e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
18627e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
18637e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
18647e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
18657e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
18667e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
18677e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
18687e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
18697e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
18707e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
18717e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
18727e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
18737e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
18747e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
18757e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
18767e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
18777e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
18787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
18797e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18807e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18817e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18827e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
18837e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18847e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
18857e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
18877e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
18887e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
18897e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
18907e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
18917e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
18927e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
18937e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
18947e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18957e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-string-l1-1-0'
18967e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
18977e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
18987e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
18997e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
19007e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19027e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19037e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19047e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19057e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19067e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19077e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19087e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19097e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19107e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19117e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19127e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19137e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
19147e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19157e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
19167e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
19177e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
19187e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19197e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19207e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
19217e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
19227e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
19237e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
19247e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
19257e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
19267e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
19277e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
19287e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
19297e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
19307e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
19317e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
19327e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
19337e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
19347e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
19357e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
19367e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19377e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19387e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19397e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19407e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19417e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19427e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19437e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19447e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19457e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19467e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19477e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19487e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19497e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
19507e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
19527e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
19537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
19547e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19557e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19567e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
19577e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
19587e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
19597e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
19607e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
19617e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
19627e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
19637e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
19647e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
19657e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
19667e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
19677e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
19687e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
19697e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19707e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-datetime-l1-1-1'
19717e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
19727e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
19737e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
19747e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
19757e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
19767e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
19777e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
19787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
19797e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19807e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
19817e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
19827e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
19837e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
19847e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
19857e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
19867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
19877e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19887e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
19897e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19907e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
19917e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
19927e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
19937e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19947e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19957e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
19967e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
19977e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
19987e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
19997e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20007e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20017e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20027e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20037e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20047e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20057e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20067e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20077e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20087e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20097e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
20107e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
20117e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20127e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20137e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20147e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20157e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20167e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20177e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20187e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20197e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20207e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20217e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20227e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20237e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20247e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20257e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20267e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20277e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20287e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20297e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20307e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20317e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20327e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20337e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20347e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20357e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20367e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20377e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20387e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20397e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20407e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20417e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20427e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20437e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
20447e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20457e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-localization-obsolete-l1-2-0'
20467e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20477e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20487e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
20497e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
20507e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20527e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20547e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20557e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20567e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20577e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20587e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20597e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20607e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20617e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20627e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20637e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20647e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20657e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20667e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
20677e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
20687e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
20697e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
20707e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
20717e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
20727e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
20737e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
20747e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
20757e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
20767e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
20777e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
20787e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
20797e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
20807e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20817e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20827e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20837e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20847e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
20857e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
20867e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20877e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20887e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20897e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20907e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20917e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20927e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20937e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20947e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20957e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20967e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20977e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20987e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20997e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21007e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21027e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21037e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21047e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21057e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21067e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21077e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21087e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21097e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21107e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21117e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
21127e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21137e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
21147e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21157e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21167e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21177e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21187e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21197e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
21207e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
21217e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
21227e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
21237e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21257e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21267e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21277e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
21287e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21297e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21307e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
21317e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21327e8.30f4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
21337e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21347e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86ad50000 LB 0x0002d000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
21357e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
21367e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad50000 'C:\windows\system32\IMM32.DLL'
21377e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21387e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
21397e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21407e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21417e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
21427e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
21437e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21447e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21457e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21467e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21477e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21487e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21497e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21507e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21517e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21527e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21537e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21547e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21557e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21567e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21577e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21587e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21597e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21607e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21617e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21627e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
21637e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21647e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21657e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21667e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21677e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
21687e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
21697e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
21707e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
21717e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21727e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21737e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21747e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21757e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21767e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
21777e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
21787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
21797e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
21807e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
21817e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
21827e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
21837e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
21847e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
21857e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
21867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
21877e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
21887e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
21897e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
21907e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
21917e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
21927e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
21937e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
21947e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
21957e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21967e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21977e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
21987e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
21997e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22007e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22017e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22027e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22037e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22047e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22057e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22067e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22077e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22087e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22097e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22107e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22117e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22127e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22137e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
22147e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22157e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86a750000 'C:\windows\System32\ADVAPI32.DLL'
22167e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
22177e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
22187e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22197e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22207e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'.
22217e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll' [rescheduled]
22227e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22237e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22247e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22257e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22267e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22277e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22287e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22297e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22307e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22317e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22327e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22337e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22347e8.30f4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22357e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22367e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22377e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22387e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
22397e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
22407e8.30f4: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
22417e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22427e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22437e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22447e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22457e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22467e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
22477e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
22487e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
22497e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
22507e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22517e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22527e8.30f4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22537e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22547e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff856550000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
22557e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22567e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22577e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
22587e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22597e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22607e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
22617e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22627e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22637e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\fltLib.dll'
22647e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22657e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22667e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
22677e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22687e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22697e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
22707e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22717e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22727e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
22737e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22747e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22757e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
22767e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22777e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
22797e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22807e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22817e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
22827e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
22837e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
22847e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
22857e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AEBDA7F9CE62121C5283368BCE33004ECEC2C78B
22867e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22877e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22887e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
22897e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22907e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
22917e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22937e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
22947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22957e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
22967e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
22977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
22987e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
22997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23017e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
23027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23047e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
23057e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23077e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
23087e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23097e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23107e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
23117e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23137e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
23147e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23157e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23167e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
23177e8.30f4: SUPR3HardenedMain: Calling TrustedMain (00007ff8565516c0)...
23187e8.30f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
23197e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
23207e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23217e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23227e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
23237e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
23247e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23257e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
23267e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
23277e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23287e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
23297e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
23307e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
23317e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
23327e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
23337e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
23347e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23357e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23367e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23377e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23387e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23397e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23407e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23417e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23427e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23437e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23447e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23457e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23467e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
23477e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23487e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
23497e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23507e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23517e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23527e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
23537e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
23547e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23557e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23567e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23577e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
23587e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23627e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
23637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23657e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23667e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23677e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff845250000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
23687e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23697e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff845250000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
23707e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
23717e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
23727e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
23737e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=602E67F9A652144F0F4C854C7A63A7DE26EF8ED9
23747e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
23757e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
23767e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_774_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
23777e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23787e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23797e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
23807e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
23817e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
23827e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
23837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23847e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23857e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23867e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23877e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23887e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23897e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23907e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
23917e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8655b0000 LB 0x00098000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
23927e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
23937e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8655b0000 'C:\windows\system32\uxtheme.dll'
23947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad80000 'C:\windows\system32\user32.dll'
23957e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
23967e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
23987e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
23997e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86af10000 'C:\windows\system32\SHCore.dll'
24017e8.30f4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
24027e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
24037e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24047e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
24057e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
24067e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
24077e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
24087e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
24097e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8658b0000 LB 0x00029000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
24107e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
24117e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24157e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
24167e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24177e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24187e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
24197e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24207e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24217e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
24227e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
24237e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
24247e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24257e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24267e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff864d10000 'C:\windows\system32\winmm.dll'
24277e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24287e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24297e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff864d10000 'C:\windows\system32\winmm.dll'
24307e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
24317e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24327e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
24337e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24347e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24357e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8655b0000 'C:\windows\system32\uxtheme.dll'
24367e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24377e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24387e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86a750000 'C:\windows\system32\advapi32.dll'
24397e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
24407e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
24417e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
24427e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
24437e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
24447e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
24457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
24467e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
24477e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
24487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24497e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24507e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
24517e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24527e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
24537e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff867430000 LB 0x00028000 C:\windows\system32\userenv.dll [fFlags=0x0]
24547e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
24557e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867430000 'C:\windows\system32\userenv.dll'
24567e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
24577e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24587e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ac90000 'C:\windows\System32\kernel32.dll'
24597e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff868fc0000 LB 0x000a0000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
24607e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24617e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
24627e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
24637e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
24647e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24657e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24667e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24677e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24687e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
24697e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
24707e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
24717e8.146c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
24727e8.146c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
24737e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
24747e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24757e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24767e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24777e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24787e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24797e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24807e8.146c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
24817e8.146c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
24827e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24837e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24847e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24857e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24867e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24877e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24887e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24897e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24907e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24917e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24927e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24937e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24947e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24957e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
24967e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24977e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24987e8.146c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24997e8.146c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25007e8.146c: supR3HardenedDllNotificationCallback: load 00007ff82dd20000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25017e8.146c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25027e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82dd20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25037e8.146c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
25047e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25057e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25067e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25077e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25087e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
25097e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25107e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25117e8.146c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
25127e8.146c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
25137e8.146c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25147e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25157e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25167e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25177e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25187e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25197e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25207e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25217e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
25227e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25237e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25247e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
25257e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25267e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25277e8.146c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
25287e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25297e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25307e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25317e8.146c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25327e8.146c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25337e8.146c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25347e8.146c: supR3HardenedDllNotificationCallback: load 00007ff845160000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
25357e8.146c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25367e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff845160000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
25377e8.146c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25387e8.146c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25397e8.146c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86abc0000 'C:\Windows\System32\oleaut32.dll'
25407e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b1b0000 'C:\windows\system32\gdi32.dll'
25417e8.2a98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25427e8.2a98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25437e8.2a98: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
25447e8.2a98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25457e8.2a98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25467e8.2a98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25477e8.2a98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
25487e8.2a98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25497e8.2a98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25507e8.2a98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25517e8.2a98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25527e8.2a98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25537e8.2a98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25547e8.2a98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25557e8.2a98: supR3HardenedDllNotificationCallback: load 00007ff85f170000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
25567e8.2a98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25577e8.2a98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85f170000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
25587e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25597e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25607e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
25617e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff86a8f0000 LB 0x00174000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
25627e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25637e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
25647e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
25657e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
25667e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
25677e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
25687e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
25697e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
25707e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25717e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
25737e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
25747e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
25757e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25767e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25777e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25787e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25797e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25807e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25817e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25827e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25837e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25847e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25857e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
25867e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
25877e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000970 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
25887e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
25897e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
25907e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3300F489F0B34E28D889D86050EF644F74B6C231
25917e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
25927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
25937e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_553_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
25947e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25957e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25967e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
25977e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
25987e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
25997e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
26007e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
26017e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26027e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
26037e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
26047e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
26057e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
26067e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
26077e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
26087e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
26097e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
26107e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
26117e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
26127e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
26137e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
26147e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
26157e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
26167e8.30f4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
26177e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26187e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
26197e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
26207e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
26217e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26227e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26237e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26247e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26257e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26267e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
26277e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26287e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26297e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
26307e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26317e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26327e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
26337e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26347e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26357e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
26367e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
26377e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26387e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
26397e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
26407e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
26417e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
26427e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26437e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26447e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
26457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26467e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26477e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
26487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26497e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26507e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
26517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
26527e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
26537e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
26547e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
26557e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [redoing WinVerifyTrust]
26567e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
26577e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
26587e8.30f4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
26597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26617e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26627e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26637e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
26647e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
26657e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
26667e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff8662c0000 LB 0x000bb000 C:\windows\system32\dxgi.dll [fFlags=0x0]
26677e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
26687e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff863740000 LB 0x0030b000 C:\windows\system32\d3d11.dll [fFlags=0x0]
26697e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
26707e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff864140000 LB 0x0019c000 C:\windows\system32\dcomp.dll [fFlags=0x0]
26717e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
26727e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff83db10000 LB 0x00058000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
26737e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26747e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
26757e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26767e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b1b0000 'C:\windows\System32\gdi32.dll'
26777e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83db10000 'C:\windows\system32\dataexchange.dll'
26787e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26797e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
26807e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
26817e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
26827e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
26837e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
26847e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26857e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
26867e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
26877e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
26887e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff865910000 LB 0x00021000 C:\windows\system32\RMCLIENT.dll [fFlags=0x0]
26897e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
26907e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff865940000 LB 0x001b7000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
26917e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
26927e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26937e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26947e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26957e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26967e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26977e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26987e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
26997e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27007e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27017e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
27027e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
27037e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
27047e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27057e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27087e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
27097e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27107e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
27117e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27137e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
27147e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
27157e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27167e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86af10000 'C:\windows\system32\Shcore.dll'
27177e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27187e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
27197e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
27207e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
27217e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
27227e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27237e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
27247e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
27257e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
27267e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
27277e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27287e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
27297e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
27307e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
27317e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
27327e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
27337e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
27347e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
27357e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
27367e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
27377e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
27387e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff866560000 LB 0x00031000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
27397e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
27407e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff864800000 LB 0x000da000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
27417e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
27427e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff862d60000 LB 0x00147000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
27437e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
27447e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff85f6f0000 LB 0x0031e000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
27457e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
27467e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff85d8d0000 LB 0x00092000 C:\windows\System32\TextInputFramework.dll [fFlags=0x0]
27477e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
27487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
27497e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
27507e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
27517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27527e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27537e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27547e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27557e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
27567e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27577e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27587e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27597e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27607e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
27617e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
27627e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
27637e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
27647e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
27657e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
27667e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27677e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27687e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
27697e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
27707e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
27717e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
27727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
27737e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
27747e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27757e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27767e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27777e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27787e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
27797e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27807e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27817e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
27827e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27837e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27847e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
27857e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27867e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27877e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
27887e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
27897e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
27907e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
27917e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86abc0000 'C:\windows\System32\OLEAUT32.DLL'
27927e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
27937e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad80000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
27957e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
27967e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad80000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
27987e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
27997e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868690000 'api-ms-win-core-com-l1-1-0.dll'
28017e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
28027e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28037e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86a8f0000 'C:\windows\System32\MSCTF.dll'
28047e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
28057e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
28077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
28087e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
28097e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28107e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b040000 'C:\windows\System32\ole32.dll'
28117e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86abc0000 'C:\windows\System32\OLEAUT32.dll'
28127e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a40 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28137e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
28147e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
28157e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DF55744E3FEAC1715EE0917D2EC2D0297B0B838
28167e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
28177e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
28187e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_752_for_KB4592446~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
28197e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28207e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28217e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
28227e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
28237e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
28247e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28257e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
28267e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
28277e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28287e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
28297e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
28307e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
28317e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
28327e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
28337e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
28347e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28357e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28367e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
28377e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
28387e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
28397e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28407e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28417e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28427e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
28437e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28447e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28457e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28467e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28477e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
28487e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
28497e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
28507e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
28517e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28527e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28537e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28547e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28557e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28567e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff860ec0000 LB 0x00083000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
28577e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28587e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff860590000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
28597e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
28607e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
28617e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28627e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
28637e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860590000 'C:\windows\system32\wbem\wbemprox.dll'
28647e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28657e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
28667e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
28677e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
28687e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
28697e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
28707e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_752_for_KB4592446~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
28717e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28727e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28737e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
28747e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
28757e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28767e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28777e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28787e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28797e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28807e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28817e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28827e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff85ff40000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
28837e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28847e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85ff40000 'C:\windows\system32\wbem\wbemsvc.dll'
28857e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
28867e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28877e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-localization-l1-2-0.dll'
28887e8.30f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
28897e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28907e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867e50000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
28917e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aec pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
28927e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
28937e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
28947e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
28957e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
28967e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
28977e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
28987e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28997e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29007e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
29017e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
29027e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29037e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29047e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29057e8.30f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29067e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29077e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29087e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29097e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29107e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff85f590000 LB 0x000f2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
29117e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85f590000 'C:\windows\system32\wbem\fastprox.dll'
29137e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86a750000 'C:\windows\System32\ADVAPI32.dll'
29147e8.2edc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
29157e8.2edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
29167e8.2edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29177e8.2edc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29187e8.2edc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
29197e8.2edc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29207e8.2edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29217e8.2edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29227e8.2edc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29237e8.2edc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29247e8.2edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29257e8.2edc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29267e8.2edc: supR3HardenedDllNotificationCallback: load 00007ff845be0000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
29277e8.2edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29287e8.2edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff845be0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29297e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
29307e8.2fec: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
29317e8.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
29327e8.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29337e8.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29347e8.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
29357e8.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
29367e8.2fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29377e8.2fec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
29387e8.2fec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29397e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29407e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29417e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29427e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29437e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29447e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29457e8.2fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29467e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29477e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29487e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29497e8.2fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29507e8.2fec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29517e8.2fec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29527e8.2fec: supR3HardenedDllNotificationCallback: load 00007ff85ebc0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
29537e8.2fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29547e8.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85ebc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
29557e8.2244: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
29567e8.2244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
29577e8.2244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29587e8.2244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29597e8.2244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29607e8.2244: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
29617e8.2244: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29627e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29637e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29647e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29657e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29667e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29677e8.2244: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29687e8.2244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
29697e8.2244: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29707e8.2244: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29717e8.2244: supR3HardenedDllNotificationCallback: load 00007ff85a210000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
29727e8.2244: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29737e8.2244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85a210000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
29747e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\Shell32.dll'
29757e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29767e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29777e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff845be0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29787e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
29797e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
29807e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29817e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29827e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29837e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29847e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
29857e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
29867e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29877e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29887e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29897e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29907e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29917e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29927e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29937e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29947e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29957e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29967e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29977e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29987e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29997e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff856500000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30007e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30017e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff856500000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
30027e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff856500000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30037e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30047e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
30057e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30067e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30077e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30087e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30097e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
30107e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
30117e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30127e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
30137e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
30147e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
30157e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
30167e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
30177e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
30187e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
30197e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
30207e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30217e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
30227e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
30237e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
30247e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30257e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30267e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30277e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30287e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
30297e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30307e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30317e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30327e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
30337e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30347e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
30357e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
30367e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
30377e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
30387e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30397e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30407e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
30417e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
30427e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
30437e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30447e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30457e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
30467e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30477e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30487e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30497e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30507e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30517e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30527e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30537e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
30547e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30557e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
30567e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
30577e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
30587e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30597e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30607e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30617e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30627e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
30637e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30647e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30657e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30667e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
30677e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
30687e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
30697e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30707e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30717e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30727e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30737e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30747e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30757e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30767e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30777e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30787e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30797e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30807e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30817e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
30827e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30837e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30847e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30857e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30867e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30877e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30887e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30897e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
30907e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30917e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30927e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
30937e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff868a80000 LB 0x0044b000 C:\windows\System32\SETUPAPI.dll [fFlags=0x0]
30947e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
30957e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff85f1c0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
30967e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30977e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff82cad0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
30987e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30997e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff866a70000 LB 0x00038000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
31007e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31017e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff82d330000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
31027e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31037e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d330000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
31047e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31057e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31067e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31077e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31087e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff856500000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31097e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31107e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff856500000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
31117e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31127e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
31137e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31147e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82dd20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
31157e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31167e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31177e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31187e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cad0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
31197e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31207e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
31217e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31227e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31237e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31247e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
31257e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31267e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31277e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31287e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31297e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31307e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31317e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31327e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff855cd0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
31337e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31347e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855cd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
31357e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31367e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
31377e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31387e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31397e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31407e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
31417e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31427e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31437e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31447e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31457e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31467e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31477e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31487e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff855cb0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
31497e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31507e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855cb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
31517e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31527e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
31537e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31547e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31557e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31567e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
31577e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31587e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31597e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31607e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31617e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31627e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31637e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31647e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff855c90000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
31657e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31667e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855c90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
31677e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31687e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
31697e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31707e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31717e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31727e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
31737e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31747e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31757e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31767e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31777e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31787e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31797e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31807e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff855c70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
31817e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31827e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855c70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
31837e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31847e8.90c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
31857e8.90c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
31867e8.90c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31877e8.90c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31887e8.90c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31897e8.90c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
31907e8.90c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31917e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31927e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31937e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31947e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31957e8.90c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31967e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31977e8.90c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31987e8.90c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31997e8.90c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32007e8.90c: supR3HardenedDllNotificationCallback: load 00007ff855c50000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
32017e8.90c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32027e8.90c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855c50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
32037e8.3154: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
32047e8.3154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
32057e8.3154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32067e8.3154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32077e8.3154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
32087e8.3154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32097e8.3154: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
32107e8.3154: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32117e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32127e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32137e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32147e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32157e8.3154: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32167e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32177e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32187e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32197e8.3154: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32207e8.3154: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32217e8.3154: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32227e8.3154: supR3HardenedDllNotificationCallback: load 00007ff858e60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
32237e8.3154: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32247e8.3154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff858e60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32257e8.32f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
32267e8.32f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
32277e8.32f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32287e8.32f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32297e8.32f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32307e8.32f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
32317e8.32f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32327e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32337e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32347e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32357e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32367e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32377e8.32f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32387e8.32f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32397e8.32f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32407e8.32f4: supR3HardenedDllNotificationCallback: load 00007ff855c40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32417e8.32f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32427e8.32f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855c40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32437e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
32447e8.14c0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
32457e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
32467e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32477e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32487e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
32497e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32507e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32517e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32527e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32537e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32547e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32557e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32567e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff861600000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
32577e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32587e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff861600000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
32597e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
32607e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32617e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff866a70000 'C:\windows\system32\Iphlpapi.dll'
32627e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32637e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
32647e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
32657e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
32667e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff86aba0000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
32677e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
32687e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
32697e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff862f90000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
32707e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
32717e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32727e8.14c0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
32737e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
32747e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff8627a0000 LB 0x00016000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
32757e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
32767e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32777e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
32787e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
32797e8.14c0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
32807e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
32817e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff862780000 LB 0x0001a000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
32827e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
32837e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
32847e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
32857e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
32867e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=786B4D9134A938955A87875A732ECBFE7844EF1F
32877e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32887e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32897e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
32907e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32917e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32927e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
32937e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32947e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32957e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32967e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32977e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32987e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32997e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
33007e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33017e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33027e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33037e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33047e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_195_for_KB4592446~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
33057e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33067e8.14c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
33077e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec8 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
33087e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
33097e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
33107e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15E53F4ED9E630F3323E433DC798AEB8D123160F
33117e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33127e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33137e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_195_for_KB4592446~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
33147e8.14c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33157e8.14c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
33167e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33177e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33187e8.14c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
33197e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33207e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33217e8.14c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
33227e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33237e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33247e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
33257e8.14c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
33267e8.14c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
33277e8.14c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
33287e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33297e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33307e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33317e8.14c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33327e8.14c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
33337e8.14c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33347e8.14c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
33357e8.14c0: supR3HardenedDllNotificationCallback: load 00007ff866d20000 LB 0x00066000 C:\windows\system32\mswsock.dll [fFlags=0x0]
33367e8.14c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
33377e8.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff866d20000 'C:\windows\system32\mswsock.dll'
33387e8.32f0: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
33397e8.32f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
33407e8.32f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
33417e8.32f0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001014 (hFile=0000000000001004) with 0xc0000022 -> STATUS_TRUST_FAILURE
33427e8.32f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
33437e8.32f0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001004 (hFile=0000000000001014) with 0xc0000022 -> STATUS_TRUST_FAILURE
33447e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
33457e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
33467e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
33477e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37E378F3FC6D2B336ECAD7C59D8E0F1F0C043920
33487e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33497e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33507e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_237_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
33517e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33527e8.30f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
33537e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33547e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33557e8.2fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad80000 'C:\windows\system32\User32.dll'
33567e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000177c pwszName=\Device\HarddiskVolume4\Windows\System32\ninput.dll
33577e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
33587e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
33597e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
33607e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33617e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867660000 'C:\windows\System32\WINTRUST.DLL'
33627e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\CRYPT32.dll'
33637e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2BE47F98BE43CF1BD97A93583DAAF2364D921E5
33647e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
33657e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
33667e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_774_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume4\Windows\System32\ninput.dll'
33677e8.30f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33687e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33697e8.30f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'oleaut32.dll'.
33707e8.30f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ninput.dll) WinVerifyTrust
33717e8.30f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ninput.dll
33727e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33737e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33747e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33757e8.30f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33767e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Ninput.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33777e8.30f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
33787e8.30f4: supR3HardenedDllNotificationCallback: load 00007ff85fa10000 LB 0x00064000 C:\windows\system32\Ninput.dll [fFlags=0x0]
33797e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
33807e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85fa10000 'C:\windows\system32\Ninput.dll'
33817e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33827e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33837e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33847e8.30f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
33857e8.30f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33867e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33877e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33887e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33897e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33907e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33917e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33927e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33937e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33947e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33957e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33967e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33977e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33987e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
33997e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
34007e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
34017e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
34027e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
34037e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
34047e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34057e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867660000 'C:\windows\System32\WINTRUST.DLL'
34067e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\CRYPT32.dll'
34077e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
34087e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34097e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
34107e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
34117e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
34127e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
34137e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34147e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34157e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34167e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34177e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34187e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34197e8.1f88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
34207e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34217e8.1f88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
34227e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff8651d0000 LB 0x001b5000 C:\windows\system32\propsys.dll [fFlags=0x0]
34237e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
34247e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8651d0000 'C:\windows\system32\propsys.dll'
34257e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
34267e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34277e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867730000 'C:\windows\system32\Windows.Storage.dll'
34287e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
34297e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34307e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867730000 'C:\windows\system32\windows.storage.dll'
34317e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
34327e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
34337e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34347e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
34357e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
34367e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll) WinVerifyTrust
34377e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll
34387e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34397e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34407e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34417e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34427e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34437e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34447e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
34457e8.1f88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll
34467e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff85b960000 LB 0x00269000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll [fFlags=0x0]
34477e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll
34487e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85b960000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll'
34497e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll
34507e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
34517e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85b960000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll'
34527e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34537e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
34547e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll)
34557e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll
34567e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff860090000 LB 0x001ae000 C:\windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
34577e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
34587e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34597e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34607e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34617e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34627e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
34637e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
34647e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll'
34657e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
34667e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34677e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\Windows\System32\shell32.dll'
34687e8.1f88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
34697e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
34707e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff864c10000 LB 0x0008b000 C:\windows\SYSTEM32\apphelp.dll [fFlags=0x0]
34717e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
34727e8.1f88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'.
34737e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll' [rescheduled]
34747e8.1f88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntdll.dll'.
34757e8.1f88: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
34767e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
34777e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
34787e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34797e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b210000 'C:\windows\System32\ntdll.dll'
34807e8.1f88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntdll.dll'.
34817e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' [rescheduled]
34827e8.1f88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'.
34837e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll' [rescheduled]
34847e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
34857e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34867e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
34877e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
34887e8.504: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntdll.dll'
34897e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001aa4 pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
34907e8.504: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
34917e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
34927e8.504: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C733B00C61AAC8E4076035585FA2FFD434937021
34937e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
34947e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
34957e8.504: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_898_for_KB4592446~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
34967e8.504: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34977e8.504: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
34987e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001bfc pwszName=\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
34997e8.504: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
35007e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
35017e8.504: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6B78BA5529F2CC38C15D1FF2913FBCAD51A3B1D7
35027e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
35037e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
35047e8.504: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1033_for_KB4598245~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll'
35057e8.504: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35067e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35077e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
35087e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
35097e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
35107e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
35117e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
35127e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
35137e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
35147e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
35157e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
35167e8.504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll) WinVerifyTrust
35177e8.504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
35187e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
35197e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
35207e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
35217e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
35227e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
35237e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
35247e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
35257e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
35267e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
35277e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
35287e8.504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll) WinVerifyTrust
35297e8.504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
35307e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
35317e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
35327e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
35337e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
35347e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
35357e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
35367e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
35377e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
35387e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35397e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35407e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35417e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35427e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
35437e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
35447e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35457e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35467e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35477e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35487e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35497e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35507e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
35517e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
35527e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35537e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35547e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35557e8.504: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
35567e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
35577e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
35587e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
35597e8.504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll)
35607e8.504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll
35617e8.504: supR3HardenedDllNotificationCallback: load 00007ff849ff0000 LB 0x000a7000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\COMCTL32.dll [fFlags=0x0]
35627e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll [avoiding WinVerifyTrust]
35637e8.504: supR3HardenedDllNotificationCallback: load 00007ff83b4b0000 LB 0x00036000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
35647e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
35657e8.504: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll'.
35667e8.504: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll' [rescheduled]
35677e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
35687e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35697e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35707e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
35717e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
35727e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35737e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35747e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35757e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ad50000 'C:\windows\System32\imm32.dll'
35767e8.504: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll'.
35777e8.504: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll' [rescheduled]
35787e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83b4b0000 'C:\Windows\System32\EhStorShell.dll'
35797e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
35807e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
35817e8.504: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.1967_none_557befa7265a3d4a\comctl32.dll'
35827e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
35837e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
35847e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35857e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
35867e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
35877e8.504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
35887e8.504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\OneCoreUAPCommonProxyStub.dll
35897e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
35907e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
35917e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
35927e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35937e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35947e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35957e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35967e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35977e8.504: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\OneCoreUAPCommonProxyStub.dll
35987e8.504: supR3HardenedDllNotificationCallback: load 00007ff859650000 LB 0x0069a000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
35997e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\OneCoreUAPCommonProxyStub.dll
36007e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff859650000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
36017e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
36027e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36037e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83b4b0000 'C:\Windows\System32\EhStorShell.dll'
36047e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001834 pwszName=\Device\HarddiskVolume4\Windows\System32\cscui.dll
36057e8.504: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
36067e8.504: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
36077e8.504: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3A899B122693D8582E1CEB784121D17C26F0AA
36087e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
36097e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
36107e8.504: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscui.dll'
36117e8.504: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36127e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36137e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shell32.dll'.
36147e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
36157e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
36167e8.504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
36177e8.504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscui.dll) WinVerifyTrust
36187e8.504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscui.dll
36197e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36207e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36217e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36227e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36237e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
36247e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
36257e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
36267e8.504: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
36277e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
36287e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
36297e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36307e8.504: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36317e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36327e8.504: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
36337e8.504: supR3HardenedDllNotificationCallback: load 00007ff83b3e0000 LB 0x000c8000 C:\windows\System32\cscui.dll [fFlags=0x0]
36347e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
36357e8.504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll
36367e8.504: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
36377e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85b960000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1967_none_d401a2a77c8ec0c3\comctl32.dll'
36387e8.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83b3e0000 'C:\windows\System32\cscui.dll'
36397e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
36407e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36417e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83b3e0000 'C:\windows\System32\cscui.dll'
36427e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
36437e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
36447e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36457e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'.
36467e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
36477e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\thumbcache.dll) WinVerifyTrust
36487e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
36497e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36507e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36517e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
36527e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
36537e8.1f88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
36547e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36557e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36567e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36577e8.1f88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
36587e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff83cd50000 LB 0x0005c000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
36597e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
36607e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83cd50000 'C:\Windows\System32\thumbcache.dll'
36617e8.1f88: '\Device\HarddiskVolume4\Windows\System32\imageres.dll' has no imports
36627e8.1f88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imageres.dll)
36637e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imageres.dll
36647e8.1f88: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000016e8 (hFile=00000000000016c0) with 0xc0000022 -> STATUS_TRUST_FAILURE
36657e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
36667e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
36677e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
36687e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\policymanager.dll)
36697e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\policymanager.dll
36707e8.1f88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36717e8.1f88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll)
36727e8.1f88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll
36737e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff864910000 LB 0x00091000 C:\windows\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
36747e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
36757e8.1f88: supR3HardenedDllNotificationCallback: load 00007ff861b50000 LB 0x00086000 C:\windows\SYSTEM32\policymanager.dll [fFlags=0x0]
36767e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
36777e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36787e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36797e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36807e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36817e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36827e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36837e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
36847e8.1f88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
36857e8.1f88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
36867e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
36877e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
36887e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp110_win.dll'
36897e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
36907e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
36917e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\policymanager.dll'
36927e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001658 pwszName=\Device\HarddiskVolume4\Windows\System32\imageres.dll
36937e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ddcc70
36947e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ddcc70
36957e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=90DD0D4A7C0D0B6499322A358DA40764B72E1B18
36967e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8668d0000 'C:\windows\system32\rsaenh.dll'
36977e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868180000 'C:\windows\System32\crypt32.dll'
36987e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\imageres.dll'
36997e8.1f88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37007e8.1f88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imageres.dll'
37017e8.1f88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll
37027e8.1f88: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37037e8.1f88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860090000 'C:\windows\system32\windowscodecs.dll'
37047e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37057e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37067e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37077e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37087e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37097e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37107e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37117e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37127e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37137e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37147e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37157e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37167e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37177e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37187e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37197e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37207e8.30f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8692a0000 'C:\windows\system32\shell32.dll'
37217e8.2e80: supR3HardenedDllNotificationCallback: Unload 00007ff83cd50000 LB 0x0005c000 C:\Windows\System32\thumbcache.dll [flags=0x0]
37227e8.32f4: supR3HardenedDllNotificationCallback: Unload 00007ff855c40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
37237e8.3154: supR3HardenedDllNotificationCallback: Unload 00007ff858e60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
37247e8.90c: supR3HardenedDllNotificationCallback: Unload 00007ff855c50000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
37257e8.2244: supR3HardenedDllNotificationCallback: Unload 00007ff85a210000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
37267e8.2fec: supR3HardenedDllNotificationCallback: Unload 00007ff85ebc0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
37277e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff855c70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
37287e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff855c90000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
37297e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff855cb0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
37307e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff855cd0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
37317e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff856500000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
37327e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff82d330000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
37337e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff85f1c0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
37347e8.14c0: supR3HardenedDllNotificationCallback: Unload 00007ff82cad0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
37357e8.30f4: supR3HardenedDllNotificationCallback: Unload 00007ff85f170000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
37367e8.30f4: Terminating the normal way: rcExit=0
37371ef4.2b04: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5090903 ms, the end);
37382c78.3160: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5091351 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy