VirtualBox

Ticket #20187: Ubuntu 18.04-2021-02-14-16-37-26.log

File Ubuntu 18.04-2021-02-14-16-37-26.log, 451.6 KB (added by TeddyTeddy, 4 years ago)

VBoxHardening.log

Line 
14010.dc8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa047bb00
24010.dc8: \SystemRoot\System32\ntdll.dll:
34010.dc8: CreationTime: 2021-01-26T08:52:18.292488700Z
44010.dc8: LastWriteTime: 2021-01-26T08:52:18.384536500Z
54010.dc8: ChangeTime: 2021-01-26T09:44:42.500475500Z
64010.dc8: FileAttributes: 0x20
74010.dc8: Size: 0x1e8060
84010.dc8: NT Headers: 0xd8
94010.dc8: Timestamp: 0x45a49e53
104010.dc8: Machine: 0x8664 - amd64
114010.dc8: Timestamp: 0x45a49e53
124010.dc8: Image Version: 10.0
134010.dc8: SizeOfImage: 0x1f0000 (2031616)
144010.dc8: Resource Dir: 0x17f000 LB 0x6f310
154010.dc8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164010.dc8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174010.dc8: ProductName: Microsoft® Windows® Operating System
184010.dc8: ProductVersion: 10.0.18362.1316
194010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
204010.dc8: FileDescription: NT Layer DLL
214010.dc8: \SystemRoot\System32\kernel32.dll:
224010.dc8: CreationTime: 2021-01-26T08:50:39.183677200Z
234010.dc8: LastWriteTime: 2021-01-26T08:50:39.228843100Z
244010.dc8: ChangeTime: 2021-01-26T09:44:41.554974500Z
254010.dc8: FileAttributes: 0x20
264010.dc8: Size: 0xb0498
274010.dc8: NT Headers: 0xf8
284010.dc8: Timestamp: 0x39c32a9b
294010.dc8: Machine: 0x8664 - amd64
304010.dc8: Timestamp: 0x39c32a9b
314010.dc8: Image Version: 10.0
324010.dc8: SizeOfImage: 0xb2000 (729088)
334010.dc8: Resource Dir: 0xb0000 LB 0x520
344010.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354010.dc8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364010.dc8: ProductName: Microsoft® Windows® Operating System
374010.dc8: ProductVersion: 10.0.18362.1316
384010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
394010.dc8: FileDescription: Windows NT BASE API Client DLL
404010.dc8: \SystemRoot\System32\KernelBase.dll:
414010.dc8: CreationTime: 2021-01-26T08:52:20.103079300Z
424010.dc8: LastWriteTime: 2021-01-26T08:52:20.251514900Z
434010.dc8: ChangeTime: 2021-01-26T09:44:30.680602600Z
444010.dc8: FileAttributes: 0x20
454010.dc8: Size: 0x2a5c90
464010.dc8: NT Headers: 0x100
474010.dc8: Timestamp: 0xf9127b9c
484010.dc8: Machine: 0x8664 - amd64
494010.dc8: Timestamp: 0xf9127b9c
504010.dc8: Image Version: 10.0
514010.dc8: SizeOfImage: 0x2a5000 (2772992)
524010.dc8: Resource Dir: 0x27f000 LB 0x548
534010.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544010.dc8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554010.dc8: ProductName: Microsoft® Windows® Operating System
564010.dc8: ProductVersion: 10.0.18362.1316
574010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
584010.dc8: FileDescription: Windows NT BASE API Client DLL
594010.dc8: \SystemRoot\System32\apisetschema.dll:
604010.dc8: CreationTime: 2019-03-19T04:43:54.837151500Z
614010.dc8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
624010.dc8: ChangeTime: 2021-01-26T08:56:21.294159100Z
634010.dc8: FileAttributes: 0x20
644010.dc8: Size: 0x1d028
654010.dc8: NT Headers: 0xc8
664010.dc8: Timestamp: 0xd6ced080
674010.dc8: Machine: 0x8664 - amd64
684010.dc8: Timestamp: 0xd6ced080
694010.dc8: Image Version: 10.0
704010.dc8: SizeOfImage: 0x1e000 (122880)
714010.dc8: Resource Dir: 0x1d000 LB 0x408
724010.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734010.dc8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744010.dc8: ProductName: Microsoft® Windows® Operating System
754010.dc8: ProductVersion: 10.0.18362.1
764010.dc8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
774010.dc8: FileDescription: ApiSet Schema DLL
784010.dc8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794010.dc8: supR3HardenedWinFindAdversaries: 0x0
804010.dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
814010.dc8: Calling main()
824010.dc8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
834010.dc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
844010.dc8: SUPR3HardenedMain: Respawn #1
854010.dc8: System32: \Device\HarddiskVolume3\Windows\System32
864010.dc8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
874010.dc8: KnownDllPath: C:\WINDOWS\System32
884010.dc8: supR3HardenedWinInit: Performing a limited self purification...
894010.dc8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
904010.dc8: *0000000000000000-0000000000f5ffff 0x0001/0x0000 0x0000000
914010.dc8: *0000000000f60000-0000000000f6ffff 0x0004/0x0004 0x0040000
924010.dc8: *0000000000f70000-0000000000f70fff 0x0002/0x0002 0x0040000
934010.dc8: 0000000000f71000-0000000000f7ffff 0x0001/0x0000 0x0000000
944010.dc8: *0000000000f80000-0000000000f9afff 0x0002/0x0002 0x0040000
954010.dc8: 0000000000f9b000-0000000000f9ffff 0x0001/0x0000 0x0000000
964010.dc8: *0000000000fa0000-0000000000fa3fff 0x0002/0x0002 0x0040000
974010.dc8: 0000000000fa4000-0000000000faffff 0x0001/0x0000 0x0000000
984010.dc8: *0000000000fb0000-0000000000fb1fff 0x0004/0x0004 0x0020000
994010.dc8: 0000000000fb2000-0000000000fbffff 0x0001/0x0000 0x0000000
1004010.dc8: *0000000000fc0000-0000000000fc0fff 0x0004/0x0004 0x0020000
1014010.dc8: 0000000000fc1000-0000000000fcffff 0x0001/0x0000 0x0000000
1024010.dc8: *0000000000fd0000-0000000000fd0fff 0x0002/0x0004 0x0020000
1034010.dc8: 0000000000fd1000-0000000000fd1fff 0x0020/0x0004 0x0020000 !!
1044010.dc8: 0000000000fd2000-0000000000fdffff 0x0001/0x0000 0x0000000
1054010.dc8: *0000000000fe0000-0000000000fe0fff 0x0020/0x0004 0x0020000 !!
1064010.dc8: 0000000000fe1000-0000000000feffff 0x0001/0x0000 0x0000000
1074010.dc8: *0000000000ff0000-0000000000ff0fff 0x0004/0x0004 0x0020000
1084010.dc8: 0000000000ff1000-0000000000ffffff 0x0001/0x0000 0x0000000
1094010.dc8: *0000000001000000-000000000104ffff 0x0000/0x0004 0x0020000
1104010.dc8: 0000000001050000-0000000001052fff 0x0004/0x0004 0x0020000
1114010.dc8: 0000000001053000-00000000011fffff 0x0000/0x0004 0x0020000
1124010.dc8: *0000000001200000-00000000012b8fff 0x0000/0x0004 0x0020000
1134010.dc8: 00000000012b9000-00000000012bbfff 0x0104/0x0004 0x0020000
1144010.dc8: 00000000012bc000-00000000012fffff 0x0004/0x0004 0x0020000
1154010.dc8: *0000000001300000-0000000001301fff 0x0004/0x0004 0x0020000
1164010.dc8: 0000000001302000-0000000001331fff 0x0000/0x0004 0x0020000
1174010.dc8: 0000000001332000-000000000136ffff 0x0001/0x0000 0x0000000
1184010.dc8: *0000000001370000-0000000001380fff 0x0004/0x0004 0x0020000
1194010.dc8: 0000000001381000-000000000146ffff 0x0000/0x0004 0x0020000
1204010.dc8: *0000000001470000-0000000001536fff 0x0002/0x0002 0x0040000
1214010.dc8: 0000000001537000-000000000153ffff 0x0001/0x0000 0x0000000
1224010.dc8: *0000000001540000-0000000001540fff 0x0004/0x0004 0x0020000
1234010.dc8: 0000000001541000-0000000001571fff 0x0000/0x0004 0x0020000
1244010.dc8: 0000000001572000-000000000157ffff 0x0001/0x0000 0x0000000
1254010.dc8: *0000000001580000-0000000001580fff 0x0004/0x0004 0x0020000
1264010.dc8: 0000000001581000-00000000015b1fff 0x0000/0x0004 0x0020000
1274010.dc8: 00000000015b2000-00000000015bffff 0x0001/0x0000 0x0000000
1284010.dc8: *00000000015c0000-00000000015c0fff 0x0004/0x0004 0x0020000
1294010.dc8: 00000000015c1000-00000000015f1fff 0x0000/0x0004 0x0020000
1304010.dc8: 00000000015f2000-00000000015fffff 0x0001/0x0000 0x0000000
1314010.dc8: *0000000001600000-0000000001601fff 0x0004/0x0004 0x0020000
1324010.dc8: 0000000001602000-0000000001631fff 0x0000/0x0004 0x0020000
1334010.dc8: 0000000001632000-000000000167ffff 0x0001/0x0000 0x0000000
1344010.dc8: *0000000001680000-000000000173ffff 0x0004/0x0004 0x0020000
1354010.dc8: 0000000001740000-000000000174ffff 0x0000/0x0004 0x0020000
1364010.dc8: 0000000001750000-000000000177ffff 0x0001/0x0000 0x0000000
1374010.dc8: *0000000001780000-0000000001783fff 0x0004/0x0004 0x0020000
1384010.dc8: 0000000001784000-0000000001b7ffff 0x0000/0x0004 0x0020000
1394010.dc8: *0000000001b80000-0000000001b9cfff 0x0004/0x0004 0x0020000
1404010.dc8: 0000000001b9d000-0000000001c7ffff 0x0000/0x0004 0x0020000
1414010.dc8: 0000000001c80000-0000000001ccffff 0x0001/0x0000 0x0000000
1424010.dc8: *0000000001cd0000-0000000001ceafff 0x0004/0x0004 0x0020000
1434010.dc8: 0000000001ceb000-00000000020cffff 0x0000/0x0004 0x0020000
1444010.dc8: 00000000020d0000-000000000221ffff 0x0001/0x0000 0x0000000
1454010.dc8: *0000000002220000-000000000222efff 0x0004/0x0004 0x0020000
1464010.dc8: 000000000222f000-000000000222ffff 0x0000/0x0004 0x0020000
1474010.dc8: *0000000002230000-0000000002234fff 0x0000/0x0004 0x0020000
1484010.dc8: 0000000002235000-0000000002425fff 0x0004/0x0004 0x0020000
1494010.dc8: 0000000002426000-0000000002426fff 0x0000/0x0004 0x0020000
1504010.dc8: 0000000002427000-000000007ffdffff 0x0001/0x0000 0x0000000
1514010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1524010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
1534010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
1544010.dc8: 000000007ffeb000-00007ff45bdcffff 0x0001/0x0000 0x0000000
1554010.dc8: *00007ff45bdd0000-00007ff45bdd0fff 0x0004/0x0004 0x0020000
1564010.dc8: 00007ff45bdd1000-00007ff45bddffff 0x0001/0x0000 0x0000000
1574010.dc8: *00007ff45bde0000-00007ff45bde4fff 0x0002/0x0002 0x0040000
1584010.dc8: 00007ff45bde5000-00007ff45bedffff 0x0000/0x0002 0x0040000
1594010.dc8: *00007ff45bee0000-00007ff55befffff 0x0000/0x0004 0x0020000
1604010.dc8: *00007ff55bf00000-00007ff55defffff 0x0000/0x0004 0x0020000
1614010.dc8: 00007ff55df00000-00007ff55df00fff 0x0004/0x0004 0x0020000
1624010.dc8: 00007ff55df01000-00007ff55df0ffff 0x0001/0x0000 0x0000000
1634010.dc8: *00007ff55df10000-00007ff55df10fff 0x0020/0x0004 0x0020000 !!
1644010.dc8: 00007ff55df11000-00007ff55df1ffff 0x0001/0x0000 0x0000000
1654010.dc8: *00007ff55df20000-00007ff55df20fff 0x0002/0x0002 0x0040000
1664010.dc8: 00007ff55df21000-00007ff55df2ffff 0x0001/0x0000 0x0000000
1674010.dc8: *00007ff55df30000-00007ff55df52fff 0x0002/0x0002 0x0040000
1684010.dc8: 00007ff55df53000-00007ff687a9ffff 0x0001/0x0000 0x0000000
1694010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1704010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1714010.dc8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1724010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1734010.dc8: 00007ff687b62000-00007ff687b64fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1744010.dc8: 00007ff687b65000-00007ff687b67fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1754010.dc8: 00007ff687b68000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1764010.dc8: 00007ff687b6b000-00007ff687b6bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1774010.dc8: 00007ff687b6c000-00007ff687b6dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1784010.dc8: 00007ff687b6e000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1794010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1804010.dc8: 00007ff687bb8000-00007ffa1fd7ffff 0x0001/0x0000 0x0000000
1814010.dc8: *00007ffa1fd80000-00007ffa1fd8ffff 0x0020/0x0020 0x0020000 !!
1824010.dc8: 00007ffa1fd90000-00007ffa1fddffff 0x0001/0x0000 0x0000000
1834010.dc8: *00007ffa1fde0000-00007ffa1fdeffff 0x0020/0x0020 0x0020000 !!
1844010.dc8: 00007ffa1fdf0000-00007ffa1fe1ffff 0x0001/0x0000 0x0000000
1854010.dc8: *00007ffa1fe20000-00007ffa1fe2ffff 0x0020/0x0020 0x0020000 !!
1864010.dc8: 00007ffa1fe30000-00007ffa530dffff 0x0001/0x0000 0x0000000
1874010.dc8: *00007ffa530e0000-00007ffa530e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1884010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa530e0000 LB 0x1000 (base 00007ffa530e0000) - 'atcuf64.dll'
1894010.dc8: 00007ffa530e1000-00007ffa53118fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1904010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa530e1000 LB 0x38000 (base 00007ffa530e0000) - 'atcuf64.dll'
1914010.dc8: 00007ffa53119000-00007ffa5319ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1924010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa53119000 LB 0x87000 (base 00007ffa530e0000) - 'atcuf64.dll'
1934010.dc8: 00007ffa531a0000-00007ffa531a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1944010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a0000 LB 0x7000 (base 00007ffa530e0000) - 'atcuf64.dll'
1954010.dc8: 00007ffa531a7000-00007ffa531a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1964010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a7000 LB 0x1000 (base 00007ffa530e0000) - 'atcuf64.dll'
1974010.dc8: 00007ffa531a8000-00007ffa531abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
1984010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a8000 LB 0x4000 (base 00007ffa530e0000) - 'atcuf64.dll'
1994010.dc8: 00007ffa531ac000-00007ffa531affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
2004010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531ac000 LB 0x4000 (base 00007ffa530e0000) - 'atcuf64.dll'
2014010.dc8: 00007ffa531b0000-00007ffa531b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll
2024010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531b0000 LB 0xa000 (base 00007ffa530e0000) - 'atcuf64.dll'
2034010.dc8: 00007ffa531ba000-00007ffa9577ffff 0x0001/0x0000 0x0000000
2044010.dc8: *00007ffa95780000-00007ffa95780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2054010.dc8: 00007ffa95781000-00007ffa957cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2064010.dc8: 00007ffa957ce000-00007ffa957effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2074010.dc8: 00007ffa957f0000-00007ffa957f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2084010.dc8: 00007ffa957f3000-00007ffa9580efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2094010.dc8: 00007ffa9580f000-00007ffa9ce6ffff 0x0001/0x0000 0x0000000
2104010.dc8: *00007ffa9ce70000-00007ffa9ce70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2114010.dc8: 00007ffa9ce71000-00007ffa9cf76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2124010.dc8: 00007ffa9cf77000-00007ffa9d0d9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2134010.dc8: 00007ffa9d0da000-00007ffa9d0ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2144010.dc8: 00007ffa9d0de000-00007ffa9d0defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2154010.dc8: 00007ffa9d0df000-00007ffa9d114fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2164010.dc8: 00007ffa9d115000-00007ffa9e47ffff 0x0001/0x0000 0x0000000
2174010.dc8: *00007ffa9e480000-00007ffa9e480fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2184010.dc8: 00007ffa9e481000-00007ffa9e4f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2194010.dc8: 00007ffa9e4f6000-00007ffa9e527fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2204010.dc8: 00007ffa9e528000-00007ffa9e528fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2214010.dc8: 00007ffa9e529000-00007ffa9e529fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2224010.dc8: 00007ffa9e52a000-00007ffa9e531fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2234010.dc8: 00007ffa9e532000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000
2244010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2254010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2264010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2274010.dc8: 00007ffa9fe9f000-00007ffa9fe9ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2284010.dc8: 00007ffa9fea0000-00007ffa9fea1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2294010.dc8: 00007ffa9fea2000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2304010.dc8: 00007ffa9feab000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2314010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000
2324010.dc8: kernel32.dll: timestamp 0x39c32a9b (rc=VINF_SUCCESS)
2334010.dc8: kernelbase.dll: timestamp 0xf9127b9c (rc=VINF_SUCCESS)
2344010.dc8: apphelp.dll: timestamp 0x5b502ec5 (rc=VINF_SUCCESS)
2354010.dc8: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
2364010.dc8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2374010.dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2384010.dc8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2394010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
2404010.dc8: 00007ffa9fd7aa20 / 0x003aa20: 48 != e9
2414010.dc8: 00007ffa9fd7aa21 / 0x003aa21: 89 != db
2424010.dc8: 00007ffa9fd7aa22 / 0x003aa22: 5c != 55
2434010.dc8: 00007ffa9fd7aa23 / 0x003aa23: 24 != 00
2444010.dc8: 00007ffa9fd7aa24 / 0x003aa24: 08 != 80
2454010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fd79000
2464010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
2474010.dc8: 00007ffa9fddc880 / 0x009c880: 4c != e9
2484010.dc8: 00007ffa9fddc881 / 0x009c881: 8b != fb
2494010.dc8: 00007ffa9fddc882 / 0x009c882: d1 != 48
2504010.dc8: 00007ffa9fddc883 / 0x009c883: b8 != 04
2514010.dc8: 00007ffa9fddc884 / 0x009c884: 0d != 80
2524010.dc8: 00007ffa9fddc8c0 / 0x009c8c0: 4c != e9
2534010.dc8: 00007ffa9fddc8c1 / 0x009c8c1: 8b != 3b
2544010.dc8: 00007ffa9fddc8c2 / 0x009c8c2: d1 != 39
2554010.dc8: 00007ffa9fddc8c3 / 0x009c8c3: b8 != 04
2564010.dc8: 00007ffa9fddc8c4 / 0x009c8c4: 0f != 80
2574010.dc8: 00007ffa9fddcba0 / 0x009cba0: 4c != e9
2584010.dc8: 00007ffa9fddcba1 / 0x009cba1: 8b != db
2594010.dc8: 00007ffa9fddcba2 / 0x009cba2: d1 != 3b
2604010.dc8: 00007ffa9fddcba3 / 0x009cba3: b8 != 04
2614010.dc8: 00007ffa9fddcba4 / 0x009cba4: 26 != 80
2624010.dc8: 00007ffa9fddcbe0 / 0x009cbe0: 4c != e9
2634010.dc8: 00007ffa9fddcbe1 / 0x009cbe1: 8b != 1b
2644010.dc8: 00007ffa9fddcbe2 / 0x009cbe2: d1 != 34
2654010.dc8: 00007ffa9fddcbe3 / 0x009cbe3: b8 != 00
2664010.dc8: 00007ffa9fddcbe4 / 0x009cbe4: 28 != 80
2674010.dc8: 00007ffa9fddcc60 / 0x009cc60: 4c != e9
2684010.dc8: 00007ffa9fddcc61 / 0x009cc61: 8b != 1b
2694010.dc8: 00007ffa9fddcc62 / 0x009cc62: d1 != 44
2704010.dc8: 00007ffa9fddcc63 / 0x009cc63: b8 != 04
2714010.dc8: 00007ffa9fddcc64 / 0x009cc64: 2c != 80
2724010.dc8: 00007ffa9fddce20 / 0x009ce20: 4c != e9
2734010.dc8: 00007ffa9fddce21 / 0x009ce21: 8b != db
2744010.dc8: 00007ffa9fddce22 / 0x009ce22: d1 != 37
2754010.dc8: 00007ffa9fddce23 / 0x009ce23: b8 != 04
2764010.dc8: 00007ffa9fddce24 / 0x009ce24: 3a != 80
2774010.dc8: 00007ffa9fddce60 / 0x009ce60: 4c != e9
2784010.dc8: 00007ffa9fddce61 / 0x009ce61: 8b != 1b
2794010.dc8: 00007ffa9fddce62 / 0x009ce62: d1 != 3a
2804010.dc8: 00007ffa9fddce63 / 0x009ce63: b8 != 04
2814010.dc8: 00007ffa9fddce64 / 0x009ce64: 3c != 80
2824010.dc8: 00007ffa9fddcf00 / 0x009cf00: 4c != e9
2834010.dc8: 00007ffa9fddcf01 / 0x009cf01: 8b != fb
2844010.dc8: 00007ffa9fddcf02 / 0x009cf02: d1 != 31
2854010.dc8: 00007ffa9fddcf03 / 0x009cf03: b8 != 00
2864010.dc8: 00007ffa9fddcf04 / 0x009cf04: 41 != 80
2874010.dc8: 00007ffa9fddcf80 / 0x009cf80: 4c != e9
2884010.dc8: 00007ffa9fddcf81 / 0x009cf81: 8b != 7b
2894010.dc8: 00007ffa9fddcf82 / 0x009cf82: d1 != 39
2904010.dc8: 00007ffa9fddcf83 / 0x009cf83: b8 != 04
2914010.dc8: 00007ffa9fddcf84 / 0x009cf84: 45 != 80
2924010.dc8: 00007ffa9fddd080 / 0x009d080: 4c != e9
2934010.dc8: 00007ffa9fddd081 / 0x009d081: 8b != 7b
2944010.dc8: 00007ffa9fddd082 / 0x009d082: d1 != 32
2954010.dc8: 00007ffa9fddd083 / 0x009d083: b8 != 04
2964010.dc8: 00007ffa9fddd084 / 0x009d084: 4d != 80
2974010.dc8: 00007ffa9fddd0a0 / 0x009d0a0: 4c != e9
2984010.dc8: 00007ffa9fddd0a1 / 0x009d0a1: 8b != 5b
2994010.dc8: 00007ffa9fddd0a2 / 0x009d0a2: d1 != 34
3004010.dc8: 00007ffa9fddd0a3 / 0x009d0a3: b8 != 04
3014010.dc8: 00007ffa9fddd0a4 / 0x009d0a4: 4e != 80
3024010.dc8: 00007ffa9fddd5b0 / 0x009d5b0: 4c != e9
3034010.dc8: 00007ffa9fddd5b1 / 0x009d5b1: 8b != 4b
3044010.dc8: 00007ffa9fddd5b2 / 0x009d5b2: d1 != 3c
3054010.dc8: 00007ffa9fddd5b3 / 0x009d5b3: b8 != 04
3064010.dc8: 00007ffa9fddd5b4 / 0x009d5b4: 77 != 80
3074010.dc8: 00007ffa9fddd5f0 / 0x009d5f0: 4c != e9
3084010.dc8: 00007ffa9fddd5f2 / 0x009d5f2: d1 != 3c
3094010.dc8: 00007ffa9fddd5f3 / 0x009d5f3: b8 != 04
3104010.dc8: 00007ffa9fddd5f4 / 0x009d5f4: 79 != 80
3114010.dc8: 00007ffa9fddd810 / 0x009d810: 4c != e9
3124010.dc8: 00007ffa9fddd811 / 0x009d811: 8b != eb
3134010.dc8: 00007ffa9fddd812 / 0x009d812: d1 != 3a
3144010.dc8: 00007ffa9fddd813 / 0x009d813: b8 != 04
3154010.dc8: 00007ffa9fddd814 / 0x009d814: 8a != 80
3164010.dc8: 00007ffa9fdddd70 / 0x009dd70: 4c != e9
3174010.dc8: 00007ffa9fdddd71 / 0x009dd71: 8b != 0b
3184010.dc8: 00007ffa9fdddd72 / 0x009dd72: d1 != 25
3194010.dc8: 00007ffa9fdddd73 / 0x009dd73: b8 != 04
3204010.dc8: 00007ffa9fdddd74 / 0x009dd74: b5 != 80
3214010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fddbdfe
3224010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
3234010.dc8: 00007ffa9fddde70 / 0x009de70: 4c != e9
3244010.dc8: 00007ffa9fddde71 / 0x009de71: 8b != 0b
3254010.dc8: 00007ffa9fddde72 / 0x009de72: d1 != 27
3264010.dc8: 00007ffa9fddde73 / 0x009de73: b8 != 04
3274010.dc8: 00007ffa9fddde74 / 0x009de74: bd != 80
3284010.dc8: 00007ffa9fdddf50 / 0x009df50: 4c != e9
3294010.dc8: 00007ffa9fdddf51 / 0x009df51: 8b != 2b
3304010.dc8: 00007ffa9fdddf52 / 0x009df52: d1 != 24
3314010.dc8: 00007ffa9fdddf53 / 0x009df53: b8 != 04
3324010.dc8: 00007ffa9fdddf54 / 0x009df54: c4 != 80
3334010.dc8: 00007ffa9fddf210 / 0x009f210: 4c != e9
3344010.dc8: 00007ffa9fddf211 / 0x009f211: 8b != eb
3354010.dc8: 00007ffa9fddf212 / 0x009f212: d1 != 21
3364010.dc8: 00007ffa9fddf213 / 0x009f213: b8 != 04
3374010.dc8: 00007ffa9fddf214 / 0x009f214: 5a != 80
3384010.dc8: 00007ffa9fddf2f0 / 0x009f2f0: 4c != e9
3394010.dc8: 00007ffa9fddf2f2 / 0x009f2f2: d1 != 11
3404010.dc8: 00007ffa9fddf2f3 / 0x009f2f3: b8 != 00
3414010.dc8: 00007ffa9fddf2f4 / 0x009f2f4: 61 != 80
3424010.dc8: 00007ffa9fddf770 / 0x009f770: 4c != e9
3434010.dc8: 00007ffa9fddf771 / 0x009f771: 8b != 0b
3444010.dc8: 00007ffa9fddf772 / 0x009f772: d1 != 09
3454010.dc8: 00007ffa9fddf773 / 0x009f773: b8 != 00
3464010.dc8: 00007ffa9fddf774 / 0x009f774: 85 != 80
3474010.dc8: 00007ffa9fddfb30 / 0x009fb30: 4c != e9
3484010.dc8: 00007ffa9fddfb31 / 0x009fb31: 8b != 4b
3494010.dc8: 00007ffa9fddfb32 / 0x009fb32: d1 != 18
3504010.dc8: 00007ffa9fddfb33 / 0x009fb33: b8 != 04
3514010.dc8: 00007ffa9fddfb34 / 0x009fb34: a3 != 80
3524010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fddddfe
3534010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
3544010.dc8: 00007ffa9fe1b920 / 0x00db920: 48 != e9
3554010.dc8: 00007ffa9fe1b921 / 0x00db921: 8b != db
3564010.dc8: 00007ffa9fe1b922 / 0x00db922: c4 != 46
3574010.dc8: 00007ffa9fe1b923 / 0x00db923: 48 != 00
3584010.dc8: 00007ffa9fe1b924 / 0x00db924: 89 != 80
3594010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fe1a49e
3604010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory:
3614010.dc8: 00007ffa9e4a0180 / 0x0020180: 4c != e9
3624010.dc8: 00007ffa9e4a0181 / 0x0020181: 8b != fb
3634010.dc8: 00007ffa9e4a0182 / 0x0020182: dc != ff
3644010.dc8: 00007ffa9e4a0183 / 0x0020183: 53 != 97
3654010.dc8: 00007ffa9e4a0184 / 0x0020184: 56 != 81
3664010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e49f000
3674010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory:
3684010.dc8: 00007ffa9e4a3170 / 0x0023170: 89 != e9
3694010.dc8: 00007ffa9e4a3171 / 0x0023171: 54 != 0b
3704010.dc8: 00007ffa9e4a3172 / 0x0023172: 24 != d8
3714010.dc8: 00007ffa9e4a3173 / 0x0023173: 10 != 97
3724010.dc8: 00007ffa9e4a3174 / 0x0023174: 89 != 81
3734010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e4a3000
3744010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory:
3754010.dc8: 00007ffa9e4db5f0 / 0x005b5f0: 48 != e9
3764010.dc8: 00007ffa9e4db5f1 / 0x005b5f1: 83 != 8b
3774010.dc8: 00007ffa9e4db5f2 / 0x005b5f2: ec != 55
3784010.dc8: 00007ffa9e4db5f3 / 0x005b5f3: 38 != 94
3794010.dc8: 00007ffa9e4db5f4 / 0x005b5f4: 48 != 81
3804010.dc8: 00007ffa9e4db6f0 / 0x005b6f0: 48 != e9
3814010.dc8: 00007ffa9e4db6f1 / 0x005b6f1: 83 != 8b
3824010.dc8: 00007ffa9e4db6f2 / 0x005b6f2: ec != 55
3834010.dc8: 00007ffa9e4db6f3 / 0x005b6f3: 38 != 94
3844010.dc8: 00007ffa9e4db6f4 / 0x005b6f4: 48 != 81
3854010.dc8: 00007ffa9e4dc820 / 0x005c820: 48 != e9
3864010.dc8: 00007ffa9e4dc821 / 0x005c821: 89 != 5b
3874010.dc8: 00007ffa9e4dc822 / 0x005c822: 5c != 42
3884010.dc8: 00007ffa9e4dc823 / 0x005c823: 24 != 94
3894010.dc8: 00007ffa9e4dc824 / 0x005c824: 08 != 81
3904010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e4db000
3914010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
3924010.dc8: 00007ffa9ce75280 / 0x0005280: 40 != e9
3934010.dc8: 00007ffa9ce75281 / 0x0005281: 55 != 7b
3944010.dc8: 00007ffa9ce75282 / 0x0005282: 53 != b8
3954010.dc8: 00007ffa9ce75283 / 0x0005283: 56 != fa
3964010.dc8: 00007ffa9ce75284 / 0x0005284: 57 != 82
3974010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce75000
3984010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
3994010.dc8: 00007ffa9ce83d30 / 0x0013d30: 48 != e9
4004010.dc8: 00007ffa9ce83d31 / 0x0013d31: 83 != cb
4014010.dc8: 00007ffa9ce83d32 / 0x0013d32: ec != c6
4024010.dc8: 00007ffa9ce83d33 / 0x0013d33: 38 != f5
4034010.dc8: 00007ffa9ce83d34 / 0x0013d34: b8 != 82
4044010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce83000
4054010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4064010.dc8: 00007ffa9ce8b040 / 0x001b040: 48 != e9
4074010.dc8: 00007ffa9ce8b041 / 0x001b041: 89 != bb
4084010.dc8: 00007ffa9ce8b042 / 0x001b042: 5c != 5e
4094010.dc8: 00007ffa9ce8b043 / 0x001b043: 24 != f9
4104010.dc8: 00007ffa9ce8b044 / 0x001b044: 18 != 82
4114010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce8b000
4124010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4134010.dc8: 00007ffa9ce9dcc0 / 0x002dcc0: 40 != e9
4144010.dc8: 00007ffa9ce9dcc1 / 0x002dcc1: 53 != 3b
4154010.dc8: 00007ffa9ce9dcc2 / 0x002dcc2: 48 != 2d
4164010.dc8: 00007ffa9ce9dcc3 / 0x002dcc3: 83 != f8
4174010.dc8: 00007ffa9ce9dcc4 / 0x002dcc4: ec != 82
4184010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce9d000
4194010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4204010.dc8: 00007ffa9cea7080 / 0x0037080: 4c != e9
4214010.dc8: 00007ffa9cea7081 / 0x0037081: 8b != 7b
4224010.dc8: 00007ffa9cea7082 / 0x0037082: dc != 97
4234010.dc8: 00007ffa9cea7083 / 0x0037083: 48 != f7
4244010.dc8: 00007ffa9cea7084 / 0x0037084: 83 != 82
4254010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cea7000
4264010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4274010.dc8: 00007ffa9cec66f0 / 0x00566f0: 48 != e9
4284010.dc8: 00007ffa9cec66f1 / 0x00566f1: 89 != 8b
4294010.dc8: 00007ffa9cec66f2 / 0x00566f2: 5c != a8
4304010.dc8: 00007ffa9cec66f3 / 0x00566f3: 24 != f5
4314010.dc8: 00007ffa9cec66f4 / 0x00566f4: 08 != 82
4324010.dc8: 00007ffa9cec6750 / 0x0056750: 4c != e9
4334010.dc8: 00007ffa9cec6751 / 0x0056751: 8b != 2b
4344010.dc8: 00007ffa9cec6752 / 0x0056752: dc != a7
4354010.dc8: 00007ffa9cec6753 / 0x0056753: 48 != f5
4364010.dc8: 00007ffa9cec6754 / 0x0056754: 83 != 82
4374010.dc8: 00007ffa9cec67d0 / 0x00567d0: 4c != e9
4384010.dc8: 00007ffa9cec67d1 / 0x00567d1: 8b != 2b
4394010.dc8: 00007ffa9cec67d2 / 0x00567d2: dc != a6
4404010.dc8: 00007ffa9cec67d3 / 0x00567d3: 48 != f5
4414010.dc8: 00007ffa9cec67d4 / 0x00567d4: 83 != 82
4424010.dc8: 00007ffa9cec6c30 / 0x0056c30: 4c != e9
4434010.dc8: 00007ffa9cec6c31 / 0x0056c31: 89 != 4b
4444010.dc8: 00007ffa9cec6c32 / 0x0056c32: 4c != 9a
4454010.dc8: 00007ffa9cec6c33 / 0x0056c33: 24 != f5
4464010.dc8: 00007ffa9cec6c34 / 0x0056c34: 20 != 82
4474010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cec5000
4484010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4494010.dc8: 00007ffa9cec7310 / 0x0057310: 40 != e9
4504010.dc8: 00007ffa9cec7311 / 0x0057311: 55 != 6b
4514010.dc8: 00007ffa9cec7312 / 0x0057312: 53 != 9a
4524010.dc8: 00007ffa9cec7313 / 0x0057313: 56 != f5
4534010.dc8: 00007ffa9cec7314 / 0x0057314: 57 != 82
4544010.dc8: 00007ffa9cec7ea0 / 0x0057ea0: 40 != e9
4554010.dc8: 00007ffa9cec7ea1 / 0x0057ea1: 53 != 5b
4564010.dc8: 00007ffa9cec7ea2 / 0x0057ea2: 56 != 88
4574010.dc8: 00007ffa9cec7ea3 / 0x0057ea3: 57 != f5
4584010.dc8: 00007ffa9cec7ea4 / 0x0057ea4: 41 != 82
4594010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cec7000
4604010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4614010.dc8: 00007ffa9ced7240 / 0x0067240: 4c != e9
4624010.dc8: 00007ffa9ced7241 / 0x0067241: 8b != 3b
4634010.dc8: 00007ffa9ced7242 / 0x0067242: dc != 92
4644010.dc8: 00007ffa9ced7243 / 0x0067243: 53 != f4
4654010.dc8: 00007ffa9ced7244 / 0x0067244: 56 != 82
4664010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ced7000
4674010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4684010.dc8: 00007ffa9cedb090 / 0x006b090: 40 != e9
4694010.dc8: 00007ffa9cedb091 / 0x006b091: 53 != 6b
4704010.dc8: 00007ffa9cedb092 / 0x006b092: 48 != 50
4714010.dc8: 00007ffa9cedb093 / 0x006b093: 83 != f4
4724010.dc8: 00007ffa9cedb094 / 0x006b094: ec != 82
4734010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cedb000
4744010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4754010.dc8: 00007ffa9cedf0a0 / 0x006f0a0: 48 != e9
4764010.dc8: 00007ffa9cedf0a1 / 0x006f0a1: 89 != db
4774010.dc8: 00007ffa9cedf0a2 / 0x006f0a2: 5c != 0f
4784010.dc8: 00007ffa9cedf0a3 / 0x006f0a3: 24 != f4
4794010.dc8: 00007ffa9cedf0a4 / 0x006f0a4: 08 != 82
4804010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cedf000
4814010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4824010.dc8: 00007ffa9cee8400 / 0x0078400: 48 != e9
4834010.dc8: 00007ffa9cee8401 / 0x0078401: 83 != fb
4844010.dc8: 00007ffa9cee8402 / 0x0078402: ec != 88
4854010.dc8: 00007ffa9cee8403 / 0x0078403: 38 != f3
4864010.dc8: 00007ffa9cee8404 / 0x0078404: 48 != 82
4874010.dc8: 00007ffa9cee8430 / 0x0078430: 48 != e9
4884010.dc8: 00007ffa9cee8431 / 0x0078431: 83 != cb
4894010.dc8: 00007ffa9cee8432 / 0x0078432: ec != 87
4904010.dc8: 00007ffa9cee8433 / 0x0078433: 38 != f3
4914010.dc8: 00007ffa9cee8434 / 0x0078434: 48 != 82
4924010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cee7000
4934010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
4944010.dc8: 00007ffa9ceeaba0 / 0x007aba0: 45 != e9
4954010.dc8: 00007ffa9ceeaba1 / 0x007aba1: 33 != 5b
4964010.dc8: 00007ffa9ceeaba2 / 0x007aba2: c0 != 64
4974010.dc8: 00007ffa9ceeaba3 / 0x007aba3: 33 != f3
4984010.dc8: 00007ffa9ceeaba4 / 0x007aba4: d2 != 82
4994010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cee9000
5004010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
5014010.dc8: 00007ffa9cf630c0 / 0x00f30c0: 48 != e9
5024010.dc8: 00007ffa9cf630c1 / 0x00f30c1: 83 != bb
5034010.dc8: 00007ffa9cf630c2 / 0x00f30c2: ec != d2
5044010.dc8: 00007ffa9cf630c3 / 0x00f30c3: 38 != e7
5054010.dc8: 00007ffa9cf630c4 / 0x00f30c4: b8 != 82
5064010.dc8: 00007ffa9cf630f0 / 0x00f30f0: 48 != e9
5074010.dc8: 00007ffa9cf630f1 / 0x00f30f1: 83 != 8b
5084010.dc8: 00007ffa9cf630f2 / 0x00f30f2: ec != d1
5094010.dc8: 00007ffa9cf630f3 / 0x00f30f3: 38 != e7
5104010.dc8: 00007ffa9cf630f4 / 0x00f30f4: 33 != 82
5114010.dc8: 00007ffa9cf63170 / 0x00f3170: 48 != e9
5124010.dc8: 00007ffa9cf63171 / 0x00f3171: 83 != 8b
5134010.dc8: 00007ffa9cf63172 / 0x00f3172: ec != d1
5144010.dc8: 00007ffa9cf63173 / 0x00f3173: 38 != e7
5154010.dc8: 00007ffa9cf63174 / 0x00f3174: 33 != 82
5164010.dc8: 00007ffa9cf635e0 / 0x00f35e0: 40 != e9
5174010.dc8: 00007ffa9cf635e1 / 0x00f35e1: 53 != 1b
5184010.dc8: 00007ffa9cf635e2 / 0x00f35e2: 48 != db
5194010.dc8: 00007ffa9cf635e3 / 0x00f35e3: 81 != eb
5204010.dc8: 00007ffa9cf635e4 / 0x00f35e4: ec != 82
5214010.dc8: 00007ffa9cf63f80 / 0x00f3f80: 40 != e9
5224010.dc8: 00007ffa9cf63f81 / 0x00f3f81: 53 != fb
5234010.dc8: 00007ffa9cf63f82 / 0x00f3f82: 48 != c1
5244010.dc8: 00007ffa9cf63f83 / 0x00f3f83: 83 != e7
5254010.dc8: 00007ffa9cf63f84 / 0x00f3f84: ec != 82
5264010.dc8: 00007ffa9cf641c0 / 0x00f41c0: 40 != e9
5274010.dc8: 00007ffa9cf641c1 / 0x00f41c1: 53 != 3b
5284010.dc8: 00007ffa9cf641c2 / 0x00f41c2: 48 != c0
5294010.dc8: 00007ffa9cf641c3 / 0x00f41c3: 83 != e7
5304010.dc8: 00007ffa9cf641c4 / 0x00f41c4: ec != 82
5314010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cf63000
5324010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory:
5334010.dc8: 00007ffa9cf6c200 / 0x00fc200: 4c != e9
5344010.dc8: 00007ffa9cf6c201 / 0x00fc201: 8b != fb
5354010.dc8: 00007ffa9cf6c202 / 0x00fc202: dc != 41
5364010.dc8: 00007ffa9cf6c203 / 0x00fc203: 48 != eb
5374010.dc8: 00007ffa9cf6c204 / 0x00fc204: 83 != 82
5384010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cf6b000
5394010.dc8: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
5404010.dc8: 00007ffa957cfe98 / 0x004fe98: 00 != 30
5414010.dc8: 00007ffa957cfe99 / 0x004fe99: e6 != ee
5424010.dc8: 00007ffa957cfe9a / 0x004fe9a: ee != 49
5434010.dc8: 00007ffa957cfe9b / 0x004fe9b: 9c != 9e
5444010.dc8: 00007ffa957cfea0 / 0x004fea0: e0 != a0
5454010.dc8: 00007ffa957cfea1 / 0x004fea1: bf != 5e
5464010.dc8: 00007ffa957cfea2 / 0x004fea2: e7 != 49
5474010.dc8: 00007ffa957cfea3 / 0x004fea3: 9c != 9e
5484010.dc8: 00007ffa957cfea8 / 0x004fea8: 30 != 00
5494010.dc8: 00007ffa957cfea9 / 0x004fea9: 4f != 1e
5504010.dc8: 00007ffa957cfeaa / 0x004feaa: ed != 4a
5514010.dc8: 00007ffa957cfeab / 0x004feab: 9c != 9e
5524010.dc8: 00007ffa957cfeb0 / 0x004feb0: 80 != a0
5534010.dc8: 00007ffa957cfeb1 / 0x004feb1: ae != b7
5544010.dc8: 00007ffa957cfeb2 / 0x004feb2: ed != 49
5554010.dc8: 00007ffa957cfeb3 / 0x004feb3: 9c != 9e
5564010.dc8: 00007ffa957cfeb8 / 0x004feb8: 80 != 10
5574010.dc8: 00007ffa957cfeb9 / 0x004feb9: cd != 1e
5584010.dc8: 00007ffa957cfeba / 0x004feba: ec != 4a
5594010.dc8: 00007ffa957cfebb / 0x004febb: 9c != 9e
5604010.dc8: 00007ffa957cfec0 / 0x004fec0: 50 != 90
5614010.dc8: 00007ffa957cfec1 / 0x004fec1: 67 != be
5624010.dc8: 00007ffa957cfec2 / 0x004fec2: ec != 49
5634010.dc8: 00007ffa957cfec3 / 0x004fec3: 9c != 9e
5644010.dc8: 00007ffa957cfec8 / 0x004fec8: e0 != b0
5654010.dc8: 00007ffa957cfec9 / 0x004fec9: 6d != a1
5664010.dc8: 00007ffa957cfeca / 0x004feca: ed != 49
5674010.dc8: 00007ffa957cfecb / 0x004fecb: 9c != 9e
5684010.dc8: 00007ffa957cfed8 / 0x004fed8: b0 != f0
5694010.dc8: 00007ffa957cfed9 / 0x004fed9: 05 != a1
5704010.dc8: 00007ffa957cfeda / 0x004feda: ea != 49
5714010.dc8: 00007ffa957cfedb / 0x004fedb: 9c != 9e
5724010.dc8: Restored 0x2000 bytes of original file content at 00007ffa957ce000
5734010.dc8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=22
5744010.dc8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5754010.dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5764010.dc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5774010.dc8: supR3HardNtEnableThreadCreationEx:
5784010.dc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140
5794010.dc8: supR3HardenedWinDoReSpawn(1): New child 2e6c.3ab8 [kernel32].
5804010.dc8: supR3HardNtChildGatherData: PebBaseAddress=00000000006ac000 cbPeb=0x388
5814010.dc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9fd40000 uNtDllChildAddr=00007ffa9fd40000
5824010.dc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9fdb1df0
5834010.dc8: supR3HardenedWinSetupChildInit: Initial context:
584 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff687aa7900 rdx=00000000006ac000
585 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
586 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
587 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
588 rip=00007ffa9fdad4b0 rsp=00000000008ffb28 rbp=0000000000000000 ctxflags=0010001b
589 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
590 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
591 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
592 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
593 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5944010.dc8: supR3HardenedWinSetupChildInit: Start child.
5954010.dc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5964010.dc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps
5974010.dc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5984010.dc8: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000
5994010.dc8: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000
6004010.dc8: *0000000000500000-000000000051afff 0x0002/0x0002 0x0040000
6014010.dc8: 000000000051b000-000000000051ffff 0x0001/0x0000 0x0000000
6024010.dc8: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
6034010.dc8: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
6044010.dc8: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000
6054010.dc8: 0000000000532000-00000000005fffff 0x0001/0x0000 0x0000000
6064010.dc8: *0000000000600000-00000000006abfff 0x0000/0x0004 0x0020000
6074010.dc8: 00000000006ac000-00000000006aefff 0x0004/0x0004 0x0020000
6084010.dc8: 00000000006af000-00000000007fffff 0x0000/0x0004 0x0020000
6094010.dc8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
6104010.dc8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
6114010.dc8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
6124010.dc8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
6134010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6144010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
6154010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
6164010.dc8: 000000007ffeb000-00007ff577cdffff 0x0001/0x0000 0x0000000
6174010.dc8: *00007ff577ce0000-00007ff577ce0fff 0x0020/0x0004 0x0020000 !!
6184010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff577ce0000 (LB 0x1000, 00007ff577ce0000 LB 0x1000)
6194010.dc8: 0000000001bcef50/0000: 16 00 20 00 00 00 00 00-10 00 ce 77 f5 7f 00 00 .. ........w....
6200000000001bcef60/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4...
6210000000001bcef70/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
6220000000001bcef80/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
6230000000001bcef90/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
6240000000001bcefa0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
6250000000001bcefb0/0060: 6e 00 64 00 65 00 72 00-5c 00 45 00 6e 00 64 00 n.d.e.r.\.E.n.d.
6260000000001bcefc0/0070: 70 00 6f 00 69 00 6e 00-74 00 20 00 53 00 65 00 p.o.i.n.t. .S.e.
6270000000001bcefd0/0080: 63 00 75 00 72 00 69 00-74 00 79 00 5c 00 61 00 c.u.r.i.t.y.\.a.
6280000000001bcefe0/0090: 74 00 63 00 75 00 66 00-5c 00 32 00 36 00 34 00 t.c.u.f.\.2.6.4.
6290000000001bceff0/00a0: 39 00 33 00 31 00 30 00-34 00 37 00 37 00 36 00 9.3.1.0.4.7.7.6.
6300000000001bcf000/00b0: 30 00 30 00 30 00 30 00-30 00 30 00 30 00 5c 00 0.0.0.0.0.0.0.\.
6310000000001bcf010/00c0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
632**************** **** <ditto x 2>
6330000000001bcf040/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
6344010.dc8: 0000000001bcf350/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
635**************** **** <ditto x 2>
6360000000001bcf380/0030: 00 16 d6 9f fa 7f 00 00-e0 d0 dd 9f fa 7f 00 00 ................
6370000000001bcf390/0040: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH......
6380000000001bcf3a0/0050: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@
6390000000001bcf3b0/0060: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H.....
6400000000001bcf3c0/0070: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$(
6410000000001bcf3d0/0080: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I......
6420000000001bcf3e0/0090: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H.....
6430000000001bcf3f0/00a0: ff ff d0 85 c0 0f 88 c4-00 00 00 48 8d 35 8e ff ...........H.5..
6440000000001bcf400/00b0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H......
6450000000001bcf410/00c0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H..
6460000000001bcf420/00d0: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H.
6470000000001bcf430/00e0: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$
6480000000001bcf440/00f0: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6.
6494010.dc8: 0000000001bcf450/0000: ff ff ff d0 85 c0 78 67-48 83 c4 40 41 59 41 58 ......xgH..@AYAX
6500000000001bcf460/0010: 5a 59 5f 5e 48 8b 05 15-ff ff ff 48 83 ec 20 ff ZY_^H......H.. .
6510000000001bcf470/0020: d0 48 83 c4 20 85 c0 78-52 65 48 8b 0c 25 60 00 .H.. ..xReH..%`.
6520000000001bcf480/0030: 00 00 ba 00 01 00 02 85-91 bc 00 00 00 75 3c 48 .............u<H
6530000000001bcf490/0040: 8d 0d ea fa ff ff 48 c7-c2 00 00 00 00 4c 8d 05 ......H......L..
6540000000001bcf4a0/0050: ac fa ff ff 4c 8d 4c 24-20 48 8b 05 d0 fe ff ff ....L.L$ H......
6550000000001bcf4b0/0060: 48 83 ec 20 ff d0 48 83-c4 20 48 31 c0 eb 0c 48 H.. ..H.. H1...H
6560000000001bcf4c0/0070: 83 c4 40 41 59 41 58 5a-59 5f 5e 48 83 c4 38 c3 ..@AYAXZY_^H..8.
6570000000001bcf4d0/0080: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
658**************** **** <ditto x 6>
6590000000001bcf540/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
6604010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff577ce0000/00007ff577ce0000 LB 0/0x1000]
6614010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff577ce0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
6624010.dc8: 00007ff577ce1000-00007ff577ceffff 0x0001/0x0000 0x0000000
6634010.dc8: *00007ff577cf0000-00007ff577cf0fff 0x0002/0x0002 0x0040000
6644010.dc8: 00007ff577cf1000-00007ff577cfffff 0x0001/0x0000 0x0000000
6654010.dc8: *00007ff577d00000-00007ff577d22fff 0x0002/0x0002 0x0040000
6664010.dc8: 00007ff577d23000-00007ff687a9ffff 0x0001/0x0000 0x0000000
6674010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6684010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6694010.dc8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6704010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6714010.dc8: 00007ff687b62000-00007ff687b62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6724010.dc8: 00007ff687b63000-00007ff687b63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6734010.dc8: 00007ff687b64000-00007ff687b68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6744010.dc8: 00007ff687b69000-00007ff687b69fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6754010.dc8: 00007ff687b6a000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6764010.dc8: 00007ff687b6b000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6774010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6784010.dc8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000
6794010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6804010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6814010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6824010.dc8: 00007ffa9fe9f000-00007ffa9feaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6834010.dc8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6844010.dc8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6854010.dc8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6864010.dc8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6874010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000
6884010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
6894010.dc8: 00007ffa9fd61601 / 0x0021601: 89 != b8
6904010.dc8: 00007ffa9fd61602 / 0x0021602: 5c != 50
6914010.dc8: 00007ffa9fd61603 / 0x0021603: 24 != 04
6924010.dc8: 00007ffa9fd61604 / 0x0021604: 10 != ce
6934010.dc8: 00007ffa9fd61605 / 0x0021605: 56 != 77
6944010.dc8: 00007ffa9fd61606 / 0x0021606: 57 != f5
6954010.dc8: 00007ffa9fd61607 / 0x0021607: 41 != 7f
6964010.dc8: 00007ffa9fd61608 / 0x0021608: 56 != 00
6974010.dc8: 00007ffa9fd61609 / 0x0021609: 48 != 00
6984010.dc8: 00007ffa9fd6160a / 0x002160a: 81 != ff
6994010.dc8: 00007ffa9fd6160b / 0x002160b: ec != e0
7004010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fd61000
7014010.dc8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000
7024010.dc8: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 58 sleeps
7034010.dc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7044010.dc8: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000
7054010.dc8: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000
7064010.dc8: *0000000000500000-000000000051afff 0x0002/0x0002 0x0040000
7074010.dc8: 000000000051b000-000000000051ffff 0x0001/0x0000 0x0000000
7084010.dc8: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
7094010.dc8: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
7104010.dc8: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000
7114010.dc8: 0000000000532000-00000000005fffff 0x0001/0x0000 0x0000000
7124010.dc8: *0000000000600000-00000000006abfff 0x0000/0x0004 0x0020000
7134010.dc8: 00000000006ac000-00000000006aefff 0x0004/0x0004 0x0020000
7144010.dc8: 00000000006af000-00000000007fffff 0x0000/0x0004 0x0020000
7154010.dc8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
7164010.dc8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
7174010.dc8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
7184010.dc8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
7194010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7204010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
7214010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
7224010.dc8: 000000007ffeb000-00007ff577ceffff 0x0001/0x0000 0x0000000
7234010.dc8: *00007ff577cf0000-00007ff577cf0fff 0x0002/0x0002 0x0040000
7244010.dc8: 00007ff577cf1000-00007ff577cfffff 0x0001/0x0000 0x0000000
7254010.dc8: *00007ff577d00000-00007ff577d22fff 0x0002/0x0002 0x0040000
7264010.dc8: 00007ff577d23000-00007ff687a9ffff 0x0001/0x0000 0x0000000
7274010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7284010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7294010.dc8: 00007ff687b18000-00007ff687b18fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7304010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7314010.dc8: 00007ff687b62000-00007ff687b6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7324010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7334010.dc8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000
7344010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7354010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7364010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7374010.dc8: 00007ffa9fe9f000-00007ffa9fea2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7384010.dc8: 00007ffa9fea3000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7394010.dc8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7404010.dc8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7414010.dc8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7424010.dc8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7434010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000
7444010.dc8: supR3HardNtChildPurify: Done after 777 ms and 2 fixes (loop #1).
7452e6c.3ab8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
7462e6c.3ab8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9fd40000 g_uNtVerCombined=0xa047bb00 (stack ~00000000008ff5b8)
7472e6c.3ab8: ntdll.dll: timestamp 0x45a49e53 (rc=VINF_SUCCESS)
7482e6c.3ab8: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2031616 allocation)
7494010.dc8: supR3HardNtEnableThreadCreationEx:
7502e6c.3ab8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7512e6c.3ab8: System32: \Device\HarddiskVolume3\Windows\System32
7522e6c.3ab8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
7532e6c.3ab8: KnownDllPath: C:\WINDOWS\System32
7542e6c.3ab8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
7552e6c.3ab8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7562e6c.3ab8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7572e6c.3ab8: Registered Dll notification callback with NTDLL.
7582e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
7592e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7602e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7612e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9ce70000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
7622e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
7632e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7642e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9e480000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
7652e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7662e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\KERNEL32.DLL'
7672e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ff687aa0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
7682e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7692e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7702e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7712e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
7722e6c.3ab8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140
7734010.dc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms.
7742e6c.3ab8: \SystemRoot\System32\ntdll.dll:
7752e6c.3ab8: CreationTime: 2021-01-26T08:52:18.292488700Z
7762e6c.3ab8: LastWriteTime: 2021-01-26T08:52:18.384536500Z
7772e6c.3ab8: ChangeTime: 2021-01-26T09:44:42.500475500Z
7782e6c.3ab8: FileAttributes: 0x20
7792e6c.3ab8: Size: 0x1e8060
7802e6c.3ab8: NT Headers: 0xd8
7812e6c.3ab8: Timestamp: 0x45a49e53
7822e6c.3ab8: Machine: 0x8664 - amd64
7832e6c.3ab8: Timestamp: 0x45a49e53
7842e6c.3ab8: Image Version: 10.0
7852e6c.3ab8: SizeOfImage: 0x1f0000 (2031616)
7862e6c.3ab8: Resource Dir: 0x17f000 LB 0x6f310
7872e6c.3ab8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7882e6c.3ab8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7892e6c.3ab8: ProductName: Microsoft® Windows® Operating System
7902e6c.3ab8: ProductVersion: 10.0.18362.1316
7912e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
7922e6c.3ab8: FileDescription: NT Layer DLL
7932e6c.3ab8: \SystemRoot\System32\kernel32.dll:
7942e6c.3ab8: CreationTime: 2021-01-26T08:50:39.183677200Z
7952e6c.3ab8: LastWriteTime: 2021-01-26T08:50:39.228843100Z
7962e6c.3ab8: ChangeTime: 2021-01-26T09:44:41.554974500Z
7972e6c.3ab8: FileAttributes: 0x20
7982e6c.3ab8: Size: 0xb0498
7992e6c.3ab8: NT Headers: 0xf8
8002e6c.3ab8: Timestamp: 0x39c32a9b
8012e6c.3ab8: Machine: 0x8664 - amd64
8022e6c.3ab8: Timestamp: 0x39c32a9b
8032e6c.3ab8: Image Version: 10.0
8042e6c.3ab8: SizeOfImage: 0xb2000 (729088)
8052e6c.3ab8: Resource Dir: 0xb0000 LB 0x520
8062e6c.3ab8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8072e6c.3ab8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
8082e6c.3ab8: ProductName: Microsoft® Windows® Operating System
8092e6c.3ab8: ProductVersion: 10.0.18362.1316
8102e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
8112e6c.3ab8: FileDescription: Windows NT BASE API Client DLL
8122e6c.3ab8: \SystemRoot\System32\KernelBase.dll:
8132e6c.3ab8: CreationTime: 2021-01-26T08:52:20.103079300Z
8142e6c.3ab8: LastWriteTime: 2021-01-26T08:52:20.251514900Z
8152e6c.3ab8: ChangeTime: 2021-01-26T09:44:30.680602600Z
8162e6c.3ab8: FileAttributes: 0x20
8172e6c.3ab8: Size: 0x2a5c90
8182e6c.3ab8: NT Headers: 0x100
8192e6c.3ab8: Timestamp: 0xf9127b9c
8202e6c.3ab8: Machine: 0x8664 - amd64
8212e6c.3ab8: Timestamp: 0xf9127b9c
8222e6c.3ab8: Image Version: 10.0
8232e6c.3ab8: SizeOfImage: 0x2a5000 (2772992)
8242e6c.3ab8: Resource Dir: 0x27f000 LB 0x548
8252e6c.3ab8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8262e6c.3ab8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
8272e6c.3ab8: ProductName: Microsoft® Windows® Operating System
8282e6c.3ab8: ProductVersion: 10.0.18362.1316
8292e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
8302e6c.3ab8: FileDescription: Windows NT BASE API Client DLL
8312e6c.3ab8: \SystemRoot\System32\apisetschema.dll:
8322e6c.3ab8: CreationTime: 2019-03-19T04:43:54.837151500Z
8332e6c.3ab8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
8342e6c.3ab8: ChangeTime: 2021-01-26T08:56:21.294159100Z
8352e6c.3ab8: FileAttributes: 0x20
8362e6c.3ab8: Size: 0x1d028
8372e6c.3ab8: NT Headers: 0xc8
8382e6c.3ab8: Timestamp: 0xd6ced080
8392e6c.3ab8: Machine: 0x8664 - amd64
8402e6c.3ab8: Timestamp: 0xd6ced080
8412e6c.3ab8: Image Version: 10.0
8422e6c.3ab8: SizeOfImage: 0x1e000 (122880)
8432e6c.3ab8: Resource Dir: 0x1d000 LB 0x408
8442e6c.3ab8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8452e6c.3ab8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
8462e6c.3ab8: ProductName: Microsoft® Windows® Operating System
8472e6c.3ab8: ProductVersion: 10.0.18362.1
8482e6c.3ab8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
8492e6c.3ab8: FileDescription: ApiSet Schema DLL
8502e6c.3ab8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8512e6c.3ab8: supR3HardenedWinFindAdversaries: 0x0
8522e6c.3ab8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8532e6c.3ab8: Calling main()
8542e6c.3ab8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8552e6c.3ab8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8562e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
8572e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
8582e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
8592e6c.3ab8: SUPR3HardenedMain: Respawn #2
8602e6c.3ab8: supR3HardNtEnableThreadCreationEx:
8612e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9e360000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
8622e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
8632e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8642e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9f140000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8652e6c.3ab8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
8662e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
8672e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
8682e6c.3ab8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
8692e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
8702e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8712e6c.3ab8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8722e6c.3ab8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8732e6c.3ab8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8742e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8752e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fd40000 'C:\WINDOWS\System32\ntdll.dll'
8762e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
8772e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
8782e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
8792e6c.3ab8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
8802e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa95780000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
8812e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
8822e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
8832e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8842e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fd40000 'C:\WINDOWS\System32\ntdll.dll'
8852e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa95780000 'C:\WINDOWS\system32\apphelp.dll'
8862e6c.3ab8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140
8872e6c.3ab8: supR3HardenedWinDoReSpawn(2): New child dac.2854 [kernel32].
8882e6c.3ab8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
8892e6c.3ab8: supR3HardNtChildGatherData: PebBaseAddress=00000000008d7000 cbPeb=0x388
8902e6c.3ab8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9fd40000 uNtDllChildAddr=00007ffa9fd40000
8912e6c.3ab8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9fdb1df0
8922e6c.3ab8: supR3HardenedWinSetupChildInit: Initial context:
893 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff687aa7900 rdx=00000000008d7000
894 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
895 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
896 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
897 rip=00007ffa9fdad4b0 rsp=000000000078fe98 rbp=0000000000000000 ctxflags=0010001b
898 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
899 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
900 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
901 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
902 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
9032e6c.3ab8: kernel32.dll: timestamp 0x39c32a9b (rc=VINF_SUCCESS)
9042e6c.3ab8: supR3HardenedWinSetupChildInit: Start child.
9052e6c.3ab8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9062e6c.3ab8: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps
9072e6c.3ab8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9082e6c.3ab8: *0000000000000000-000000000064ffff 0x0001/0x0000 0x0000000
9092e6c.3ab8: *0000000000650000-000000000066ffff 0x0004/0x0004 0x0020000
9102e6c.3ab8: *0000000000670000-000000000068afff 0x0002/0x0002 0x0040000
9112e6c.3ab8: 000000000068b000-000000000068ffff 0x0001/0x0000 0x0000000
9122e6c.3ab8: *0000000000690000-000000000078afff 0x0000/0x0004 0x0020000
9132e6c.3ab8: 000000000078b000-000000000078dfff 0x0104/0x0004 0x0020000
9142e6c.3ab8: 000000000078e000-000000000078ffff 0x0004/0x0004 0x0020000
9152e6c.3ab8: *0000000000790000-0000000000793fff 0x0002/0x0002 0x0040000
9162e6c.3ab8: 0000000000794000-000000000079ffff 0x0001/0x0000 0x0000000
9172e6c.3ab8: *00000000007a0000-00000000007a1fff 0x0004/0x0004 0x0020000
9182e6c.3ab8: 00000000007a2000-00000000007fffff 0x0001/0x0000 0x0000000
9192e6c.3ab8: *0000000000800000-00000000008d6fff 0x0000/0x0004 0x0020000
9202e6c.3ab8: 00000000008d7000-00000000008d9fff 0x0004/0x0004 0x0020000
9212e6c.3ab8: 00000000008da000-00000000009fffff 0x0000/0x0004 0x0020000
9222e6c.3ab8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000
9232e6c.3ab8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
9242e6c.3ab8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
9252e6c.3ab8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
9262e6c.3ab8: 000000007ffeb000-00007ff5ba56ffff 0x0001/0x0000 0x0000000
9272e6c.3ab8: *00007ff5ba570000-00007ff5ba570fff 0x0020/0x0004 0x0020000 !!
9282e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff5ba570000 (LB 0x1000, 00007ff5ba570000 LB 0x1000)
9292e6c.3ab8: 0000000001058d60/0000: 16 00 20 00 00 00 00 00-10 00 57 ba f5 7f 00 00 .. .......W.....
9300000000001058d70/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4...
9310000000001058d80/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
9320000000001058d90/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
9330000000001058da0/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
9340000000001058db0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
9350000000001058dc0/0060: 6e 00 64 00 65 00 72 00-5c 00 45 00 6e 00 64 00 n.d.e.r.\.E.n.d.
9360000000001058dd0/0070: 70 00 6f 00 69 00 6e 00-74 00 20 00 53 00 65 00 p.o.i.n.t. .S.e.
9370000000001058de0/0080: 63 00 75 00 72 00 69 00-74 00 79 00 5c 00 61 00 c.u.r.i.t.y.\.a.
9380000000001058df0/0090: 74 00 63 00 75 00 66 00-5c 00 32 00 36 00 34 00 t.c.u.f.\.2.6.4.
9390000000001058e00/00a0: 39 00 33 00 31 00 30 00-34 00 37 00 37 00 36 00 9.3.1.0.4.7.7.6.
9400000000001058e10/00b0: 30 00 30 00 30 00 30 00-30 00 30 00 30 00 5c 00 0.0.0.0.0.0.0.\.
9410000000001058e20/00c0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
942**************** **** <ditto x 2>
9430000000001058e50/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
9442e6c.3ab8: 0000000001059160/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
945**************** **** <ditto x 2>
9460000000001059190/0030: 00 16 d6 9f fa 7f 00 00-e0 d0 dd 9f fa 7f 00 00 ................
94700000000010591a0/0040: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH......
94800000000010591b0/0050: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@
94900000000010591c0/0060: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H.....
95000000000010591d0/0070: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$(
95100000000010591e0/0080: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I......
95200000000010591f0/0090: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H.....
9530000000001059200/00a0: ff ff d0 85 c0 0f 88 c4-00 00 00 48 8d 35 8e ff ...........H.5..
9540000000001059210/00b0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H......
9550000000001059220/00c0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H..
9560000000001059230/00d0: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H.
9570000000001059240/00e0: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$
9580000000001059250/00f0: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6.
9592e6c.3ab8: 0000000001059260/0000: ff ff ff d0 85 c0 78 67-48 83 c4 40 41 59 41 58 ......xgH..@AYAX
9600000000001059270/0010: 5a 59 5f 5e 48 8b 05 15-ff ff ff 48 83 ec 20 ff ZY_^H......H.. .
9610000000001059280/0020: d0 48 83 c4 20 85 c0 78-52 65 48 8b 0c 25 60 00 .H.. ..xReH..%`.
9620000000001059290/0030: 00 00 ba 00 01 00 02 85-91 bc 00 00 00 75 3c 48 .............u<H
96300000000010592a0/0040: 8d 0d ea fa ff ff 48 c7-c2 00 00 00 00 4c 8d 05 ......H......L..
96400000000010592b0/0050: ac fa ff ff 4c 8d 4c 24-20 48 8b 05 d0 fe ff ff ....L.L$ H......
96500000000010592c0/0060: 48 83 ec 20 ff d0 48 83-c4 20 48 31 c0 eb 0c 48 H.. ..H.. H1...H
96600000000010592d0/0070: 83 c4 40 41 59 41 58 5a-59 5f 5e 48 83 c4 38 c3 ..@AYAXZY_^H..8.
96700000000010592e0/0080: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
968**************** **** <ditto x 6>
9690000000001059350/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
9702e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff5ba570000/00007ff5ba570000 LB 0/0x1000]
9712e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff5ba570000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
9722e6c.3ab8: 00007ff5ba571000-00007ff5ba57ffff 0x0001/0x0000 0x0000000
9732e6c.3ab8: *00007ff5ba580000-00007ff5ba580fff 0x0002/0x0002 0x0040000
9742e6c.3ab8: 00007ff5ba581000-00007ff5ba58ffff 0x0001/0x0000 0x0000000
9752e6c.3ab8: *00007ff5ba590000-00007ff5ba5b2fff 0x0002/0x0002 0x0040000
9762e6c.3ab8: 00007ff5ba5b3000-00007ff687a9ffff 0x0001/0x0000 0x0000000
9772e6c.3ab8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9782e6c.3ab8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9792e6c.3ab8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9802e6c.3ab8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9812e6c.3ab8: 00007ff687b62000-00007ff687b62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9822e6c.3ab8: 00007ff687b63000-00007ff687b63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9832e6c.3ab8: 00007ff687b64000-00007ff687b68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9842e6c.3ab8: 00007ff687b69000-00007ff687b69fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9852e6c.3ab8: 00007ff687b6a000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9862e6c.3ab8: 00007ff687b6b000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9872e6c.3ab8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9882e6c.3ab8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000
9892e6c.3ab8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9902e6c.3ab8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9912e6c.3ab8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9922e6c.3ab8: 00007ffa9fe9f000-00007ffa9feaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9932e6c.3ab8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9942e6c.3ab8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9952e6c.3ab8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9962e6c.3ab8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9972e6c.3ab8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000
9982e6c.3ab8: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
9992e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
10002e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
10012e6c.3ab8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
10022e6c.3ab8: ntdll.dll: Differences in section #1 (.text) between file and memory:
10032e6c.3ab8: 00007ffa9fd61601 / 0x0021601: 89 != b8
10042e6c.3ab8: 00007ffa9fd61602 / 0x0021602: 5c != 50
10052e6c.3ab8: 00007ffa9fd61603 / 0x0021603: 24 != 04
10062e6c.3ab8: 00007ffa9fd61604 / 0x0021604: 10 != 57
10072e6c.3ab8: 00007ffa9fd61605 / 0x0021605: 56 != ba
10082e6c.3ab8: 00007ffa9fd61606 / 0x0021606: 57 != f5
10092e6c.3ab8: 00007ffa9fd61607 / 0x0021607: 41 != 7f
10102e6c.3ab8: 00007ffa9fd61608 / 0x0021608: 56 != 00
10112e6c.3ab8: 00007ffa9fd61609 / 0x0021609: 48 != 00
10122e6c.3ab8: 00007ffa9fd6160a / 0x002160a: 81 != ff
10132e6c.3ab8: 00007ffa9fd6160b / 0x002160b: ec != e0
10142e6c.3ab8: Restored 0x2000 bytes of original file content at 00007ffa9fd61000
10152e6c.3ab8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000
10162e6c.3ab8: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 58 sleeps
10172e6c.3ab8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10182e6c.3ab8: *0000000000000000-000000000064ffff 0x0001/0x0000 0x0000000
10192e6c.3ab8: *0000000000650000-000000000066ffff 0x0004/0x0004 0x0020000
10202e6c.3ab8: *0000000000670000-000000000068afff 0x0002/0x0002 0x0040000
10212e6c.3ab8: 000000000068b000-000000000068ffff 0x0001/0x0000 0x0000000
10222e6c.3ab8: *0000000000690000-000000000078afff 0x0000/0x0004 0x0020000
10232e6c.3ab8: 000000000078b000-000000000078dfff 0x0104/0x0004 0x0020000
10242e6c.3ab8: 000000000078e000-000000000078ffff 0x0004/0x0004 0x0020000
10252e6c.3ab8: *0000000000790000-0000000000793fff 0x0002/0x0002 0x0040000
10262e6c.3ab8: 0000000000794000-000000000079ffff 0x0001/0x0000 0x0000000
10272e6c.3ab8: *00000000007a0000-00000000007a1fff 0x0004/0x0004 0x0020000
10282e6c.3ab8: 00000000007a2000-00000000007fffff 0x0001/0x0000 0x0000000
10292e6c.3ab8: *0000000000800000-00000000008d6fff 0x0000/0x0004 0x0020000
10302e6c.3ab8: 00000000008d7000-00000000008d9fff 0x0004/0x0004 0x0020000
10312e6c.3ab8: 00000000008da000-00000000009fffff 0x0000/0x0004 0x0020000
10322e6c.3ab8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000
10332e6c.3ab8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
10342e6c.3ab8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000
10352e6c.3ab8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000
10362e6c.3ab8: 000000007ffeb000-00007ff5ba57ffff 0x0001/0x0000 0x0000000
10372e6c.3ab8: *00007ff5ba580000-00007ff5ba580fff 0x0002/0x0002 0x0040000
10382e6c.3ab8: 00007ff5ba581000-00007ff5ba58ffff 0x0001/0x0000 0x0000000
10392e6c.3ab8: *00007ff5ba590000-00007ff5ba5b2fff 0x0002/0x0002 0x0040000
10402e6c.3ab8: 00007ff5ba5b3000-00007ff687a9ffff 0x0001/0x0000 0x0000000
10412e6c.3ab8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10422e6c.3ab8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10432e6c.3ab8: 00007ff687b18000-00007ff687b18fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10442e6c.3ab8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10452e6c.3ab8: 00007ff687b62000-00007ff687b6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10462e6c.3ab8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10472e6c.3ab8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000
10482e6c.3ab8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10492e6c.3ab8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10502e6c.3ab8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10512e6c.3ab8: 00007ffa9fe9f000-00007ffa9fea2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10522e6c.3ab8: 00007ffa9fea3000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10532e6c.3ab8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10542e6c.3ab8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10552e6c.3ab8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10562e6c.3ab8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
10572e6c.3ab8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000
10582e6c.3ab8: supR3HardNtChildPurify: Done after 809 ms and 2 fixes (loop #1).
1059dac.2854: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
1060dac.2854: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9fd40000 g_uNtVerCombined=0xa047bb00 (stack ~000000000078f928)
1061dac.2854: ntdll.dll: timestamp 0x45a49e53 (rc=VINF_SUCCESS)
1062dac.2854: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2031616 allocation)
10632e6c.3ab8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
10642e6c.3ab8: supR3HardNtEnableThreadCreationEx:
1065dac.2854: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1066dac.2854: System32: \Device\HarddiskVolume3\Windows\System32
1067dac.2854: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1068dac.2854: KnownDllPath: C:\WINDOWS\System32
1069dac.2854: supR3HardenedVmProcessInit: Opening vboxdrv...
1070dac.2854: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1071dac.2854: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1072dac.2854: Registered Dll notification callback with NTDLL.
1073dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1074dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1075dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1076dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ce70000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1077dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1078dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1079dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e480000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1080dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1081dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\KERNEL32.DLL'
1082dac.2854: supR3HardenedDllNotificationCallback: load 00007ff687aa0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1083dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1084dac.2854: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1085dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1086dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1087dac.2854: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140
10882e6c.3ab8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 90 ms.
1089dac.2854: \SystemRoot\System32\ntdll.dll:
1090dac.2854: CreationTime: 2021-01-26T08:52:18.292488700Z
1091dac.2854: LastWriteTime: 2021-01-26T08:52:18.384536500Z
1092dac.2854: ChangeTime: 2021-01-26T09:44:42.500475500Z
1093dac.2854: FileAttributes: 0x20
1094dac.2854: Size: 0x1e8060
1095dac.2854: NT Headers: 0xd8
1096dac.2854: Timestamp: 0x45a49e53
1097dac.2854: Machine: 0x8664 - amd64
1098dac.2854: Timestamp: 0x45a49e53
1099dac.2854: Image Version: 10.0
1100dac.2854: SizeOfImage: 0x1f0000 (2031616)
1101dac.2854: Resource Dir: 0x17f000 LB 0x6f310
1102dac.2854: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1103dac.2854: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1104dac.2854: ProductName: Microsoft® Windows® Operating System
1105dac.2854: ProductVersion: 10.0.18362.1316
1106dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
1107dac.2854: FileDescription: NT Layer DLL
1108dac.2854: \SystemRoot\System32\kernel32.dll:
1109dac.2854: CreationTime: 2021-01-26T08:50:39.183677200Z
1110dac.2854: LastWriteTime: 2021-01-26T08:50:39.228843100Z
1111dac.2854: ChangeTime: 2021-01-26T09:44:41.554974500Z
1112dac.2854: FileAttributes: 0x20
1113dac.2854: Size: 0xb0498
1114dac.2854: NT Headers: 0xf8
1115dac.2854: Timestamp: 0x39c32a9b
1116dac.2854: Machine: 0x8664 - amd64
1117dac.2854: Timestamp: 0x39c32a9b
1118dac.2854: Image Version: 10.0
1119dac.2854: SizeOfImage: 0xb2000 (729088)
1120dac.2854: Resource Dir: 0xb0000 LB 0x520
1121dac.2854: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1122dac.2854: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1123dac.2854: ProductName: Microsoft® Windows® Operating System
1124dac.2854: ProductVersion: 10.0.18362.1316
1125dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
1126dac.2854: FileDescription: Windows NT BASE API Client DLL
1127dac.2854: \SystemRoot\System32\KernelBase.dll:
1128dac.2854: CreationTime: 2021-01-26T08:52:20.103079300Z
1129dac.2854: LastWriteTime: 2021-01-26T08:52:20.251514900Z
1130dac.2854: ChangeTime: 2021-01-26T09:44:30.680602600Z
1131dac.2854: FileAttributes: 0x20
1132dac.2854: Size: 0x2a5c90
1133dac.2854: NT Headers: 0x100
1134dac.2854: Timestamp: 0xf9127b9c
1135dac.2854: Machine: 0x8664 - amd64
1136dac.2854: Timestamp: 0xf9127b9c
1137dac.2854: Image Version: 10.0
1138dac.2854: SizeOfImage: 0x2a5000 (2772992)
1139dac.2854: Resource Dir: 0x27f000 LB 0x548
1140dac.2854: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1141dac.2854: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1142dac.2854: ProductName: Microsoft® Windows® Operating System
1143dac.2854: ProductVersion: 10.0.18362.1316
1144dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800)
1145dac.2854: FileDescription: Windows NT BASE API Client DLL
1146dac.2854: \SystemRoot\System32\apisetschema.dll:
1147dac.2854: CreationTime: 2019-03-19T04:43:54.837151500Z
1148dac.2854: LastWriteTime: 2019-03-19T04:43:54.837151500Z
1149dac.2854: ChangeTime: 2021-01-26T08:56:21.294159100Z
1150dac.2854: FileAttributes: 0x20
1151dac.2854: Size: 0x1d028
1152dac.2854: NT Headers: 0xc8
1153dac.2854: Timestamp: 0xd6ced080
1154dac.2854: Machine: 0x8664 - amd64
1155dac.2854: Timestamp: 0xd6ced080
1156dac.2854: Image Version: 10.0
1157dac.2854: SizeOfImage: 0x1e000 (122880)
1158dac.2854: Resource Dir: 0x1d000 LB 0x408
1159dac.2854: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1160dac.2854: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1161dac.2854: ProductName: Microsoft® Windows® Operating System
1162dac.2854: ProductVersion: 10.0.18362.1
1163dac.2854: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
1164dac.2854: FileDescription: ApiSet Schema DLL
1165dac.2854: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1166dac.2854: supR3HardenedWinFindAdversaries: 0x0
1167dac.2854: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1168dac.2854: Calling main()
1169dac.2854: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1170dac.2854: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1171dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1172dac.2854: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1173dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1174dac.2854: SUPR3HardenedMain: Final process, opening VBoxDrv...
1175dac.2854: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000)
1176dac.2854: supR3HardNtEnableThreadCreationEx:
1177dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
1178dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1179dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1180dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1181dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1182dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa930b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1183dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1184dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1185dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1186dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1187dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1188dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1189dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1190dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1191dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1192dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
1193dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1194dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1195dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
1196dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1197dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1198dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1199dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
1200dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1201dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1202dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1203dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
1204dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
1205dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1206dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1207dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1208dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
1209dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
1210dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1211dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1212dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
1213dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1214dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1215dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1216dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1217dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1218dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9eca0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
1219dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1220dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc00000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
1221dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1222dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd70000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
1223dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
1224dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
1225dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9da50000 LB 0x0014a000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
1226dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1227dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e360000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
1228dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1229dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ccc0000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
1230dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1231dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1232dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1233dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-synch-l1-2-0'
1234dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1235dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1236dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-fibers-l1-1-1'
1237dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1238dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1239dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-fibers-l1-1-1'
1240dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1241dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1242dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-synch-l1-2-0'
1243dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
1244dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1245dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-l1-2-1'
1246dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\system32\Wintrust.dll'
1247dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
1248dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1249dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1250dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d2a0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
1251dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1252dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9d2a0000 'C:\WINDOWS\system32\bcrypt.dll'
1253dac.2854: bcrypt.dll loaded at 00007ffa9d2a0000, BCryptOpenAlgorithmProvider at 00007ffa9d2a4c70, preloading providers:
1254dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
1255dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1256dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1257dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d170000 LB 0x00081000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
1258dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1259dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9d170000 'C:\WINDOWS\system32\bcryptprimitives.dll'
1260dac.2854: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000106a090)
1261dac.2854: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000106f3d0)
1262dac.2854: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000106f6d0)
1263dac.2854: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000106f9d0)
1264dac.2854: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000106fcd0)
1265dac.2854: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000106ffd0)
1266dac.2854: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010702d0)
1267dac.2854: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010705d0)
1268dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd50000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
1269dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
1270dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
1271dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1272dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
1273dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1274dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1275dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1276dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1277dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1278dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1279dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9bfb0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
1280dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1281dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1282dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
1283dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
1284dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1285dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9c600000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1286dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1287dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1288dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1289dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1290dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1291dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1292dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll'
1293dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1294dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1295dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\System32\WINTRUST.DLL'
1296dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1297dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1298dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\CRYPT32.dll'
1299dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f410000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
1300dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
1301dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
1302dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
1303dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1304dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1305dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1306dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1307dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1308dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1309dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f140000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
1310dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1311dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
1312dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
1313dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1314dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1315dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
1316dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
1317dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b7e0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
1318dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1319dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc70000 LB 0x00023000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
1320dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
1321dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
1322dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1323dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
1324dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
1325dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1326dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1327dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1328dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1329dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1330dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1331dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1332dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1333dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1334dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1335dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1336dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1337dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1338dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1339dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1340dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1341dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1342dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1343dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa87e50000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
1344dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1345dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1346dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1347dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1348dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1349dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1350dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1351dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1352dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1353dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1354dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1355dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1356dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1357dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1358dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1359dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1360dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1361dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1362dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1363dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1364dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1365dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1366dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1367dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1368dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1369dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1370dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1371dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1372dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1373dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll'
1374dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1375dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\Windows\System32\cryptnet.dll'
1376dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f090000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
1377dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1378dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
1379dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1380dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
1381dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1382dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1383dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1384dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1385dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1386dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1387dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1388dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1389dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1390dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1391dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1392dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1393dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1394dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1395dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1396dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1397dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1398dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010ecc10
1399dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
1400dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E85BD85EF0093C05EBC0419D731FD2EA8FA7761
1401dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1402dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1403dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e360000 'C:\WINDOWS\System32\rpcrt4.dll'
1404dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1405dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1406dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1407dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1408dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1409dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1410dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\SystemRoot\System32\ntdll.dll'
1411dac.2854: g_pfnWinVerifyTrust=00007ffa9ccc1d30
1412dac.2854: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1413dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1414dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1415dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1416dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1417dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1418dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1419dac.2854: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1420dac.2854: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1421dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1422dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1423dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1424dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1425dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1426dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1427dac.2854: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1428dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1429dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1430dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1431dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1432dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1433dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1434dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
1435dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
1436dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
1437dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1438dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1439dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1440dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1441dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1442dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1443dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1444dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1445dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1446dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1447dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1448dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1449dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1450dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1451dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1452dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1453dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1454dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1455dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1456dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1457dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1458dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1459dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1460dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1461dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1462dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1463dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1464dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1465dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1466dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1467dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1468dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1469dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1470dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1471dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1472dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1473dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1474dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1475dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1476dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1477dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1478dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1479dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1480dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1481dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1482dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
1483dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1484dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1485dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1486dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1487dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1488dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1489dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1490dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1491dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1492dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1493dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1494dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1495dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
1496dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1497dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1498dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1499dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1500dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1501dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1502dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\system32\crypt32.dll'
1503dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1504dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1505dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1506dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1507dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1508dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1509dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1510dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1511dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
1512dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1513dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc01b396d66edd519 CN=Bitdefender Personal CA.Endpoint0000, OU=IDS, O=Bitdefender, C=US
1514dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1515dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1516dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
1517dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1518dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1519dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1520dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1521dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1522dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1523dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
1524dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1525dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1526dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1527dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1528dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1529dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1530dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1531dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1532dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1533dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1534dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1535dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1536dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
1537dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1538dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1539dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1540dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
1541dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1542dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1543dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1544dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1545dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1546dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1547dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1548dac.2854: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=45
1549dac.2854: SUPR3HardenedMain: Load Runtime...
1550dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
1551dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1552dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1553dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1554dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1555dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1556dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1557dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1558dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1559dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1560dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1561dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1562dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1563dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1564dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1565dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1566dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1567dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1568dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1569dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1570dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
1571dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1572dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1573dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1574dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1575dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1576dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1577dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1578dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1579dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1580dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
1581dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1582dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1583dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
1584dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1585dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1586dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1587dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1588dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1589dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1590dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1591dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1592dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1593dac.2854: supR3HardenedDllNotificationCallback: load 0000000076a40000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1594dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1595dac.2854: supR3HardenedDllNotificationCallback: load 0000000075ec0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1596dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1597dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9eb80000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1598dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1599dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa2fd60000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1600dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1601dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1602dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1603dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1604dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1605dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1606dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1607dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1608dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1609dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1610dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1611dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1612dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1613dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1614dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1615dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1616dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1617dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1618dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1619dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1620dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1621dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1622dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1623dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1624dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1625dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1626dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1627dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1628dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1629dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1630dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1631dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1632dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1633dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1634dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1635dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1636dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1637dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1638dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1639dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1640dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1641dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1642dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1643dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1644dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1645dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1646dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1647dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1648dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1649dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1650dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1651dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1652dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1653dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1654dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1655dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1656dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1657dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1658dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1659dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1660dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1661dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1662dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1663dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1664dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1665dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1666dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1667dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1668dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1669dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1670dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1671dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1672dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1673dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1674dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1675dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1676dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1677dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1678dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1679dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1680dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1681dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1682dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1683dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1684dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1685dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1686dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1687dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1688dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1689dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1690dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1691dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1692dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1693dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1694dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1695dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1696dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1697dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1698dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1699dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1700dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1701dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1702dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1703dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1704dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1705dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1706dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1707dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1708dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1709dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1710dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1711dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1712dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1713dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1714dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1715dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1716dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1717dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1718dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1719dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1720dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1721dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1722dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1723dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1724dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1725dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1726dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1727dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1728dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1729dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1730dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1731dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1732dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1733dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1734dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1735dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1736dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1737dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1738dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1739dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1740dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1741dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1742dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1743dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1744dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1745dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1746dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1747dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1748dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1749dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1750dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1751dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1752dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1753dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1754dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1755dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1756dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1757dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1758dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1759dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1760dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1761dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1762dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1763dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1764dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1765dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1766dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1767dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1768dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1769dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1770dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1771dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1772dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1773dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1774dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1775dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1776dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1777dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1778dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1779dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1780dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1781dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1782dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\system32\Wintrust.dll'
1783dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1784dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1785dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1786dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1787dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1788dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1789dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\system32\crypt32.dll'
1790dac.2854: SUPR3HardenedMain: Load TrustedMain...
1791dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
1792dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1793dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1794dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1795dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1796dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1797dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1798dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1799dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1800dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1801dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1802dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1803dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1804dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1805dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1806dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1807dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1808dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1809dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1810dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1811dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1812dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1813dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1814dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1815dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1816dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1817dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1818dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1819dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1820dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1821dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1822dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1823dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1824dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1825dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
1826dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
1827dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1828dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1829dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1830dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1831dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1832dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1833dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1834dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1835dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1836dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1837dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1838dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1839dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1840dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1841dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1842dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1843dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1844dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1845dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1846dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1847dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'bcryptprimitives.dll'.
1848dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1849dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1850dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1851dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1852dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1853dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
1854dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1855dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1856dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1857dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1858dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1859dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1860dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1861dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1862dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1863dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
1864dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
1865dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1866dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1867dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1868dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1869dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1870dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1871dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1872dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
1873dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1874dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1875dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1876dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1877dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1878dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
1879dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1880dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1881dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1882dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1883dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
1884dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1885dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1886dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1887dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1888dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1889dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1890dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1891dac.2854: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1892dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1893dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1894dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1895dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1896dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1897dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1898dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1899dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1900dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1901dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
1902dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1903dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1904dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
1905dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1906dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1907dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
1908dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1909dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1910dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1911dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1912dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1913dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1914dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
1915dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1916dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1917dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1918dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1919dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1920dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1921dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1922dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1923dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1924dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1925dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1926dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1927dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1928dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1929dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
1930dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1931dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1932dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1933dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1934dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1935dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1936dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1937dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1938dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1939dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1940dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1941dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1942dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1943dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
1944dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1945dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1946dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1947dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1948dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1949dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1950dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1951dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1952dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1953dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1954dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1955dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1956dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1957dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1958dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1959dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1960dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1961dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1962dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1963dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1964dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1965dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1966dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1967dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1968dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1969dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1970dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1971dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1972dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1973dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1974dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1975dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1976dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
1977dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
1978dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
1979dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1980dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1981dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1982dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1983dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1984dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1985dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1986dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1987dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1988dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1989dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1990dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1991dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1992dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1993dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1994dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1995dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1996dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1997dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1998dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1999dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2000dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
2001dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2002dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2003dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2004dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2005dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2006dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2007dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2008dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2009dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2010dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2011dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2012dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2013dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2014dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
2015dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
2016dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2017dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2018dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2019dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2020dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2021dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2022dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2023dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2024dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2025dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2026dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
2027dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
2028dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2029dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
2030dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
2031dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2032dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2033dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2034dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2035dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2036dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2037dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2038dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2039dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2040dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2041dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2042dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
2043dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2044dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2045dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2046dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
2047dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
2048dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2049dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2050dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2051dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
2052dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
2053dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
2054dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2055dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2056dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2057dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2058dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2059dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2060dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2061dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2062dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2063dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2064dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2065dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2066dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2067dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2068dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2069dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2070dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2071dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2072dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2073dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2074dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
2075dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2076dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2077dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2078dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2079dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2080dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2081dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2082dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2083dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2084dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
2085dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
2086dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
2087dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
2088dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
2089dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
2090dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2091dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2092dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
2093dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2094dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2095dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2096dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2097dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2098dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2099dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2100dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2101dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
2102dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2103dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2104dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
2105dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2106dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2107dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
2108dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2109dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2110dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2111dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2112dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2113dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2114dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2115dac.2854: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
2116dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2117dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2118dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
2119dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2120dac.2854: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
2121dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2122dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2123dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2124dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2125dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2126dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2127dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2128dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2129dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
2130dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
2131dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
2132dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2133dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2134dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
2135dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
2136dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
2137dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
2138dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2139dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2140dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2141dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2142dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
2143dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
2144dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2145dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2146dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2147dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
2148dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
2149dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
2150dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
2151dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
2152dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2153dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2154dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2155dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2156dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2157dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2158dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2159dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2160dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2161dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2162dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2163dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2164dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2165dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2166dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2167dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2168dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
2169dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2170dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2171dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2172dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2173dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2174dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2175dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2176dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2177dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2178dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2179dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2180dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2181dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
2182dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2183dac.2854: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
2184dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
2185dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
2186dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2187dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2188dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2189dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2190dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
2191dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2192dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2193dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2194dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2195dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
2196dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2197dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
2198dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
2199dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
2200dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd20000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
2201dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
2202dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d200000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
2203dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
2204dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9dba0000 LB 0x00198000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
2205dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2206dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2207dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
2208dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
2209dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
2210dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
2211dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e330000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
2212dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
2213dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ed40000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
2214dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
2215dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e7e0000 LB 0x00337000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
2216dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
2217dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d120000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
2218dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
2219dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
2220dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b830000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
2221dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
2222dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa6b3c0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
2223dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2224dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa6b170000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
2225dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2226dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9efe0000 LB 0x000a7000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
2227dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2228dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
2229dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
2230dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
2231dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2232dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cbf0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
2233dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
2234dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
2235dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc20000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
2236dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2237dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
2238dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
2239dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
2240dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ef70000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
2241dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2242dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
2243dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
2244dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
2245dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2246dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cca0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
2247dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
2248dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2249dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
2250dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
2251dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d2d0000 LB 0x0077b000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
2252dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
2253dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
2254dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
2255dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
2256dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
2257dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
2258dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f4b0000 LB 0x006e8000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
2259dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
2260dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9fba0000 LB 0x00157000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
2261dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2262dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa8b2a0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
2263dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2264dac.2854: supR3HardenedDllNotificationCallback: load 00000000764d0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2265dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2266dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa2e680000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2267dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2268dac.2854: supR3HardenedDllNotificationCallback: load 0000000075f60000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2269dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
2270dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ddf0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
2271dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2272dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa30350000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
2273dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2274dac.2854: supR3HardenedDllNotificationCallback: load 0000000075e60000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2275dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2276dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa93ac0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
2277dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
2278dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa93b00000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
2279dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2280dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa355c0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
2281dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
2282dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2283dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2284dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2285dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2286dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2287dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2288dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2289dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2290dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2291dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2292dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2293dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2294dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2295dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2296dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2297dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2298dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2299dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2300dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2301dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2302dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2303dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2304dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2305dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2306dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2307dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2308dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2309dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2310dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2311dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2312dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2313dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2314dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2315dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2316dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2317dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2318dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2319dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2320dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2321dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2322dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2323dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2324dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2325dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2326dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2327dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2328dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2329dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2330dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2331dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2332dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2333dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
2334dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2335dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
2336dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2337dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2338dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2339dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2340dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2341dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2342dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
2343dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2344dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
2345dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2346dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2347dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2348dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2349dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2350dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2351dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2352dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
2353dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
2354dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
2355dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2356dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll
2357dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2358dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2359dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2360dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2361dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
2362dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2363dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
2364dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2365dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2366dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2367dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2368dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2369dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2370dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2371dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2372dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2373dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2374dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2375dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2376dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
2377dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2378dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
2379dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2380dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2381dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2382dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2383dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2384dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2385dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2386dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2387dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2388dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2389dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2390dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2391dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2392dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2393dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2394dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2395dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2396dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2397dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2398dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2399dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2400dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll'
2401dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2402dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2403dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2404dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2405dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2406dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2407dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2408dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2409dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2410dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2411dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2412dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2413dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2414dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2415dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2416dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2417dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2418dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2419dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2420dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2421dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2422dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2423dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2424dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2425dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2426dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2427dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2428dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2429dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2430dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2431dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2432dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2433dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2434dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2435dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2436dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2437dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2438dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2439dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2440dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2441dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2442dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2443dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2444dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2445dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2446dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2447dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2448dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2449dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2450dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2451dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2452dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2453dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2454dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2455dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2456dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2457dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2458dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2459dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2460dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2461dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2462dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2463dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2464dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2465dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2466dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2467dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2468dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2469dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2470dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2471dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2472dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2473dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2474dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2475dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2476dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2477dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
2478dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2479dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-string-l1-1-0'
2480dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2481dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2482dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2483dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2484dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2485dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2486dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2487dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2488dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2489dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2490dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2491dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2492dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2493dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2494dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2495dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2496dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2497dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2498dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2499dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2500dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2501dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2502dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2503dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2504dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2505dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2506dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2507dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2508dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2509dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2510dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2511dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2512dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2513dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2514dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2515dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2516dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2517dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2518dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2519dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2520dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2521dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2522dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2523dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2524dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2525dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2526dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2527dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2528dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2529dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2530dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2531dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2532dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2533dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2534dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2535dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2536dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2537dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2538dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2539dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2540dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2541dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2542dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2543dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2544dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2545dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2546dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2547dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2548dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2549dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2550dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2551dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2552dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2553dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2554dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2555dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2556dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
2557dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2558dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-datetime-l1-1-1'
2559dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2560dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2561dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2562dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2563dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2564dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2565dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2566dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2567dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2568dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2569dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2570dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2571dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2572dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2573dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2574dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2575dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2576dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2577dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2578dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2579dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2580dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2581dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2582dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2583dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2584dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2585dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2586dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2587dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2588dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2589dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2590dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2591dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2592dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2593dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2594dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2595dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2596dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2597dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2598dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2599dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2600dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2601dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2602dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2603dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2604dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2605dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2606dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2607dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2608dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2609dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2610dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2611dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2612dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2613dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2614dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2615dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2616dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2617dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2618dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2619dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2620dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2621dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2622dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2623dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2624dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2625dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2626dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2627dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2628dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2629dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2630dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2631dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2632dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2633dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2634dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2635dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
2636dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2637dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-obsolete-l1-2-0'
2638dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2639dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2640dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2641dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2642dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2643dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2644dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2645dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2646dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2647dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2648dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2649dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2650dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2651dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2652dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2653dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2654dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2655dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2656dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2657dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2658dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2659dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2660dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2661dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2662dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2663dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2664dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2665dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2666dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2667dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2668dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2669dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2670dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2671dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2672dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2673dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2674dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2675dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2676dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2677dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2678dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2679dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2680dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2681dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2682dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2683dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2684dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2685dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2686dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2687dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2688dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2689dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2690dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2691dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2692dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2693dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2694dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2695dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2696dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2697dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2698dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2699dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2700dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2701dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2702dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2703dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2704dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2705dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2706dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2707dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2708dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2709dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2710dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2711dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2712dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2713dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2714dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2715dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
2716dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
2717dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
2718dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
2719dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2720dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2721dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2722dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2723dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2724dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2725dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2726dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
2727dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2728dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
2729dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2730dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e610000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
2731dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
2732dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e610000 'C:\WINDOWS\system32\IMM32.DLL'
2733dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2734dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2735dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2736dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2737dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2738dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2739dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2740dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2741dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2742dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2743dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2744dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2745dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2746dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2747dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2748dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2749dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2750dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2751dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2752dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2753dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2754dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2755dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2756dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2757dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2758dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2759dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2760dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2761dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2762dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2763dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2764dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2765dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2766dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2767dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2768dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2769dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2770dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2771dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2772dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2773dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2774dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2775dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2776dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2777dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2778dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2779dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2780dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2781dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2782dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2783dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2784dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2785dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2786dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2787dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2788dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2789dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2790dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2791dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2792dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2793dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2794dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2795dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2796dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2797dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2798dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2799dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2800dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2801dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2802dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2803dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2804dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2805dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2806dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2807dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2808dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2809dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2810dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2811dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2812dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2813dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2814dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2815dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\System32\ADVAPI32.DLL'
2816dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2817dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2818dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
2819dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
2820dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
2821dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
2822dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
2823dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
2824dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
2825dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
2826dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
2827dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
2828dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
2829dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
2830dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2831dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
2832dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2833dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2834dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2835dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2836dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2837dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2838dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2839dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2840dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2841dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2842dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2843dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2844dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2845dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2846dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2847dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2848dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2849dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
2850dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2851dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2852dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2853dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2854dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
2855dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
2856dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa355c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
2857dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2858dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2859dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
2860dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2861dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2862dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
2863dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2864dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2865dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
2866dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2867dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2868dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
2869dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2870dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2871dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
2872dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2873dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2874dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
2875dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2876dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2877dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
2878dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2879dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2880dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
2881dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2882dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2883dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
2884dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2885dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2886dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'
2887dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
2888dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
2889dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
2890dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
2891dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2892dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2893dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2894dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2895dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2896dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2897dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2898dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
2899dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2900dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2901dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
2902dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2903dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
2904dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2905dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2906dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
2907dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2908dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2909dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
2910dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2911dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2912dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
2913dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2914dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2915dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
2916dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2917dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2918dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
2919dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2920dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2921dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2922dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2923dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
2924dac.2854: SUPR3HardenedMain: Calling TrustedMain (00007ffa355c16c0)...
2925dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
2926dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2927dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2928dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2929dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2930dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2931dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2932dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2933dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2934dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2935dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2936dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2937dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2938dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2939dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2940dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2941dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2942dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2943dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2944dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2945dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2946dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2947dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2948dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2949dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2950dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2951dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2952dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2953dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2954dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2955dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2956dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2957dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2958dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2959dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2960dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2961dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2962dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2963dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2964dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2965dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2966dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2967dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2968dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2969dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2970dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2971dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2972dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa5a3a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2973dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2974dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5a3a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2975dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2976dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
2977dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
2978dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC4075B94E896B3CAA9912F5E86E9C45EF536E1D
2979dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
2980dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
2981dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
2982dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2983dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2984dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2985dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2986dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
2987dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2988dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2989dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2990dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2991dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2992dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2993dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2994dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2995dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2996dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa958c0000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2997dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2998dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa958c0000 'C:\WINDOWS\system32\uxtheme.dll'
2999dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'C:\WINDOWS\system32\user32.dll'
3000dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
3001dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3002dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll'
3003dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3004dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3005dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9efe0000 'C:\WINDOWS\system32\SHCore.dll'
3006dac.2854: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
3007dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
3008dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3009dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3010dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\system32\winmm.dll'
3011dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3012dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3013dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\system32\winmm.dll'
3014dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
3015dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3016dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll'
3017dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
3018dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3019dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa958c0000 'C:\WINDOWS\system32\uxtheme.dll'
3020dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3021dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3022dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\system32\advapi32.dll'
3023dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3024dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3025dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
3026dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
3027dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
3028dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
3029dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
3030dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
3031dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
3032dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3033dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3034dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3035dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
3036dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cad0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
3037dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
3038dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9cad0000 'C:\WINDOWS\system32\userenv.dll'
3039dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3040dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3041dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll'
3042dac.44cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
3043dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3044dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3045dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3046dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3047dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
3048dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
3049dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
3050dac.44cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
3051dac.44cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
3052dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3053dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3054dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
3055dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3056dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3057dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
3058dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3059dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3060dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3061dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3062dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3063dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3064dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3065dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
3066dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3067dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3068dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3069dac.44cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
3070dac.44cc: supR3HardenedDllNotificationCallback: load 00007ffa594b0000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
3071dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
3072dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa594b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
3073dac.44cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
3074dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3075dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3076dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3077dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3078dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
3079dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
3080dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
3081dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3082dac.44cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
3083dac.44cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
3084dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3085dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3086dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3087dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3088dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
3089dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3090dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3091dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
3092dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
3093dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
3094dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
3095dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3096dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3097dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3098dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3099dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3100dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3101dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3102dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3103dac.44cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
3104dac.44cc: supR3HardenedDllNotificationCallback: load 00007ffa59c20000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
3105dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
3106dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59c20000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
3107dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
3108dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3109dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ddf0000 'C:\Windows\System32\oleaut32.dll'
3110dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c0 pwszName=\Device\HarddiskVolume3\Windows\System32\DWrite.dll
3111dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3112dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3113dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D995AFF35A36FA902E82FCA08B076242F963574F
3114dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3115dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3116dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\DWrite.dll'
3117dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3118dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3119dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3120dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DWrite.dll) WinVerifyTrust
3121dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DWrite.dll
3122dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3123dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3124dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3125dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3126dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3127dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
3128dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7a5e0000 LB 0x002fe000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0]
3129dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
3130dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7a5e0000 'C:\WINDOWS\system32\dwrite.dll'
3131dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e6a0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
3132dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3133dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
3134dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
3135dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
3136dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
3137dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
3138dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
3139dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
3140dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3141dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3142dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
3143dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
3144dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
3145dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3146dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3147dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3148dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3149dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
3150dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3151dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3152dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
3153dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3154dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3155dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3156dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3157dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
3158dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000968 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
3159dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3160dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3161dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C9B0BE701CDD3934C4537BC9090BB23A9DABB80B
3162dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3163dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3164dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
3165dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3166dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3167dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
3168dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
3169dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
3170dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
3171dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
3172dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
3173dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
3174dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
3175dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3176dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3177dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
3178dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
3179dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
3180dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
3181dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
3182dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
3183dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3184dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3185dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3186dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3187dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3188dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
3189dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3190dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3191dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3192dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
3193dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
3194dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
3195dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
3196dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3197dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3198dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
3199dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3200dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3201dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3202dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3203dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3204dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3205dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3206dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
3207dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
3208dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
3209dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3210dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3211dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3212dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
3213dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
3214dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
3215dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3216dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3217dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
3218dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3219dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3220dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3221dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3222dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3223dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
3224dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
3225dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
3226dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
3227dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b8c0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
3228dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
3229dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa94960000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
3230dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
3231dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa95020000 LB 0x001dd000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
3232dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
3233dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa66dd0000 LB 0x0003b000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
3234dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
3235dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e330000 'C:\WINDOWS\System32\gdi32.dll'
3236dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa66dd0000 'C:\WINDOWS\system32\dataexchange.dll'
3237dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
3238dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
3239dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
3240dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
3241dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
3242dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
3243dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3244dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
3245dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
3246dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
3247dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b0d0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
3248dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
3249dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9abc0000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
3250dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
3251dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3252dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3253dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3254dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3255dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3256dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3257dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3258dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3259dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3260dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
3261dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3262dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3263dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
3264dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
3265dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
3266dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3267dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3268dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
3269dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3270dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
3271dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3272dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3273dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
3274dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3275dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3276dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9efe0000 'C:\WINDOWS\system32\Shcore.dll'
3277dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3278dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
3279dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
3280dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
3281dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
3282dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
3283dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3284dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
3285dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
3286dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
3287dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
3288dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3289dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
3290dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
3291dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
3292dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
3293dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
3294dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
3295dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
3296dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
3297dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
3298dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9bc30000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
3299dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
3300dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa95570000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
3301dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
3302dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa99900000 LB 0x00152000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
3303dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
3304dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa926c0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
3305dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
3306dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7d450000 LB 0x0009d000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
3307dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
3308dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
3309dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
3310dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3311dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3312dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3313dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3314dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3315dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
3316dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3317dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3318dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3319dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3320dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3321dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
3322dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
3323dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
3324dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3325dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3326dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
3327dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
3328dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
3329dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
3330dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
3331dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
3332dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3333dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3334dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3335dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3336dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3337dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3338dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
3339dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3340dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3341dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
3342dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3343dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3344dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
3345dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3346dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3347dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
3348dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3349dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3350dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
3351dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
3352dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3353dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
3354dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
3355dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3356dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
3357dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
3358dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3359dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e7e0000 'api-ms-win-core-com-l1-1-0.dll'
3360dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3361dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll)
3362dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll
3363dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa8c3e0000 LB 0x002a7000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
3364dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
3365dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3366dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3367dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3368dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3369dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll'
3370dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
3371dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3372dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e6a0000 'C:\WINDOWS\System32\MSCTF.dll'
3373dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
3374dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3375dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll'
3376dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
3377dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3378dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll'
3379dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
3380dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3381dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fba0000 'C:\WINDOWS\System32\ole32.dll'
3382dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
3383dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3384dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ddf0000 'C:\WINDOWS\System32\OLEAUT32.dll'
3385dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a8c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
3386dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3387dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3388dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9079CDC5ACC547B11552509AC18E33929F812DB5
3389dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3390dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3391dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
3392dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3393dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3394dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
3395dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
3396dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
3397dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
3398dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
3399dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
3400dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a7c pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
3401dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3402dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3403dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
3404dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3405dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3406dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
3407dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3408dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3409dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
3410dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
3411dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
3412dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
3413dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3414dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3415dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3416dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3417dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3418dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3419dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3420dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3421dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3422dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3423dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
3424dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3425dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3426dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3427dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
3428dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
3429dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa85a00000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
3430dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
3431dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7da10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
3432dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
3433dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
3434dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3435dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
3436dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7da10000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
3437dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b18 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
3438dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3439dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3440dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0BE32F19BEEFF7DE547DC04737D42E56F0E4CCB
3441dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3442dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3443dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
3444dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3445dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3446dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3447dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
3448dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
3449dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3450dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3451dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3452dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3453dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3454dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
3455dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7d2c0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
3456dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
3457dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7d2c0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
3458dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
3459dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3460dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-l1-2-0.dll'
3461dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
3462dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3463dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
3464dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
3465dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3466dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3467dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
3468dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3469dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3470dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
3471dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3472dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3473dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
3474dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
3475dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
3476dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
3477dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
3478dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
3479dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3480dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3481dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3482dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
3483dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7cec0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
3484dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
3485dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7cec0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
3486dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
3487dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3488dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3489dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE35A9A23BBFDF3E59A314D0CDCF1D4BAE34DC4
3490dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3491dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3492dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
3493dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3494dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3495dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3496dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'userenv.dll'.
3497dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
3498dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
3499dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3500dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3501dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
3502dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3503dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3504dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3505dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3506dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3507dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
3508dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7b1f0000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
3509dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
3510dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7b1f0000 'C:\WINDOWS\System32\amsi.dll'
3511dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\System32\ADVAPI32.dll'
3512dac.31d8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
3513dac.31d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3514dac.31d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3515dac.31d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3516dac.31d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
3517dac.31d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3518dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3519dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3520dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3521dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3522dac.31d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3523dac.31d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3524dac.31d8: supR3HardenedDllNotificationCallback: load 00007ffa2f9e0000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
3525dac.31d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3526dac.31d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2f9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3527dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3528dac.47b8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
3529dac.47b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3530dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3531dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3532dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3533dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3534dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3535dac.47b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
3536dac.47b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3537dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3538dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3539dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3540dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3541dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3542dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3543dac.47b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3544dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3545dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3546dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3547dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3548dac.47b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3549dac.47b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3550dac.47b8: supR3HardenedDllNotificationCallback: load 00007ffa930a0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
3551dac.47b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3552dac.47b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
3553dac.4590: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
3554dac.4590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3555dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3556dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3557dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3558dac.4590: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
3559dac.4590: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3560dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3561dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3562dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3563dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3564dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3565dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3566dac.4590: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3567dac.4590: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3568dac.4590: supR3HardenedDllNotificationCallback: load 00007ffa93090000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
3569dac.4590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3570dac.4590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93090000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
3571dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\Shell32.dll'
3572dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3573dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
3574dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3575dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3576dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3577dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3578dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
3579dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
3580dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3581dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3582dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3583dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3584dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3585dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
3586dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
3587dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3588dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3589dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3590dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3591dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
3592dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
3593dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3594dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3595dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3596dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3597dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3598dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3599dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3600dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3601dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3602dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3603dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
3604dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
3605dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
3606dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
3607dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
3608dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3609dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3610dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3611dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3612dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
3613dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3614dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3615dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
3616dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3617dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3618dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
3619dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3620dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3621dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3622dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3623dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3624dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3625dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3626dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
3627dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3628dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3629dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3630dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
3631dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3632dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3633dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3634dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3635dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
3636dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3637dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3638dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3639dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3640dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3641dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3642dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
3643dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3644dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3645dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3646dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3647dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3648dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3649dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3650dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3651dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3652dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3653dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3654dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3655dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
3656dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3657dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3658dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3659dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3660dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3661dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3662dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3663dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
3664dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3665dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3666dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
3667dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9dec0000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
3668dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
3669dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa686c0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3670dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3671dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa2c800000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3672dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3673dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c140000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
3674dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
3675dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa2d060000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3676dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
3677dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2d060000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
3678dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3679dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
3680dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3681dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa594b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
3682dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3683dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3684dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3685dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2c800000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
3686dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3687dac.1d08: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
3688dac.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3689dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3690dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3691dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3692dac.1d08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3693dac.1d08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3694dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3695dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3696dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3697dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3698dac.1d08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3699dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3700dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3701dac.1d08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3702dac.1d08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3703dac.1d08: supR3HardenedDllNotificationCallback: load 00007ffa921f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3704dac.1d08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3705dac.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa921f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3706dac.41bc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
3707dac.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3708dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3709dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3710dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3711dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3712dac.41bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3713dac.41bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3714dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3715dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3716dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3717dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3718dac.41bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3719dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3720dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3721dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3722dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3723dac.41bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3724dac.41bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3725dac.41bc: supR3HardenedDllNotificationCallback: load 00007ffa8af30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3726dac.41bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3727dac.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8af30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3728dac.25a8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
3729dac.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3730dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3731dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3732dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3733dac.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3734dac.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3735dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3736dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3737dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3738dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3739dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3740dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3741dac.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3742dac.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3743dac.25a8: supR3HardenedDllNotificationCallback: load 00007ffa7f730000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3744dac.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3745dac.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f730000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3746dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
3747dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3748dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9c140000 'C:\WINDOWS\system32\Iphlpapi.dll'
3749dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3750dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3751dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
3752dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
3753dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9ef60000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
3754dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
3755dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
3756dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa93290000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
3757dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
3758dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3759dac.cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
3760dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
3761dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa90ab0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
3762dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
3763dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3764dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3765dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
3766dac.cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
3767dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
3768dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa90a90000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
3769dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
3770dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
3771dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
3772dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
3773dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
3774dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c180000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
3775dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
3776dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3777dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3778dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3779dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3780dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3781dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3782dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3783dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3784dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3785dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3786dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3787dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3788dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3789dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3790dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3791dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3792dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3793dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3794dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3795dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3796dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3797dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3798dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3799dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
3800dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f8c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
3801dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3802dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3803dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DCF393E857906A5D8EE3B77BAFBC689F3C62587
3804dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3805dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3806dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
3807dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3808dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
3809dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
3810dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3811dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3812dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=660345FF413C91A981DE3625BA8520D06115250B
3813dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3814dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3815dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
3816dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3817dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
3818dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3819dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3820dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
3821dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3822dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3823dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
3824dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3825dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3826dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3827dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3828dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3829dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3830dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3831dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3832dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3833dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3834dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3835dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3836dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
3837dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
3838dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3839dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3840dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3841dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3842dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3843dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3844dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3845dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
3846dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3847dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3848dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3849dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c9d0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3850dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3851dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa8db70000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3852dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3853dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8db70000 'C:\WINDOWS\System32\MMDevApi.dll'
3854dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d9c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
3855dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3856dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3857dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
3858dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3859dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3860dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
3861dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3862dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3863dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3864dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
3865dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
3866dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3867dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3868dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3869dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3870dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3871dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3872dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3873dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa59ab0000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3874dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3875dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3876dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3877dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\System32\dsound.dll'
3878dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\System32\dsound.dll'
3879dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3880dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3881dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\system32\dsound.dll'
3882dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3883dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3884dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8db70000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3885dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3886dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3887dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
3888dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dac pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3889dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3890dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3891dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
3892dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3893dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3894dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
3895dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3896dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3897dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3898dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3899dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3900dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
3901dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3902dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3903dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3904dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3905dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3906dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
3907dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
3908dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3909dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3910dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3911dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3912dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3913dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
3914dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3915dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3916dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3917dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3918dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3919dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3920dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3921dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3922dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3923dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3924dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3925dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3926dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa91b90000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3927dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3928dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa92c70000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3929dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3930dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa7f7a0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3931dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3932dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3933dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3934dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3935dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3936dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3937dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3938dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3939dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3940dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3941dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3942dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3943dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3944dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3945dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3946dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3947dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3948dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3949dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3950dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3951dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
3952dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3953dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3954dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3955dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3956dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3957dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3958dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3959dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3960dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3961dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3962dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3963dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3964dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3965dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa8d720000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3966dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3967dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8d720000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3968dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3969dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3970dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3971dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3972dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3973dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3974dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3975dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3976dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3977dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3978dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3979dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3980dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv'
3981dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f90 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
3982dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
3983dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
3984dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
3985dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
3986dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
3987dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
3988dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3989dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3990dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3991dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3992dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3993dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
3994dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3995dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3996dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3997dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
3998dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3999dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
4000dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
4001dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
4002dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4003dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
4004dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
4005dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
4006dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
4007dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
4008dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4009dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4010dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4011dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4012dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4013dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4014dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4015dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
4016dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa4a5d0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
4017dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
4018dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa94310000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
4019dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4020dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4021dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4022dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4023dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4024dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4025dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4026dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4027dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4028dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4029dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4030dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4031dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4032dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4033dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4034dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4035dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4036dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
4037dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4038dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4039dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4040dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4041dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv'
4042dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
4043dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10
4044dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10
4045dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
4046dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
4047dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
4048dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
4049dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
4050dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4051dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
4052dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
4053dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
4054dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
4055dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
4056dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
4057dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4058dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4059dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4060dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
4061dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa94300000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
4062dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
4063dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll'
4064dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
4065dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4066dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll'
4067dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
4068dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4069dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll'
4070dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
4071dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
4072dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll'
4073dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4074dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4075dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4076dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4077dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4078dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4079dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4080dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
4081dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4082dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4083dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4084dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4085dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4086dac.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4087dac.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4088dac.322c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
4089dac.322c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
4090dac.322c: supR3HardenedDllNotificationCallback: load 00007ffa9ae20000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
4091dac.322c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
4092dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4093dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4094dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4095dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4096dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4097dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll'
4098dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll'
4099dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
4100dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4101dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4102dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4103dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4104dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4105dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4106dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4107dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
4108dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4109dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\system32\dsound.dll'
4110dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4111dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4112dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4113dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4114dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4115dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
4116dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4117dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4118dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
4119dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll'
41202e6c.3ab8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 102240 ms, the end);
41214010.dc8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 103202 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy