VirtualBox

Ticket #20297: arch-2021-04-10-12-20-39.log

File arch-2021-04-10-12-20-39.log, 394.4 KB (added by 1ns, 3 years ago)
Line 
141d8.41bc: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6200
241d8.41bc: \SystemRoot\System32\ntdll.dll:
341d8.41bc: CreationTime: 2021-02-28T19:27:21.549742500Z
441d8.41bc: LastWriteTime: 2021-02-28T19:27:21.584878700Z
541d8.41bc: ChangeTime: 2021-04-01T14:15:34.831952400Z
641d8.41bc: FileAttributes: 0x20
741d8.41bc: Size: 0x1ee320
841d8.41bc: NT Headers: 0xe8
941d8.41bc: Timestamp: 0x60a6ca36
1041d8.41bc: Machine: 0x8664 - amd64
1141d8.41bc: Timestamp: 0x60a6ca36
1241d8.41bc: Image Version: 10.0
1341d8.41bc: SizeOfImage: 0x1f5000 (2052096)
1441d8.41bc: Resource Dir: 0x184000 LB 0x6fd28
1541d8.41bc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1641d8.41bc: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1741d8.41bc: ProductName: Microsoft® Windows® Operating System
1841d8.41bc: ProductVersion: 10.0.19041.844
1941d8.41bc: FileVersion: 10.0.19041.844 (WinBuild.160101.0800)
2041d8.41bc: FileDescription: NT Layer DLL
2141d8.41bc: \SystemRoot\System32\kernel32.dll:
2241d8.41bc: CreationTime: 2021-02-23T23:19:16.413252500Z
2341d8.41bc: LastWriteTime: 2021-02-23T23:19:16.428879300Z
2441d8.41bc: ChangeTime: 2021-04-01T14:15:34.605557400Z
2541d8.41bc: FileAttributes: 0x20
2641d8.41bc: Size: 0xbac30
2741d8.41bc: NT Headers: 0xe8
2841d8.41bc: Timestamp: 0xd714134a
2941d8.41bc: Machine: 0x8664 - amd64
3041d8.41bc: Timestamp: 0xd714134a
3141d8.41bc: Image Version: 10.0
3241d8.41bc: SizeOfImage: 0xbd000 (774144)
3341d8.41bc: Resource Dir: 0xbb000 LB 0x520
3441d8.41bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3541d8.41bc: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3641d8.41bc: ProductName: Microsoft® Windows® Operating System
3741d8.41bc: ProductVersion: 10.0.19041.804
3841d8.41bc: FileVersion: 10.0.19041.804 (WinBuild.160101.0800)
3941d8.41bc: FileDescription: Windows NT BASE API Client DLL
4041d8.41bc: \SystemRoot\System32\KernelBase.dll:
4141d8.41bc: CreationTime: 2021-04-01T14:14:48.860468700Z
4241d8.41bc: LastWriteTime: 2021-04-01T14:14:48.934272600Z
4341d8.41bc: ChangeTime: 2021-04-10T09:19:54.324646300Z
4441d8.41bc: FileAttributes: 0x20
4541d8.41bc: Size: 0x2c8b78
4641d8.41bc: NT Headers: 0xf0
4741d8.41bc: Timestamp: 0x2f2f77bf
4841d8.41bc: Machine: 0x8664 - amd64
4941d8.41bc: Timestamp: 0x2f2f77bf
5041d8.41bc: Image Version: 10.0
5141d8.41bc: SizeOfImage: 0x2c8000 (2916352)
5241d8.41bc: Resource Dir: 0x29f000 LB 0x548
5341d8.41bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5441d8.41bc: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5541d8.41bc: ProductName: Microsoft® Windows® Operating System
5641d8.41bc: ProductVersion: 10.0.19041.906
5741d8.41bc: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
5841d8.41bc: FileDescription: Windows NT BASE API Client DLL
5941d8.41bc: \SystemRoot\System32\apisetschema.dll:
6041d8.41bc: CreationTime: 2019-12-07T09:08:13.518339400Z
6141d8.41bc: LastWriteTime: 2019-12-07T09:08:13.518339400Z
6241d8.41bc: ChangeTime: 2021-04-01T14:15:34.574639600Z
6341d8.41bc: FileAttributes: 0x20
6441d8.41bc: Size: 0x1f538
6541d8.41bc: NT Headers: 0xd0
6641d8.41bc: Timestamp: 0x31288ce0
6741d8.41bc: Machine: 0x8664 - amd64
6841d8.41bc: Timestamp: 0x31288ce0
6941d8.41bc: Image Version: 10.0
7041d8.41bc: SizeOfImage: 0x20000 (131072)
7141d8.41bc: Resource Dir: 0x1f000 LB 0x408
7241d8.41bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7341d8.41bc: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7441d8.41bc: ProductName: Microsoft® Windows® Operating System
7541d8.41bc: ProductVersion: 10.0.19041.1
7641d8.41bc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7741d8.41bc: FileDescription: ApiSet Schema DLL
7841d8.41bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7941d8.41bc: supR3HardenedWinFindAdversaries: 0x0
8041d8.41bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8141d8.41bc: Calling main()
8241d8.41bc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8341d8.41bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8441d8.41bc: SUPR3HardenedMain: Respawn #1
8541d8.41bc: System32: \Device\HarddiskVolume4\Windows\System32
8641d8.41bc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
8741d8.41bc: KnownDllPath: C:\WINDOWS\System32
8841d8.41bc: supR3HardenedWinInit: Performing a limited self purification...
8941d8.41bc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
9041d8.41bc: *0000000000000000-000000000056ffff 0x0001/0x0000 0x0000000
9141d8.41bc: *0000000000570000-000000000057ffff 0x0004/0x0004 0x0040000
9241d8.41bc: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
9341d8.41bc: 0000000000581000-000000000058ffff 0x0001/0x0000 0x0000000
9441d8.41bc: *0000000000590000-00000000005acfff 0x0002/0x0002 0x0040000
9541d8.41bc: 00000000005ad000-00000000005affff 0x0001/0x0000 0x0000000
9641d8.41bc: *00000000005b0000-00000000005b3fff 0x0002/0x0002 0x0040000
9741d8.41bc: 00000000005b4000-00000000005bffff 0x0001/0x0000 0x0000000
9841d8.41bc: *00000000005c0000-00000000005c1fff 0x0004/0x0004 0x0020000
9941d8.41bc: 00000000005c2000-00000000005effff 0x0001/0x0000 0x0000000
10041d8.41bc: *00000000005f0000-00000000005f0fff 0x0002/0x0004 0x0020000
10141d8.41bc: 00000000005f1000-00000000005f1fff 0x0020/0x0004 0x0020000 !!
10241d8.41bc: 00000000005f2000-00000000005fffff 0x0001/0x0000 0x0000000
10341d8.41bc: *0000000000600000-00000000007cafff 0x0000/0x0004 0x0020000
10441d8.41bc: 00000000007cb000-00000000007cdfff 0x0004/0x0004 0x0020000
10541d8.41bc: 00000000007ce000-00000000007fffff 0x0000/0x0004 0x0020000
10641d8.41bc: *0000000000800000-00000000008b8fff 0x0000/0x0004 0x0020000
10741d8.41bc: 00000000008b9000-00000000008bbfff 0x0104/0x0004 0x0020000
10841d8.41bc: 00000000008bc000-00000000008fffff 0x0004/0x0004 0x0020000
10941d8.41bc: *0000000000900000-00000000009c8fff 0x0002/0x0002 0x0040000
11041d8.41bc: 00000000009c9000-00000000009dffff 0x0001/0x0000 0x0000000
11141d8.41bc: *00000000009e0000-00000000009e5fff 0x0004/0x0004 0x0020000
11241d8.41bc: 00000000009e6000-0000000000adffff 0x0000/0x0004 0x0020000
11341d8.41bc: *0000000000ae0000-0000000000ae0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
11441d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000ae0000 LB 0x1000 (base 0000000000ae0000) - 'umppc12708.dll'
11541d8.41bc: 0000000000ae1000-0000000000ae8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
11641d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000ae1000 LB 0x8000 (base 0000000000ae0000) - 'umppc12708.dll'
11741d8.41bc: 0000000000ae9000-0000000000aecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
11841d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000ae9000 LB 0x4000 (base 0000000000ae0000) - 'umppc12708.dll'
11941d8.41bc: 0000000000aed000-0000000000aeefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
12041d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000aed000 LB 0x2000 (base 0000000000ae0000) - 'umppc12708.dll'
12141d8.41bc: 0000000000aef000-0000000000aeffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
12241d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000aef000 LB 0x1000 (base 0000000000ae0000) - 'umppc12708.dll'
12341d8.41bc: 0000000000af0000-0000000000af1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umppc12708.dll
12441d8.41bc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000af0000 LB 0x2000 (base 0000000000ae0000) - 'umppc12708.dll'
12541d8.41bc: 0000000000af2000-0000000000afffff 0x0001/0x0000 0x0000000
12641d8.41bc: *0000000000b00000-0000000000b01fff 0x0004/0x0004 0x0020000
12741d8.41bc: 0000000000b02000-0000000000b31fff 0x0000/0x0004 0x0020000
12841d8.41bc: 0000000000b32000-0000000000b3ffff 0x0001/0x0000 0x0000000
12941d8.41bc: *0000000000b40000-0000000000b5cfff 0x0004/0x0004 0x0020000
13041d8.41bc: 0000000000b5d000-0000000000c3ffff 0x0000/0x0004 0x0020000
13141d8.41bc: 0000000000c40000-0000000000c4ffff 0x0001/0x0000 0x0000000
13241d8.41bc: *0000000000c50000-0000000000c51fff 0x0004/0x0004 0x0020000
13341d8.41bc: 0000000000c52000-0000000000c5ffff 0x0000/0x0004 0x0020000
13441d8.41bc: 0000000000c60000-0000000000deffff 0x0001/0x0000 0x0000000
13541d8.41bc: *0000000000df0000-0000000000dfefff 0x0004/0x0004 0x0020000
13641d8.41bc: 0000000000dff000-0000000000dfffff 0x0000/0x0004 0x0020000
13741d8.41bc: *0000000000e00000-0000000000e0dfff 0x0000/0x0004 0x0020000
13841d8.41bc: 0000000000e0e000-0000000001003fff 0x0004/0x0004 0x0020000
13941d8.41bc: 0000000001004000-0000000001004fff 0x0000/0x0004 0x0020000
14041d8.41bc: 0000000001005000-000000007ffdffff 0x0001/0x0000 0x0000000
14141d8.41bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
14241d8.41bc: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
14341d8.41bc: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
14441d8.41bc: 000000007fff0000-00007ff4d2c1ffff 0x0001/0x0000 0x0000000
14541d8.41bc: *00007ff4d2c20000-00007ff4d2c24fff 0x0002/0x0002 0x0040000
14641d8.41bc: 00007ff4d2c25000-00007ff4d2d1ffff 0x0000/0x0002 0x0040000
14741d8.41bc: *00007ff4d2d20000-00007ff5d2d3ffff 0x0000/0x0004 0x0020000
14841d8.41bc: *00007ff5d2d40000-00007ff5d4d3ffff 0x0000/0x0004 0x0020000
14941d8.41bc: 00007ff5d4d40000-00007ff5d4d40fff 0x0004/0x0004 0x0020000
15041d8.41bc: 00007ff5d4d41000-00007ff5d4d4ffff 0x0001/0x0000 0x0000000
15141d8.41bc: *00007ff5d4d50000-00007ff5d4d50fff 0x0002/0x0002 0x0040000
15241d8.41bc: 00007ff5d4d51000-00007ff5d4d5ffff 0x0001/0x0000 0x0000000
15341d8.41bc: *00007ff5d4d60000-00007ff5d4d82fff 0x0002/0x0002 0x0040000
15441d8.41bc: 00007ff5d4d83000-00007ff74733ffff 0x0001/0x0000 0x0000000
15541d8.41bc: *00007ff747340000-00007ff747340fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15641d8.41bc: 00007ff747341000-00007ff7473b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15741d8.41bc: 00007ff7473b8000-00007ff7473b8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15841d8.41bc: 00007ff7473b9000-00007ff747401fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
15941d8.41bc: 00007ff747402000-00007ff747404fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16041d8.41bc: 00007ff747405000-00007ff747407fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16141d8.41bc: 00007ff747408000-00007ff74740afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16241d8.41bc: 00007ff74740b000-00007ff74740bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16341d8.41bc: 00007ff74740c000-00007ff74740dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16441d8.41bc: 00007ff74740e000-00007ff74740efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16541d8.41bc: 00007ff74740f000-00007ff747457fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16641d8.41bc: 00007ff747458000-00007ffefe0dffff 0x0001/0x0000 0x0000000
16741d8.41bc: *00007ffefe0e0000-00007ffefe0e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
16841d8.41bc: 00007ffefe0e1000-00007ffefe1f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
16941d8.41bc: 00007ffefe1f2000-00007ffefe369fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
17041d8.41bc: 00007ffefe36a000-00007ffefe36dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
17141d8.41bc: 00007ffefe36e000-00007ffefe36efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
17241d8.41bc: 00007ffefe36f000-00007ffefe3a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
17341d8.41bc: 00007ffefe3a8000-00007ffefefcffff 0x0001/0x0000 0x0000000
17441d8.41bc: *00007ffefefd0000-00007ffefefd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17541d8.41bc: 00007ffefefd1000-00007ffeff04efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17641d8.41bc: 00007ffeff04f000-00007ffeff081fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17741d8.41bc: 00007ffeff082000-00007ffeff082fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17841d8.41bc: 00007ffeff083000-00007ffeff083fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17941d8.41bc: 00007ffeff084000-00007ffeff08cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
18041d8.41bc: 00007ffeff08d000-00007fff0078ffff 0x0001/0x0000 0x0000000
18141d8.41bc: *00007fff00790000-00007fff00790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18241d8.41bc: 00007fff00791000-00007fff008abfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18341d8.41bc: 00007fff008ac000-00007fff008f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18441d8.41bc: 00007fff008f4000-00007fff008f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18541d8.41bc: 00007fff008f5000-00007fff008f6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18641d8.41bc: 00007fff008f7000-00007fff008fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18741d8.41bc: 00007fff00900000-00007fff00984fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18841d8.41bc: 00007fff00985000-00007ffffffeffff 0x0001/0x0000 0x0000000
18941d8.41bc: kernel32.dll: timestamp 0xd714134a (rc=VINF_SUCCESS)
19041d8.41bc: kernelbase.dll: timestamp 0x2f2f77bf (rc=VINF_SUCCESS)
19141d8.41bc: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
19241d8.41bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
19341d8.41bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
19441d8.41bc: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
19541d8.41bc: ntdll.dll: Differences in section #1 (.text) between file and memory:
19641d8.41bc: 00007fff0082cce3 / 0x009cce3: b8 != e9
19741d8.41bc: 00007fff0082cce4 / 0x009cce4: 07 != d7
19841d8.41bc: 00007fff0082cce5 / 0x009cce5: 00 != d1
19941d8.41bc: 00007fff0082cce6 / 0x009cce6: 00 != 07
20041d8.41bc: 00007fff0082cda3 / 0x009cda3: b8 != e9
20141d8.41bc: 00007fff0082cda4 / 0x009cda4: 0d != 1b
20241d8.41bc: 00007fff0082cda5 / 0x009cda5: 00 != d1
20341d8.41bc: 00007fff0082cda6 / 0x009cda6: 00 != 07
20441d8.41bc: 00007fff0082cf03 / 0x009cf03: b8 != e9
20541d8.41bc: 00007fff0082cf04 / 0x009cf04: 18 != c1
20641d8.41bc: 00007fff0082cf05 / 0x009cf05: 00 != cf
20741d8.41bc: 00007fff0082cf06 / 0x009cf06: 00 != 07
20841d8.41bc: 00007fff0082cf83 / 0x009cf83: b8 != e9
20941d8.41bc: 00007fff0082cf84 / 0x009cf84: 1c != 3a
21041d8.41bc: 00007fff0082cf85 / 0x009cf85: 00 != cf
21141d8.41bc: 00007fff0082cf86 / 0x009cf86: 00 != 07
21241d8.41bc: 00007fff0082d0a3 / 0x009d0a3: b8 != e9
21341d8.41bc: 00007fff0082d0a4 / 0x009d0a4: 25 != 1c
21441d8.41bc: 00007fff0082d0a5 / 0x009d0a5: 00 != ce
21541d8.41bc: 00007fff0082d0a6 / 0x009d0a6: 00 != 07
21641d8.41bc: 00007fff0082d103 / 0x009d103: b8 != e9
21741d8.41bc: 00007fff0082d104 / 0x009d104: 28 != c7
21841d8.41bc: 00007fff0082d105 / 0x009d105: 00 != cd
21941d8.41bc: 00007fff0082d106 / 0x009d106: 00 != 07
22041d8.41bc: 00007fff0082d143 / 0x009d143: b8 != e9
22141d8.41bc: 00007fff0082d144 / 0x009d144: 2a != 86
22241d8.41bc: 00007fff0082d145 / 0x009d145: 00 != cd
22341d8.41bc: 00007fff0082d146 / 0x009d146: 00 != 07
22441d8.41bc: 00007fff0082d343 / 0x009d343: b8 != e9
22541d8.41bc: 00007fff0082d344 / 0x009d344: 3a != 7e
22641d8.41bc: 00007fff0082d345 / 0x009d345: 00 != cb
22741d8.41bc: 00007fff0082d346 / 0x009d346: 00 != 07
22841d8.41bc: 00007fff0082d3e3 / 0x009d3e3: b8 != e9
22941d8.41bc: 00007fff0082d3e4 / 0x009d3e4: 3f != df
23041d8.41bc: 00007fff0082d3e5 / 0x009d3e5: 00 != ca
23141d8.41bc: 00007fff0082d3e6 / 0x009d3e6: 00 != 07
23241d8.41bc: 00007fff0082d4a3 / 0x009d4a3: b8 != e9
23341d8.41bc: 00007fff0082d4a4 / 0x009d4a4: 45 != 19
23441d8.41bc: 00007fff0082d4a5 / 0x009d4a5: 00 != ca
23541d8.41bc: 00007fff0082d4a6 / 0x009d4a6: 00 != 07
23641d8.41bc: 00007fff0082d603 / 0x009d603: b8 != e9
23741d8.41bc: 00007fff0082d604 / 0x009d604: 50 != c0
23841d8.41bc: 00007fff0082d605 / 0x009d605: 00 != c8
23941d8.41bc: 00007fff0082d606 / 0x009d606: 00 != 07
24041d8.41bc: 00007fff0082d643 / 0x009d643: b8 != e9
24141d8.41bc: 00007fff0082d644 / 0x009d644: 52 != 82
24241d8.41bc: 00007fff0082d645 / 0x009d645: 00 != c8
24341d8.41bc: 00007fff0082d646 / 0x009d646: 00 != 07
24441d8.41bc: 00007fff0082dab3 / 0x009dab3: b8 != e9
24541d8.41bc: 00007fff0082dab4 / 0x009dab4: 76 != 05
24641d8.41bc: 00007fff0082dab5 / 0x009dab5: 00 != c4
24741d8.41bc: 00007fff0082dab6 / 0x009dab6: 00 != 07
24841d8.41bc: 00007fff0082ea33 / 0x009ea33: b8 != e9
24941d8.41bc: 00007fff0082ea34 / 0x009ea34: f2 != 95
25041d8.41bc: 00007fff0082ea35 / 0x009ea35: 00 != b4
25141d8.41bc: 00007fff0082ea36 / 0x009ea36: 00 != 07
25241d8.41bc: Restored 0x2000 bytes of original file content at 00007fff0082cb1e
25341d8.41bc: ntdll.dll: Differences in section #1 (.text) between file and memory:
25441d8.41bc: 00007fff0082ee73 / 0x009ee73: b8 != e9
25541d8.41bc: 00007fff0082ee74 / 0x009ee74: 14 != 44
25641d8.41bc: 00007fff0082ee75 / 0x009ee75: 01 != b0
25741d8.41bc: 00007fff0082ee76 / 0x009ee76: 00 != 07
25841d8.41bc: 00007fff0082f893 / 0x009f893: b8 != e9
25941d8.41bc: 00007fff0082f894 / 0x009f894: 65 != 28
26041d8.41bc: 00007fff0082f895 / 0x009f895: 01 != a6
26141d8.41bc: 00007fff0082f896 / 0x009f896: 00 != 07
26241d8.41bc: 00007fff0082fd53 / 0x009fd53: b8 != e9
26341d8.41bc: 00007fff0082fd54 / 0x009fd54: 8b != 74
26441d8.41bc: 00007fff0082fd55 / 0x009fd55: 01 != a1
26541d8.41bc: 00007fff0082fd56 / 0x009fd56: 00 != 07
26641d8.41bc: 00007fff00830373 / 0x00a0373: b8 != e9
26741d8.41bc: 00007fff00830374 / 0x00a0374: bc != 53
26841d8.41bc: 00007fff00830375 / 0x00a0375: 01 != 9b
26941d8.41bc: 00007fff00830376 / 0x00a0376: 00 != 07
27041d8.41bc: 00007fff00830573 / 0x00a0573: b8 != e9
27141d8.41bc: 00007fff00830574 / 0x00a0574: cc != 4d
27241d8.41bc: 00007fff00830575 / 0x00a0575: 01 != 99
27341d8.41bc: 00007fff00830576 / 0x00a0576: 00 != 07
27441d8.41bc: Restored 0x1df2 bytes of original file content at 00007fff0082eb1e
27541d8.41bc: ntdll.dll: Differences in section #1 (.text) between file and memory:
27641d8.41bc: 00007fff008a9ebc / 0x0119ebc: 00 != 51
27741d8.41bc: 00007fff008a9ebd / 0x0119ebd: 00 != 51
27841d8.41bc: 00007fff008a9ebe / 0x0119ebe: 00 != 51
27941d8.41bc: 00007fff008a9ebf / 0x0119ebf: 00 != 51
28041d8.41bc: 00007fff008a9ec0 / 0x0119ec0: 00 != 51
28141d8.41bc: 00007fff008a9ec1 / 0x0119ec1: 00 != 51
28241d8.41bc: 00007fff008a9ec2 / 0x0119ec2: 00 != 51
28341d8.41bc: 00007fff008a9ec3 / 0x0119ec3: 00 != 51
28441d8.41bc: 00007fff008a9ec4 / 0x0119ec4: 00 != 51
28541d8.41bc: 00007fff008a9ec5 / 0x0119ec5: 00 != 51
28641d8.41bc: 00007fff008a9ec6 / 0x0119ec6: 00 != 51
28741d8.41bc: 00007fff008a9ec7 / 0x0119ec7: 00 != 51
28841d8.41bc: 00007fff008a9ec8 / 0x0119ec8: 00 != 51
28941d8.41bc: 00007fff008a9ec9 / 0x0119ec9: 00 != 51
29041d8.41bc: 00007fff008a9eca / 0x0119eca: 00 != 51
29141d8.41bc: 00007fff008a9ecb / 0x0119ecb: 00 != 51
29241d8.41bc: 00007fff008a9ecc / 0x0119ecc: 00 != 51
29341d8.41bc: 00007fff008a9ecd / 0x0119ecd: 00 != 51
29441d8.41bc: 00007fff008a9ece / 0x0119ece: 00 != 51
29541d8.41bc: 00007fff008a9ecf / 0x0119ecf: 00 != ff
29641d8.41bc: 00007fff008a9ed0 / 0x0119ed0: 00 != 25
29741d8.41bc: 00007fff008a9ed5 / 0x0119ed5: 00 != a0
29841d8.41bc: 00007fff008a9ed6 / 0x0119ed6: 00 != 6f
29941d8.41bc: 00007fff008a9ed7 / 0x0119ed7: 00 != ae
30041d8.41bc: Restored 0x2f2 bytes of original file content at 00007fff008a9d0e
30141d8.41bc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=3
30241d8.41bc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
30341d8.41bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
30441d8.41bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
30541d8.41bc: supR3HardNtEnableThreadCreationEx:
30641d8.41bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff00804b10 pvNtTerminateThread=00007fff0082d660
30741d8.41bc: supR3HardenedWinDoReSpawn(1): New child 5038.63c8 [kernel32].
30841d8.41bc: supR3HardNtChildGatherData: PebBaseAddress=0000000000f13000 cbPeb=0x388
30941d8.41bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff00790000 uNtDllChildAddr=00007fff00790000
31041d8.41bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff00804b10
31141d8.41bc: supR3HardenedWinSetupChildInit: Initial context:
312 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff747347900 rdx=0000000000f13000
313 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
314 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
315 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
316 rip=00007fff007e2630 rsp=0000000000defdf8 rbp=0000000000000000 ctxflags=0010001b
317 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
318 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
319 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
320 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
321 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
32241d8.41bc: supR3HardenedWinSetupChildInit: Start child.
32341d8.41bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
32441d8.41bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 30 sleeps
32541d8.41bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
32641d8.41bc: *0000000000000000-0000000000caffff 0x0001/0x0000 0x0000000
32741d8.41bc: *0000000000cb0000-0000000000ccffff 0x0004/0x0004 0x0020000
32841d8.41bc: *0000000000cd0000-0000000000cecfff 0x0002/0x0002 0x0040000
32941d8.41bc: 0000000000ced000-0000000000ceffff 0x0001/0x0000 0x0000000
33041d8.41bc: *0000000000cf0000-0000000000deafff 0x0000/0x0004 0x0020000
33141d8.41bc: 0000000000deb000-0000000000dedfff 0x0104/0x0004 0x0020000
33241d8.41bc: 0000000000dee000-0000000000deffff 0x0004/0x0004 0x0020000
33341d8.41bc: *0000000000df0000-0000000000df3fff 0x0002/0x0002 0x0040000
33441d8.41bc: 0000000000df4000-0000000000dfffff 0x0001/0x0000 0x0000000
33541d8.41bc: *0000000000e00000-0000000000f12fff 0x0000/0x0004 0x0020000
33641d8.41bc: 0000000000f13000-0000000000f15fff 0x0004/0x0004 0x0020000
33741d8.41bc: 0000000000f16000-0000000000ffffff 0x0000/0x0004 0x0020000
33841d8.41bc: *0000000001000000-0000000001001fff 0x0004/0x0004 0x0020000
33941d8.41bc: 0000000001002000-000000007ffdffff 0x0001/0x0000 0x0000000
34041d8.41bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
34141d8.41bc: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
34241d8.41bc: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
34341d8.41bc: 000000007fff0000-00007ff51050ffff 0x0001/0x0000 0x0000000
34441d8.41bc: *00007ff510510000-00007ff510510fff 0x0002/0x0002 0x0040000
34541d8.41bc: 00007ff510511000-00007ff51051ffff 0x0001/0x0000 0x0000000
34641d8.41bc: *00007ff510520000-00007ff510542fff 0x0002/0x0002 0x0040000
34741d8.41bc: 00007ff510543000-00007ff74733ffff 0x0001/0x0000 0x0000000
34841d8.41bc: *00007ff747340000-00007ff747340fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
34941d8.41bc: 00007ff747341000-00007ff7473b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35041d8.41bc: 00007ff7473b8000-00007ff7473b8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35141d8.41bc: 00007ff7473b9000-00007ff747401fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35241d8.41bc: 00007ff747402000-00007ff747402fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35341d8.41bc: 00007ff747403000-00007ff747403fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35441d8.41bc: 00007ff747404000-00007ff747408fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35541d8.41bc: 00007ff747409000-00007ff747409fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35641d8.41bc: 00007ff74740a000-00007ff74740afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35741d8.41bc: 00007ff74740b000-00007ff74740efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35841d8.41bc: 00007ff74740f000-00007ff747457fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35941d8.41bc: 00007ff747458000-00007fff0078ffff 0x0001/0x0000 0x0000000
36041d8.41bc: *00007fff00790000-00007fff00790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36141d8.41bc: 00007fff00791000-00007fff008abfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36241d8.41bc: 00007fff008ac000-00007fff008f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36341d8.41bc: 00007fff008f4000-00007fff008fffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36441d8.41bc: 00007fff00900000-00007fff0090efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36541d8.41bc: 00007fff0090f000-00007fff0090ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36641d8.41bc: 00007fff00910000-00007fff00912fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36741d8.41bc: 00007fff00913000-00007fff00984fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
36841d8.41bc: 00007fff00985000-00007ffffffeffff 0x0001/0x0000 0x0000000
36941d8.41bc: supR3HardNtChildPurify: Done after 270 ms and 0 fixes (loop #0).
3705038.63c8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
3715038.63c8: supR3HardenedVmProcessInit: uNtDllAddr=00007fff00790000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000def888)
3725038.63c8: ntdll.dll: timestamp 0x60a6ca36 (rc=VINF_SUCCESS)
3735038.63c8: New simple heap: #1 0000000001110000 LB 0x400000 (for 2052096 allocation)
37441d8.41bc: supR3HardNtEnableThreadCreationEx:
3755038.63c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3765038.63c8: System32: \Device\HarddiskVolume4\Windows\System32
3775038.63c8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3785038.63c8: KnownDllPath: C:\WINDOWS\System32
3795038.63c8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3805038.63c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3815038.63c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3825038.63c8: Registered Dll notification callback with NTDLL.
3835038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3845038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3855038.63c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3865038.63c8: supR3HardenedDllNotificationCallback: load 00007ffefe0e0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3875038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3885038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3895038.63c8: supR3HardenedDllNotificationCallback: load 00007ffefefd0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3905038.63c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3915038.63c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'C:\WINDOWS\System32\KERNEL32.DLL'
3925038.63c8: supR3HardenedDllNotificationCallback: load 00007ff747340000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3935038.63c8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3945038.63c8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3955038.63c8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3965038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3975038.63c8: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007fff007d8990 enmState=3 -> supR3HardenedWinDummyApcRoutine
3985038.63c8: supR3HardenedWinDummyApcRoutine: pvArg1=ffff8b08c5a9e9e0 pvArg2=0000000000000000 pvArg3=0000000000000000
3995038.63c8: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00000000015e1000 enmState=3 -> supR3HardenedWinDummyApcRoutine
4005038.63c8: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000cc0000 pvArg2=ffff8b08cf3c8a60 pvArg3=0000000000cc0000
4015038.63c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff00804b10 pvNtTerminateThread=00007fff0082d660
40241d8.41bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 105 ms.
4035038.63c8: \SystemRoot\System32\ntdll.dll:
4045038.63c8: CreationTime: 2021-02-28T19:27:21.549742500Z
4055038.63c8: LastWriteTime: 2021-02-28T19:27:21.584878700Z
4065038.63c8: ChangeTime: 2021-04-01T14:15:34.831952400Z
4075038.63c8: FileAttributes: 0x20
4085038.63c8: Size: 0x1ee320
4095038.63c8: NT Headers: 0xe8
4105038.63c8: Timestamp: 0x60a6ca36
4115038.63c8: Machine: 0x8664 - amd64
4125038.63c8: Timestamp: 0x60a6ca36
4135038.63c8: Image Version: 10.0
4145038.63c8: SizeOfImage: 0x1f5000 (2052096)
4155038.63c8: Resource Dir: 0x184000 LB 0x6fd28
4165038.63c8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4175038.63c8: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4185038.63c8: ProductName: Microsoft® Windows® Operating System
4195038.63c8: ProductVersion: 10.0.19041.844
4205038.63c8: FileVersion: 10.0.19041.844 (WinBuild.160101.0800)
4215038.63c8: FileDescription: NT Layer DLL
4225038.63c8: \SystemRoot\System32\kernel32.dll:
4235038.63c8: CreationTime: 2021-02-23T23:19:16.413252500Z
4245038.63c8: LastWriteTime: 2021-02-23T23:19:16.428879300Z
4255038.63c8: ChangeTime: 2021-04-01T14:15:34.605557400Z
4265038.63c8: FileAttributes: 0x20
4275038.63c8: Size: 0xbac30
4285038.63c8: NT Headers: 0xe8
4295038.63c8: Timestamp: 0xd714134a
4305038.63c8: Machine: 0x8664 - amd64
4315038.63c8: Timestamp: 0xd714134a
4325038.63c8: Image Version: 10.0
4335038.63c8: SizeOfImage: 0xbd000 (774144)
4345038.63c8: Resource Dir: 0xbb000 LB 0x520
4355038.63c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4365038.63c8: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4375038.63c8: ProductName: Microsoft® Windows® Operating System
4385038.63c8: ProductVersion: 10.0.19041.804
4395038.63c8: FileVersion: 10.0.19041.804 (WinBuild.160101.0800)
4405038.63c8: FileDescription: Windows NT BASE API Client DLL
4415038.63c8: \SystemRoot\System32\KernelBase.dll:
4425038.63c8: CreationTime: 2021-04-01T14:14:48.860468700Z
4435038.63c8: LastWriteTime: 2021-04-01T14:14:48.934272600Z
4445038.63c8: ChangeTime: 2021-04-10T09:19:54.784028500Z
4455038.63c8: FileAttributes: 0x20
4465038.63c8: Size: 0x2c8b78
4475038.63c8: NT Headers: 0xf0
4485038.63c8: Timestamp: 0x2f2f77bf
4495038.63c8: Machine: 0x8664 - amd64
4505038.63c8: Timestamp: 0x2f2f77bf
4515038.63c8: Image Version: 10.0
4525038.63c8: SizeOfImage: 0x2c8000 (2916352)
4535038.63c8: Resource Dir: 0x29f000 LB 0x548
4545038.63c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4555038.63c8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4565038.63c8: ProductName: Microsoft® Windows® Operating System
4575038.63c8: ProductVersion: 10.0.19041.906
4585038.63c8: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
4595038.63c8: FileDescription: Windows NT BASE API Client DLL
4605038.63c8: \SystemRoot\System32\apisetschema.dll:
4615038.63c8: CreationTime: 2019-12-07T09:08:13.518339400Z
4625038.63c8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
4635038.63c8: ChangeTime: 2021-04-01T14:15:34.574639600Z
4645038.63c8: FileAttributes: 0x20
4655038.63c8: Size: 0x1f538
4665038.63c8: NT Headers: 0xd0
4675038.63c8: Timestamp: 0x31288ce0
4685038.63c8: Machine: 0x8664 - amd64
4695038.63c8: Timestamp: 0x31288ce0
4705038.63c8: Image Version: 10.0
4715038.63c8: SizeOfImage: 0x20000 (131072)
4725038.63c8: Resource Dir: 0x1f000 LB 0x408
4735038.63c8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4745038.63c8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4755038.63c8: ProductName: Microsoft® Windows® Operating System
4765038.63c8: ProductVersion: 10.0.19041.1
4775038.63c8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
4785038.63c8: FileDescription: ApiSet Schema DLL
4795038.63c8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4805038.63c8: supR3HardenedWinFindAdversaries: 0x0
4815038.63c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4825038.63c8: Calling main()
4835038.63c8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4845038.63c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4855038.63c8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4865038.63c8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4875038.63c8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4885038.63c8: SUPR3HardenedMain: Respawn #2
4895038.63c8: supR3HardNtEnableThreadCreationEx:
4905038.63c8: supR3HardenedDllNotificationCallback: load 00007ffeffed0000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4915038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4925038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4935038.63c8: supR3HardenedDllNotificationCallback: load 00007ffeffa10000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4945038.63c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4955038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
4965038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
4975038.63c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4985038.63c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
4995038.63c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
5005038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
5015038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5025038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5035038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5045038.63c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5055038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5065038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5075038.63c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5085038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5095038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5105038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
5115038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5125038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5135038.63c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5145038.63c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5155038.63c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
5165038.63c8: supR3HardenedDllNotificationCallback: load 00007ffeff3c0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
5175038.63c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5185038.63c8: supR3HardenedDllNotificationCallback: load 00007ffefeef0000 LB 0x000ac000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
5195038.63c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5205038.63c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeef0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
5215038.63c8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
5225038.63c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
5235038.63c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5245038.63c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5255038.63c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00790000 'C:\WINDOWS\System32\ntdll.dll'
5265038.63c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff00804b10 pvNtTerminateThread=00007fff0082d660
5275038.63c8: supR3HardenedWinDoReSpawn(2): New child 51e0.62f8 [kernel32].
5285038.63c8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5295038.63c8: supR3HardNtChildGatherData: PebBaseAddress=00000000009d4000 cbPeb=0x388
5305038.63c8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff00790000 uNtDllChildAddr=00007fff00790000
5315038.63c8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff00804b10
5325038.63c8: supR3HardenedWinSetupChildInit: Initial context:
533 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff747347900 rdx=00000000009d4000
534 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
535 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
536 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
537 rip=00007fff007e2630 rsp=0000000000aff938 rbp=0000000000000000 ctxflags=0010001b
538 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
539 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
540 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
541 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
542 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5435038.63c8: kernel32.dll: timestamp 0xd714134a (rc=VINF_SUCCESS)
5445038.63c8: supR3HardenedWinSetupChildInit: Start child.
5455038.63c8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5465038.63c8: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 30 sleeps
5475038.63c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5485038.63c8: *0000000000000000-00000000007affff 0x0001/0x0000 0x0000000
5495038.63c8: *00000000007b0000-00000000007cffff 0x0004/0x0004 0x0020000
5505038.63c8: *00000000007d0000-00000000007ecfff 0x0002/0x0002 0x0040000
5515038.63c8: 00000000007ed000-00000000007effff 0x0001/0x0000 0x0000000
5525038.63c8: *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000
5535038.63c8: 00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000
5545038.63c8: *0000000000800000-00000000009d3fff 0x0000/0x0004 0x0020000
5555038.63c8: 00000000009d4000-00000000009d6fff 0x0004/0x0004 0x0020000
5565038.63c8: 00000000009d7000-00000000009fffff 0x0000/0x0004 0x0020000
5575038.63c8: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
5585038.63c8: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
5595038.63c8: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
5605038.63c8: *0000000000b00000-0000000000b01fff 0x0004/0x0004 0x0020000
5615038.63c8: 0000000000b02000-000000007ffdffff 0x0001/0x0000 0x0000000
5625038.63c8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5635038.63c8: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
5645038.63c8: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
5655038.63c8: 000000007fff0000-00007ff5ddffffff 0x0001/0x0000 0x0000000
5665038.63c8: *00007ff5de000000-00007ff5de000fff 0x0002/0x0002 0x0040000
5675038.63c8: 00007ff5de001000-00007ff5de00ffff 0x0001/0x0000 0x0000000
5685038.63c8: *00007ff5de010000-00007ff5de032fff 0x0002/0x0002 0x0040000
5695038.63c8: 00007ff5de033000-00007ff74733ffff 0x0001/0x0000 0x0000000
5705038.63c8: *00007ff747340000-00007ff747340fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5715038.63c8: 00007ff747341000-00007ff7473b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5725038.63c8: 00007ff7473b8000-00007ff7473b8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5735038.63c8: 00007ff7473b9000-00007ff747401fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5745038.63c8: 00007ff747402000-00007ff747402fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5755038.63c8: 00007ff747403000-00007ff747403fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5765038.63c8: 00007ff747404000-00007ff747408fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5775038.63c8: 00007ff747409000-00007ff747409fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5785038.63c8: 00007ff74740a000-00007ff74740afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5795038.63c8: 00007ff74740b000-00007ff74740efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5805038.63c8: 00007ff74740f000-00007ff747457fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5815038.63c8: 00007ff747458000-00007fff0078ffff 0x0001/0x0000 0x0000000
5825038.63c8: *00007fff00790000-00007fff00790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5835038.63c8: 00007fff00791000-00007fff008abfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5845038.63c8: 00007fff008ac000-00007fff008f3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5855038.63c8: 00007fff008f4000-00007fff008fffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5865038.63c8: 00007fff00900000-00007fff0090efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5875038.63c8: 00007fff0090f000-00007fff0090ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5885038.63c8: 00007fff00910000-00007fff00912fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5895038.63c8: 00007fff00913000-00007fff00984fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5905038.63c8: 00007fff00985000-00007ffffffeffff 0x0001/0x0000 0x0000000
5915038.63c8: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS)
5925038.63c8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5935038.63c8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5945038.63c8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
5955038.63c8: supR3HardNtChildPurify: Done after 311 ms and 0 fixes (loop #0).
59651e0.62f8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
59751e0.62f8: supR3HardenedVmProcessInit: uNtDllAddr=00007fff00790000 g_uNtVerCombined=0xa04a6200 (stack ~0000000000aff3c8)
5985038.63c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001110000 LB 0x400000)
59951e0.62f8: ntdll.dll: timestamp 0x60a6ca36 (rc=VINF_SUCCESS)
60051e0.62f8: New simple heap: #1 0000000000c10000 LB 0x400000 (for 2052096 allocation)
6015038.63c8: supR3HardNtEnableThreadCreationEx:
60251e0.62f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
60351e0.62f8: System32: \Device\HarddiskVolume4\Windows\System32
60451e0.62f8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
60551e0.62f8: KnownDllPath: C:\WINDOWS\System32
60651e0.62f8: supR3HardenedVmProcessInit: Opening vboxdrv...
60751e0.62f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
60851e0.62f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
60951e0.62f8: Registered Dll notification callback with NTDLL.
61051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
61151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
61251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
61351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe0e0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
61451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
61551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
61651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefefd0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
61751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
61851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'C:\WINDOWS\System32\KERNEL32.DLL'
61951e0.62f8: supR3HardenedDllNotificationCallback: load 00007ff747340000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
62051e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
62151e0.62f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
62251e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
62351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
62451e0.62f8: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007fff007d8990 enmState=4 -> supR3HardenedWinDummyApcRoutine
62551e0.62f8: supR3HardenedWinDummyApcRoutine: pvArg1=ffff8b08e324a9e0 pvArg2=0000000000000000 pvArg3=0000000000000000
62651e0.62f8: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00000000010e1000 enmState=4 -> supR3HardenedWinDummyApcRoutine
62751e0.62f8: supR3HardenedWinDummyApcRoutine: pvArg1=00000000007c0000 pvArg2=ffff8b08c8eafa60 pvArg3=00000000007c0000
62851e0.62f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff00804b10 pvNtTerminateThread=00007fff0082d660
6295038.63c8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 152 ms.
63051e0.62f8: \SystemRoot\System32\ntdll.dll:
63151e0.62f8: CreationTime: 2021-02-28T19:27:21.549742500Z
63251e0.62f8: LastWriteTime: 2021-02-28T19:27:21.584878700Z
63351e0.62f8: ChangeTime: 2021-04-01T14:15:34.831952400Z
63451e0.62f8: FileAttributes: 0x20
63551e0.62f8: Size: 0x1ee320
63651e0.62f8: NT Headers: 0xe8
63751e0.62f8: Timestamp: 0x60a6ca36
63851e0.62f8: Machine: 0x8664 - amd64
63951e0.62f8: Timestamp: 0x60a6ca36
64051e0.62f8: Image Version: 10.0
64151e0.62f8: SizeOfImage: 0x1f5000 (2052096)
64251e0.62f8: Resource Dir: 0x184000 LB 0x6fd28
64351e0.62f8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
64451e0.62f8: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
64551e0.62f8: ProductName: Microsoft® Windows® Operating System
64651e0.62f8: ProductVersion: 10.0.19041.844
64751e0.62f8: FileVersion: 10.0.19041.844 (WinBuild.160101.0800)
64851e0.62f8: FileDescription: NT Layer DLL
64951e0.62f8: \SystemRoot\System32\kernel32.dll:
65051e0.62f8: CreationTime: 2021-02-23T23:19:16.413252500Z
65151e0.62f8: LastWriteTime: 2021-02-23T23:19:16.428879300Z
65251e0.62f8: ChangeTime: 2021-04-01T14:15:34.605557400Z
65351e0.62f8: FileAttributes: 0x20
65451e0.62f8: Size: 0xbac30
65551e0.62f8: NT Headers: 0xe8
65651e0.62f8: Timestamp: 0xd714134a
65751e0.62f8: Machine: 0x8664 - amd64
65851e0.62f8: Timestamp: 0xd714134a
65951e0.62f8: Image Version: 10.0
66051e0.62f8: SizeOfImage: 0xbd000 (774144)
66151e0.62f8: Resource Dir: 0xbb000 LB 0x520
66251e0.62f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
66351e0.62f8: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
66451e0.62f8: ProductName: Microsoft® Windows® Operating System
66551e0.62f8: ProductVersion: 10.0.19041.804
66651e0.62f8: FileVersion: 10.0.19041.804 (WinBuild.160101.0800)
66751e0.62f8: FileDescription: Windows NT BASE API Client DLL
66851e0.62f8: \SystemRoot\System32\KernelBase.dll:
66951e0.62f8: CreationTime: 2021-04-01T14:14:48.860468700Z
67051e0.62f8: LastWriteTime: 2021-04-01T14:14:48.934272600Z
67151e0.62f8: ChangeTime: 2021-04-10T09:19:55.334610700Z
67251e0.62f8: FileAttributes: 0x20
67351e0.62f8: Size: 0x2c8b78
67451e0.62f8: NT Headers: 0xf0
67551e0.62f8: Timestamp: 0x2f2f77bf
67651e0.62f8: Machine: 0x8664 - amd64
67751e0.62f8: Timestamp: 0x2f2f77bf
67851e0.62f8: Image Version: 10.0
67951e0.62f8: SizeOfImage: 0x2c8000 (2916352)
68051e0.62f8: Resource Dir: 0x29f000 LB 0x548
68151e0.62f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
68251e0.62f8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
68351e0.62f8: ProductName: Microsoft® Windows® Operating System
68451e0.62f8: ProductVersion: 10.0.19041.906
68551e0.62f8: FileVersion: 10.0.19041.906 (WinBuild.160101.0800)
68651e0.62f8: FileDescription: Windows NT BASE API Client DLL
68751e0.62f8: \SystemRoot\System32\apisetschema.dll:
68851e0.62f8: CreationTime: 2019-12-07T09:08:13.518339400Z
68951e0.62f8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
69051e0.62f8: ChangeTime: 2021-04-01T14:15:34.574639600Z
69151e0.62f8: FileAttributes: 0x20
69251e0.62f8: Size: 0x1f538
69351e0.62f8: NT Headers: 0xd0
69451e0.62f8: Timestamp: 0x31288ce0
69551e0.62f8: Machine: 0x8664 - amd64
69651e0.62f8: Timestamp: 0x31288ce0
69751e0.62f8: Image Version: 10.0
69851e0.62f8: SizeOfImage: 0x20000 (131072)
69951e0.62f8: Resource Dir: 0x1f000 LB 0x408
70051e0.62f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
70151e0.62f8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
70251e0.62f8: ProductName: Microsoft® Windows® Operating System
70351e0.62f8: ProductVersion: 10.0.19041.1
70451e0.62f8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
70551e0.62f8: FileDescription: ApiSet Schema DLL
70651e0.62f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
70751e0.62f8: supR3HardenedWinFindAdversaries: 0x0
70851e0.62f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
70951e0.62f8: Calling main()
71051e0.62f8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
71151e0.62f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
71251e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
71351e0.62f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
71451e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
71551e0.62f8: SUPR3HardenedMain: Final process, opening VBoxDrv...
71651e0.62f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c10000 LB 0x400000)
71751e0.62f8: supR3HardNtEnableThreadCreationEx:
71851e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
71951e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
72051e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
72151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
72251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
72351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffee7010000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
72451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
72551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
72651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
72851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
72951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
73151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
73251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
73451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
73551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
73651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
73751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
73851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
73951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
74051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
74151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
74251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
74351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
74451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
74551e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeff3c0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
74651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
74751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffed0000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
74851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
74951e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe4b0000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
75051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
75151e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe3b0000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
75251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
75351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
75451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe5c0000 LB 0x0015f000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
75551e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
75651e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
75751e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
75851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
75951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-synch-l1-2-0'
76051e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
76151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
76251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-fibers-l1-1-1'
76351e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
76451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
76551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-fibers-l1-1-1'
76651e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
76751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
76851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-synch-l1-2-0'
76951e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
77051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
77151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-localization-l1-2-1'
77251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
77351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
77451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefdac0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
77551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
77651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe4b0000 'C:\WINDOWS\system32\Wintrust.dll'
77751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
77851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
77951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
78051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe510000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
78151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
78251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe510000 'C:\WINDOWS\system32\bcrypt.dll'
78351e0.62f8: bcrypt.dll loaded at 00007ffefe510000, BCryptOpenAlgorithmProvider at 00007ffefe5151e0, preloading providers:
78451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
78551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
78651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe540000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
78851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
78951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe540000 'C:\WINDOWS\system32\bcryptprimitives.dll'
79051e0.62f8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000011c1400)
79151e0.62f8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000011c1a80)
79251e0.62f8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000011c1da0)
79351e0.62f8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000011c20c0)
79451e0.62f8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000011c23e0)
79551e0.62f8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000011c2700)
79651e0.62f8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011c2a20)
79751e0.62f8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011c2f20)
79851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
79951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
80051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefd880000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
80151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
80251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
80351e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
80451e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
80551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
80651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
80751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
80851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80951e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefcfe0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
81151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
81351e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
81451e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
81551e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefd8a0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
81651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
81751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
81851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
81951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'C:\WINDOWS\System32\kernel32.dll'
82051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
82151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe4b0000 'C:\WINDOWS\System32\WINTRUST.DLL'
82351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
82551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\CRYPT32.dll'
82651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffab0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
82751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
82851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
82951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
83251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffa10000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
83351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
83451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
83551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
83651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
83751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
83851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
83951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
84051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefc540000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
84151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
84251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
84351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
84451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefde10000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
84551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
84651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
84851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
84951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
85051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
85151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
85251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
85351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
85451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
85551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
85651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
85751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
85851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
85951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
86351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
86451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
86551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86651e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffef04e0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
86851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
87151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
87251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
87451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
87551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
87751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
87851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
88051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
88151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
88351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
88451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
88651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
88751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
88951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
89151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
89351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
89551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
89751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\WINDOWS\System32\cryptnet.dll'
89851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef04e0000 'C:\Windows\System32\cryptnet.dll'
90051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefeef0000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
90151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
90251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
90351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
90451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
90551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
90651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
90751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
90851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
90951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
91051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
91151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
91251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
91351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
91451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
91551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
91651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
91851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
91951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
92051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
92151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
92251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011d4ce0
92351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
92451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79B56EBA058C3100C3767445CD39B88684EB1CFC
92551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
92651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
92751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffed0000 'C:\WINDOWS\System32\rpcrt4.dll'
92851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
92951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
93151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
93251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
93451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.906.cat'; file='\SystemRoot\System32\ntdll.dll'
93551e0.62f8: g_pfnWinVerifyTrust=00007ffefe4b1da0
93651e0.62f8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
93751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
93851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
94051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
94151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
94251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
94351e0.62f8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
94451e0.62f8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
94551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
94651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
94751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
94851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
94951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
95151e0.62f8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
95251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
95351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
95551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
95651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
95851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
95951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
96051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
96151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
96251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
96351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
96451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
96551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
96651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
96751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
96851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
96951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
97051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
97151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
97251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
97351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
97451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
97551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
97651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
97751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
97851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
97951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
98051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
98151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
98251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
98351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
98451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
98551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
98651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
98751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
98851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
99051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
99151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
99351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
99451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
99551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
99651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
99751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
99851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
99951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
100051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
100151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
100251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
100351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
100451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
100551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
100651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
100751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
100851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
100951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
101051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
101151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
101251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
101351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
101451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
101551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
101651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
101751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
101851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
101951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
102051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
102151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
102251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\system32\crypt32.dll'
102351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
102451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7df095a1594536a1 CN=KBP1-LHP-A00243.synapse.com
102551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
102651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
102751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
102851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xfa5c1f8646dcdc00 C=US, ST=CA, OU=ManageEngine, O=Zoho Corporation, CN=ManageEngineCA
102951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
103051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
103151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
103251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
103351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
103451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
103551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
103651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x310d24e6d4dad00 C=US, ST=CA, OU=ManageEngine, O=Zoho Corporation, CN=ManageEngineCA, CN=ManageEngineCA-DS, OU=ManageEngine-DS
103751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
103851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
103951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
104051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
104151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
104251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
104351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
104451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
104551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
104651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
104751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
104851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
104951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
105051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
105151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
105251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
105351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
105451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
105551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
105651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
105751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
105851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
105951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
106051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
106151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
106251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
106351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
106451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
106551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
106651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
106751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
106851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
106951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
107051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
107151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
107251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
107351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
107451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
107551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
107651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
107751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
107851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
107951e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
108051e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
108151e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x26e092f899b6d300 DC=com, DC=synapse, CN=Induslogic
108251e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x329a22249959e500 CN=GlobalLogic-root
108351e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x88ebd49ac96c200 DC=com, DC=synapse, CN=Induslogic
108451e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x18e8578a598bd700 DC=com, DC=synapse, CN=Induslogic
108551e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa44bacd3d928c800 DC=com, DC=synapse, CN=CyberARC
108651e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb41b710527688d00 DC=com, DC=synapse, CN=Induslogic
108751e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x26e092f899b6d300 DC=com, DC=synapse, CN=Induslogic
108851e0.62f8: supR3HardenedWinIsDesiredRootCA: Adding 0x26e092f899b6d300 DC=com, DC=synapse, CN=Induslogic
108951e0.62f8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=66
109051e0.62f8: SUPR3HardenedMain: Load Runtime...
109151e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
109251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
109351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
109451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
109551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
109651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
109751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
109851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
109951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
110051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
110151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
110251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
110351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
110451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
110551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
110651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
110751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
110851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
110951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
111051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
111151e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
111251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
111351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
111451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
111551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
111651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
111751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
111851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
111951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
112051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
112151e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
112251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
112351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
112451e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
112551e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112651e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
112751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
112851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
112951e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
113051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
113151e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
113251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
113351e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
113451e0.62f8: supR3HardenedDllNotificationCallback: load 0000000077520000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
113551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
113651e0.62f8: supR3HardenedDllNotificationCallback: load 0000000075c20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
113751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
113851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeff530000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
113951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
114051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffe92af0000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
114151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
114251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
114551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
114651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
114751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
115051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
115151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
115251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
115351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
115451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
115551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
115651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
115751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
115851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
115951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
116051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
116251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
116351e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
116451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
116551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
116651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
116751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116851e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
116951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
117051e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
117151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
117251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
117351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
117451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117551e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
117651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
117751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
117851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
117951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
118051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
118351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
118451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
118551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
118651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
118851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
118951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
119051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
119151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
119351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
119451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
119551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
119651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
119851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
119951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
120051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
120151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
120251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
120351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
120451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
120551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
120651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
120751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
120851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
120951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
121051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
121151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
121251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
121351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
121451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
121551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
121651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
121751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
121851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
121951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
122051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
122151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
122251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
122351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
122451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
122551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
122651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
122751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
122851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
122951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
123051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
123151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
123251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
123351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
123451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
123551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
123651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
123751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
123851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
123951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
124051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
124151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
124251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
124351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
124551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
124651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
124751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
124851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
125051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
125151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
125251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
125351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
125551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
125651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
125751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
125851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
126751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
126851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
127751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
127851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
128751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
128851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
129851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129951e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130851e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131351e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131651e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe92af0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
132051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
132151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
132251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
132351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe4b0000 'C:\WINDOWS\system32\Wintrust.dll'
132451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
132551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
132651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
132751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
132851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
132951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
133051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\system32\crypt32.dll'
133151e0.62f8: SUPR3HardenedMain: Load TrustedMain...
133251e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
133351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
133451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
133551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
133651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
133751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
133851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
133951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
134051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
134151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
134251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
134351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
134451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
134551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
134651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
134751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
134851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
134951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
135051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
135151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
135251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
135351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
135451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
135551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
135651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
135751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
135851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
135951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
136051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
136151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
136251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
136351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
136451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
136551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
136651e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
136751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
136851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
136951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
137051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
137151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
137251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
137351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
137451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
137551e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
137651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
137751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
137851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
137951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
138051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
138151e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
138251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
138351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
138451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
138551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
138651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
138751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
138851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
138951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
139051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
139151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
139251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
139351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
139451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
139551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
139651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
139951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
140051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
140151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
140251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
140351e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
140451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
140551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
140651e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
140751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
140851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
140951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
141051e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
141151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
141251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
141351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
141451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
141551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
141651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
141751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
141851e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
141951e0.62f8: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
142051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
142151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
142251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
142351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
142451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
142551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
142651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
142751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
142851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
142951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
143051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
143151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
143251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
143351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
143451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
143551e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
143651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
143751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
143851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
143951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
144051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
144151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
144251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
144351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
144451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
144551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
144651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
144751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
144851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
144951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
145051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
145151e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
145251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
145351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
145451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
145551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
145651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
145751e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
145851e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
145951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
146051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
146151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
146251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
146351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
146451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
146551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
146651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
146751e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
146851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
146951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
147051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
147151e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
147251e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
147351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
147451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
147551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
147651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
147751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
147851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
147951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
148051e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
148151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
148251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
148351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
148451e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
148551e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
148651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
148751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
148851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
148951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
149051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
149151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
149251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
149351e0.62f8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
149451e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
149551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
149651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
149751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
149851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
149951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
150051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
150151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
150251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
150351e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
150451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
150551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
150651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
150751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
150851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
150951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
151051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
151151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
151251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
151351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
151451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
151551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
151851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
151951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
152051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
152151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
152251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
152351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
152451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
152551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
152651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
152751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
152851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
152951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
153051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
153151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
153251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
153351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
153451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
153551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
153651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
153751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
153851e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
153951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
154051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
154151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
154251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
154351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
154451e0.62f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
154551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
154651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
154751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
154851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
154951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
155051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
155151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
155251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
155351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
155451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
155551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
155651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
155751e0.62f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
155851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
155951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
156051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
156151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
156251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
156351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
156451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
156551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
156651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
156751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
156851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
156951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
157051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
157151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
157251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
157351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
157451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
157551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
157651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
157751e0.62f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
157851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
158051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
158151e0.62f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
158251e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
158351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
158451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
158551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
158651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
158851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
158951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
159051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
159151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
159251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
159551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
159851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
160051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
160151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
160251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
160351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
160451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
160551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
160651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
160751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
160851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
160951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
161051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
161151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
161251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
161351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
161451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
161551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
161651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
161751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
161851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
161951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
162051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
162151e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
162251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
162351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
162451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
162551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
162651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
162751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
162851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
162951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
163051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
163151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
163251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
163351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
163451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
163551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
163651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
163751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
163851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
163951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
164051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
164251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
164351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
164451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
164551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
164651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
164751e0.62f8: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
164851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
164951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
165051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
165151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
165251e0.62f8: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
165351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
165451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
165551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
165651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
165751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
165851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
165951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
166051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
166151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
166251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
166351e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
166451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
166551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
166651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
166751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
166851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
166951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
167051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
167151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
167251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
167351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
167451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
167551e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
167651e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
167751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
167851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
167951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
168051e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
168151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
168251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
168351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3CB52BB9838D25EFF08383FDE7F4AA56BF8DFD0
168451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
168751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
168851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
168951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
169051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
169151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
169251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
169351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
169451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
169551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
169651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
169751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
169851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
169951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
170051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
170151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
170251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
170351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
170451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
170551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
170651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
170751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
170851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
170951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
171051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
171151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
171251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
171351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
171451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
171551e0.62f8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
171651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
171751e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
171851e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
171951e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
172051e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
172151e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
172251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
172351e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
172451e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
172551e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
172651e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
172751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe7c0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
172851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
172951e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe720000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
173051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
173151e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefdf80000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
173251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
173351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
173451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
173551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
173651e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
173751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
173851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeff390000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
173951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
174051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffc10000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
174151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
174251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefe7f0000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
174351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
174451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffee21e0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
174551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
174651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffecefe0000 LB 0x00126000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
174751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
174851e0.62f8: supR3HardenedDllNotificationCallback: load 00007fff00000000 LB 0x00742000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
174951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
175051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffad0000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
175151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
175251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffee1540000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
175351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
175451e0.62f8: supR3HardenedDllNotificationCallback: load 0000000076230000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
175551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
175651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffe924f0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
175751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
175851e0.62f8: supR3HardenedDllNotificationCallback: load 0000000075cc0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
175951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
176051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeff460000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
176151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
176251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffe8cf50000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
176351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
176451e0.62f8: supR3HardenedDllNotificationCallback: load 00000000751b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
176551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
176651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeebff0000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
176751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
176851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffea9940000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
176951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
177051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
177151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
177251e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
177351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
177451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
177551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
177651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
177751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
177851e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
177951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
178051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
178151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
178251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
178351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
178451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
178551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
178651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
178751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
178851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
178951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
179051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
179151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
179251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
179351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
179451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
179551e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
179651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
179751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
179851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
179951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
180051e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
180151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
180251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
180351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
180451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
180551e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
180651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
180751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
180851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
180951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
181051e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
181151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
181251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'C:\WINDOWS\System32\kernel32.dll'
181351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
181451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
181551e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
181651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
181751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
181851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
181951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
182051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
182151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
182251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
182351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
182451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
182551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
182651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
182751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
182851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
182951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
183051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
183151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
183251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
183351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
183451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
183551e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
183651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
183751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
183851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
183951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
184051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
184151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
184251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
184351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
184451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
184551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
184651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
184751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
184851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
184951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
185051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
185151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
185251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
185351e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
185451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
185551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-string-l1-1-0'
185651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
185751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
185851e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
185951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
186051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
186151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
186251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
186351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
186451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
186551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
186651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
186751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
186851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
186951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
187051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
187151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
187251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
187351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
187451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
187551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
187651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
187751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
187851e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
187951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
188051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
188151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
188251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
188351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
188451e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
188551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
188651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
188751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
188851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
188951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
189051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
189151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
189251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
189351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
189451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
189551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
189651e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
189751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
189851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-datetime-l1-1-1'
189951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
190051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
190151e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
190251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
190351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
190451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
190551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
190651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
190751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
190851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
190951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
191051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
191151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
191251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
191351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
191451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
191551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
191651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
191751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
191851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
191951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
192051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
192151e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
192251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
192351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
192451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
192551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
192651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
192751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
192851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
192951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
193051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
193151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
193251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
193351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
193451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
193551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
193651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
193751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
193851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
193951e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
194051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
194151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-localization-obsolete-l1-2-0'
194251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
194351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
194451e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
194551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
194651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
194751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
194851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
194951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
195051e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
195151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
195251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
195351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
195451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
195551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
195651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
195751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
195851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
195951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
196051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
196151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
196251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
196351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
196451e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
196551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
196651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
196751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
196851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
196951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
197051e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
197151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
197251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
197351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
197451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
197551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
197651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
197751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
197851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
197951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
198051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
198151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
198251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
198351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
198451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
198551e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
198651e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
198751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
198851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
198951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
199051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
199151e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
199251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
199351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
199451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
199551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
199651e0.62f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
199751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
199851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefefa0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
199951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
200051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefa0000 'C:\WINDOWS\system32\IMM32.DLL'
200151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
200251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
200351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
200451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
200551e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
200651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
200751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
200851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
200951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
201051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
201151e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
201251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
201351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
201451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
201551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
201651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
201751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
201851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
201951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
202051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
202151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
202251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
202351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
202451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
202551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
202651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
202751e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
202851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
202951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
203051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
203151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
203251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
203351e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
203451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
203551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
203651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
203751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
203851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
203951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
204051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
204151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
204251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
204351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
204451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
204551e0.62f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
204651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
204751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
204851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
204951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
205051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
205151e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
205251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
205351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
205451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
205551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
205651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
205751e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
205851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
205951e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
206051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
206151e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
206251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
206351e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
206451e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
206551e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
206651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
206751e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
206851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
206951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
207051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
207151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeef0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
207251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
207351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
207451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
207551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
207651e0.62f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
207751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
207851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
207951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
208051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
208151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
208251e0.62f8: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
208351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
208451e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
208551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
208651e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
208751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
208851e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
208951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
209051e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
209151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
209251e0.62f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
209351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
209451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea9940000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
209551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
209651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
209751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
209851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
209951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
210051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
210151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
210251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
210351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
210451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB3F71746EFEEEE383BF91A5CE7637F78FF8670
210551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
210651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
210751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.867.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
210851e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
210951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
211051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
211151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
211251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
211351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
211451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
211551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
211651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
211751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
211851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
211951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
212051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
212151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
212251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
212351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
212451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
212551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
212651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
212751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
212851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
212951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
213051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
213151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
213251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
213351e0.62f8: SUPR3HardenedMain: Calling TrustedMain (00007ffea99416c0)...
213451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
213551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
213651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
213751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
213851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
213951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wldp.dll)
214151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wldp.dll
214251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefd940000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
214351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
214451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefb940000 LB 0x00791000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
214551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
214651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeff090000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
214751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
214951e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
215051e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
215151e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefee90000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
215251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
215351e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
215451e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
215551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
215651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
215851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
215951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
216051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
216151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
216251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
216351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
216451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
216551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
216651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
216751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [lacks WinVerifyTrust]
216851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
216951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
217051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
217151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
217251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
217351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
217451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
217551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
217651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
217751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
217851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
217951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
218051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
218151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
218251e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wldp.dll'
218351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
218451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
218551e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
218651e0.62f8: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
218751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
218851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
218951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
219051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
219151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
219251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
219351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
219451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
219551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
219651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
219751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
219851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
219951e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
220051e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
220151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
220251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
220351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
220451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
220551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
220651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
220751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
220851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
220951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
221051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
221151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
221251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
221351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
221451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
221551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
221651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
221751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
221851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
221951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
222051e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
222151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
222251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
222351e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
222451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
222551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
222651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
222751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
222851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
222951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
223051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
223151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
223351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeabfa0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
223451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
223551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeabfa0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
223651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
223751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
223851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
223951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
224051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefc7b0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
224151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
224251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
224351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
224451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
224551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
224651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
224751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
224851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
224951e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
225051e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
225151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
225251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D4518D2FDDF5F612DEA6801698B1EA0650EE8486
225351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
225451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
225551e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.906.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
225651e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
225751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
225951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
226051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
226151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
226251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
226351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
226451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
226551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
226651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
226751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
226951e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
227051e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefb1b0000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
227151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
227251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb1b0000 'C:\WINDOWS\system32\uxtheme.dll'
227351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffc10000 'C:\WINDOWS\system32\user32.dll'
227451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
227551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
227651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00000000 'C:\WINDOWS\system32\shell32.dll'
227751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
227851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
227951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff090000 'C:\WINDOWS\system32\SHCore.dll'
228051e0.62f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
228151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
228251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
228351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\system32\winmm.dll'
228551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
228651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\system32\winmm.dll'
228851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
228951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00000000 'C:\WINDOWS\system32\shell32.dll'
229151e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
229251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb1b0000 'C:\WINDOWS\system32\uxtheme.dll'
229451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
229551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeef0000 'C:\WINDOWS\system32\advapi32.dll'
229751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
229851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
229951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
230051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
230151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
230251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
230351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
230451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
230551e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
230651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefddd0000 LB 0x0002e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
230751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
230851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefddd0000 'C:\WINDOWS\system32\userenv.dll'
230951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
231051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
231151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'C:\WINDOWS\System32\kernel32.dll'
231251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefed00000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
231351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
231451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
231551e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
231651e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
231751e0.5d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
231851e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
231951e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
232051e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
232151e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
232251e0.5d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
232351e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
232451e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
232551e0.5d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
232651e0.5d20: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
232751e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
232851e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
232951e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
233051e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
233151e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
233251e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
233351e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
233451e0.5d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
233551e0.5d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
233651e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
233751e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
233851e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
233951e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
234051e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
234151e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
234251e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
234351e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
234451e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
234551e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
234651e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
234751e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
234851e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
234951e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
235051e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
235151e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
235251e0.5d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
235351e0.5d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
235451e0.5d20: supR3HardenedDllNotificationCallback: load 00007ffe918e0000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
235551e0.5d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
235651e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe918e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
235751e0.5d20: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
235851e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
235951e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
236051e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
236151e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
236251e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
236351e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
236451e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
236551e0.5d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
236651e0.5d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
236751e0.5d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
236851e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
236951e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
237051e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
237151e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
237251e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
237351e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
237451e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
237551e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
237651e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
237751e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
237851e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
237951e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
238051e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
238151e0.5d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
238251e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
238351e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
238451e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
238551e0.5d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
238651e0.5d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
238751e0.5d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
238851e0.5d20: supR3HardenedDllNotificationCallback: load 00007ffeabeb0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
238951e0.5d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
239051e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeabeb0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
239151e0.5d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
239251e0.5d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
239351e0.5d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff460000 'C:\Windows\System32\oleaut32.dll'
239451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff390000 'C:\WINDOWS\system32\gdi32.dll'
239551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
239651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
239751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00000000 'C:\WINDOWS\system32\shell32.dll'
239851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeffdb0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
239951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
240051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
240151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
240251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
240351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
240451e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
240551e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
240651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
240751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
240851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
240951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
241051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
241151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
241251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
241351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
241451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
241551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
241651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
241751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
241851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
241951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
242051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
242151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
242251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
242351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
242451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3E635B51EBB2CF2245E98541D1AF5FE327DC975
242551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
242651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
242751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
242851e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
242951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
243051e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
243151e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
243251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
243351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
243451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
243551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
243651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
243751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
243851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
243951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
244051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
244151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
244251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
244351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
244451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
244551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
244651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
244751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
244851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
244951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
245051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
245151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
245251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
245351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
245451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
245551e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
245651e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
245751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
245851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
245951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
246051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
246151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
246251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
246351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
246451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
246551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
246651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
246751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
246851e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
246951e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
247051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
247351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
247451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
247551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
247651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247851e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
247951e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
248051e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
248151e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
248251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
248351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefc590000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
248451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
248551e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffef9c20000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
248651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
248751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefa450000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
248851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
248951e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffec9280000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
249051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
249151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff390000 'C:\WINDOWS\System32\gdi32.dll'
249251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec9280000 'C:\WINDOWS\system32\dataexchange.dll'
249351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
249451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
249551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
249651e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
249751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
249851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffef4b50000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
249951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
250051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
250151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
250251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
250351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
250451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
250551e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
250651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
250751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
250851e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
250951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
251051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
251151e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
251251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
251351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
251451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff090000 'C:\WINDOWS\system32\Shcore.dll'
251551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
251651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
251751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
251851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
251951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
252051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
252151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
252251e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252351e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
252451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
252551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
252651e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
252751e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
252851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
253051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
253151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
253251e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
253351e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
253451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
253551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
253651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
253751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
253851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
253951e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefc4b0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
254051e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
254151e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefaeb0000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
254251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
254351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffef9520000 LB 0x00154000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
254451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
254551e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefa6d0000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
254651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
254751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffedfa80000 LB 0x000f9000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
254851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
254951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
255051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
255151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
255251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
255351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
255451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
255551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
255651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
255751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
255851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
255951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
256051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
256151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
256251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
256351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
256451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
256551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
256651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
256751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
256851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
256951e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
257051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
257151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
257251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
257351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
257451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
257551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
257651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
257751e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
257851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
257951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
258051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
258151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
258251e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
258351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
258651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
258751e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
258851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
258951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
259051e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
259151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
259251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
259351e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
259451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
259551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
259651e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
259751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
259851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
259951e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
260051e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
260151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffc10000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
260351e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
260451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffc10000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
260651e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
260751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe7f0000 'api-ms-win-core-com-l1-1-0.dll'
260951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
261051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
261151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffdb0000 'C:\WINDOWS\System32\MSCTF.dll'
261251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
261351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
261451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
261551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
261651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
261751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
261851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
261951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
262051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll) WinVerifyTrust
262151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
262251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
262351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
262451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
262551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
262651e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
262751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
262851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
262951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
263051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
263151e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263251e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
263351e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffefb490000 LB 0x0002f000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
263451e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
263551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb490000 'C:\WINDOWS\system32\dwmapi.dll'
263651e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
263751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb1b0000 'C:\WINDOWS\system32\uxtheme.dll'
263951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
264051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextShaping.dll)
264151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextShaping.dll
264251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffedbad0000 LB 0x000ac000 C:\WINDOWS\SYSTEM32\TextShaping.dll [fFlags=0x0]
264351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextShaping.dll [avoiding WinVerifyTrust]
264451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
264551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
264651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
264751e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
264851e0.62f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextShaping.dll'
264951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
265051e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\DWMAPI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
265151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb490000 'C:\WINDOWS\SYSTEM32\DWMAPI.dll'
265251e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
265351e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
265451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeffad0000 'C:\WINDOWS\System32\ole32.dll'
265551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff460000 'C:\WINDOWS\System32\OLEAUT32.dll'
265651e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
265751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
265851e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
265951e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB3ECA1473EC52F9B019D265122638E0788939AC
266051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
266151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
266251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
266351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
266451e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
266651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
266751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
266851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
266951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
267051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
267151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bac pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
267251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
267351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
267451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=81079EBE9391E32B4247EEC5D81D5FE7F690612C
267551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
267651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
267751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
267851e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
267951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
268051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
268151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
268251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
268351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
268451e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
268551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
268651e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
268751e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
268851e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
268951e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
269051e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
269151e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
269251e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffef0350000 LB 0x00094000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
269351e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
269451e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeef2b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
269551e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
269651e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
269751e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
269851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
269951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeef2b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
270051e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b6c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
270151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
270251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
270351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34BA357EFBCEA3447E98131975A6D86BBAD90C80
270451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
270551e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
270651e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
270751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
270851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
270951e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
271051e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
271151e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
271251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
271351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
271451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
271551e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
271651e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
271751e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
271851e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeee3f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
271951e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
272051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee3f0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
272151e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
272251e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
272351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-localization-l1-2-0.dll'
272451e0.62f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
272551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
272651e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe0e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
272751e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a6c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
272851e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
272951e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
273051e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
273151e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
273251e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
273351e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
273451e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
273551e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
273651e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
273751e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
273851e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
273951e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
274051e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
274151e0.62f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
274251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
274351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
274451e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
274551e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
274651e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeee410000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
274751e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
274851e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee410000 'C:\WINDOWS\system32\wbem\fastprox.dll'
274951e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bcc pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
275051e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
275151e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
275251e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
275351e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
275451e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
275551e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
275651e0.62f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
275751e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
275851e0.62f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
275951e0.62f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
276051e0.62f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
276151e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
276251e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
276351e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276451e0.62f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276551e0.62f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
276651e0.62f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
276751e0.62f8: supR3HardenedDllNotificationCallback: load 00007ffeee2f0000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
276851e0.62f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
276951e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee2f0000 'C:\WINDOWS\System32\amsi.dll'
277051e0.62f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeef0000 'C:\WINDOWS\System32\ADVAPI32.dll'
277151e0.6204: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
277251e0.6204: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
277351e0.6204: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
277451e0.6204: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
277551e0.6204: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
277651e0.6204: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
277751e0.6204: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
277851e0.6204: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
277951e0.6204: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
278051e0.6204: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
278151e0.6204: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
278251e0.6204: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
278351e0.6204: supR3HardenedDllNotificationCallback: load 00007ffe91560000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
278451e0.6204: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
278551e0.6204: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91560000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
278651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
278751e0.82c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
278851e0.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
278951e0.82c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
279051e0.82c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
279151e0.82c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
279251e0.82c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
279351e0.82c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
279451e0.82c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
279551e0.82c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
279651e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
279751e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
279851e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
279951e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
280051e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
280151e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
280251e0.82c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
280351e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
280451e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
280551e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
280651e0.82c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
280751e0.82c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
280851e0.82c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
280951e0.82c: supR3HardenedDllNotificationCallback: load 00007ffee6fc0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
281051e0.82c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
281151e0.82c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee6fc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
281251e0.331c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
281351e0.331c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
281451e0.331c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
281551e0.331c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
281651e0.331c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
281751e0.331c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
281851e0.331c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
281951e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
282051e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
282151e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
282251e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
282351e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
282451e0.331c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
282551e0.331c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282651e0.331c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
282751e0.331c: supR3HardenedDllNotificationCallback: load 00007ffee26f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
282851e0.331c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
282951e0.331c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee26f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
283051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
283151e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00000000 'C:\WINDOWS\system32\Shell32.dll'
283351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
283451e0.5db0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
283551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
283651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
283751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
283851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
283951e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
284051e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
284151e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
284251e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
284351e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
284451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
284551e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
284651e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
284751e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
284851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
284951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
285051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
285151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
285251e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
285351e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
285451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
285551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
285651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
285751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
285851e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
285951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
286051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
286151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
286251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
286351e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
286451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
286551e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
286651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
286751e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
286851e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
286951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
287051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
287151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
287251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
287351e0.5db0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
287451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
287551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
287651e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
287751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
287851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
287951e0.5db0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
288051e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
288151e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
288251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
288351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
288451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
288551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
288651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
288751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
288851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
288951e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
289051e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
289151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
289251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
289351e0.5db0: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
289451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
289551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
289651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
289751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
289851e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
289951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
290051e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
290151e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
290251e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
290351e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
290451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
290551e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
290651e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
290751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
290851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
290951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
291051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
291151e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
291251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
291351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
291451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
291551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
291651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
291751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
291851e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
291951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
292051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
292151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
292251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
292351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
292451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
292551e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292651e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
292751e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
292851e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
292951e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
293051e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefe090000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
293151e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
293251e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffeff5a0000 LB 0x00469000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
293351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
293451e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffeb39b0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
293551e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
293651e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffe8c6f0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
293751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
293851e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefd350000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
293951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
294051e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffe90b70000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
294151e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
294251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90b70000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
294351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
294451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
294551e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
294651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
294751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
294851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
294951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe918e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
295051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
295151e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
295251e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8c6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
295451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
295551e0.5adc: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
295651e0.5adc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
295751e0.5adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
295851e0.5adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
295951e0.5adc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
296051e0.5adc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
296151e0.5adc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
296251e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
296351e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
296451e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
296551e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
296651e0.5adc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
296751e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
296851e0.5adc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
296951e0.5adc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
297051e0.5adc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
297151e0.5adc: supR3HardenedDllNotificationCallback: load 00007ffed8aa0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
297251e0.5adc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
297351e0.5adc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed8aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
297451e0.6058: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
297551e0.6058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
297651e0.6058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
297751e0.6058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
297851e0.6058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
297951e0.6058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
298051e0.6058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
298151e0.6058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
298251e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
298351e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
298451e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
298551e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
298651e0.6058: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
298751e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
298851e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
298951e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
299051e0.6058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
299151e0.6058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
299251e0.6058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
299351e0.6058: supR3HardenedDllNotificationCallback: load 00007ffee2170000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
299451e0.6058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
299551e0.6058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee2170000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
299651e0.43f4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
299751e0.43f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
299851e0.43f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
299951e0.43f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
300051e0.43f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
300151e0.43f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
300251e0.43f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
300351e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
300451e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
300551e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
300651e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
300751e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
300851e0.43f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
300951e0.43f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301051e0.43f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
301151e0.43f4: supR3HardenedDllNotificationCallback: load 00007ffedc110000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
301251e0.43f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
301351e0.43f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffedc110000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
301451e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
301551e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd350000 'C:\WINDOWS\system32\Iphlpapi.dll'
301751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
301851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
301951e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
302051e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
302151e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffeff1e0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
302251e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
302351e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
302451e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef82a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
302551e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
302651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
302751e0.5db0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
302851e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
302951e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef8080000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
303051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
303151e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
303251e0.5db0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
303351e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
303451e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef7ea0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
303551e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
303651e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
303751e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
303851e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefd3a0000 LB 0x000cc000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
303951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
304051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
304151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
304251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
304351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
304451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
304551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
304651e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
304751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
304851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
304951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
305051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
305151e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
305251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
305351e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
305451e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
305551e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
305651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
305751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
305851e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.906.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
305951e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306051e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
306151e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e88 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
306251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
306351e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
306451e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
306551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
306651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
306751e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.906.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
306851e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306951e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
307051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
307151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
307251e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
307351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
307451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
307551e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
307651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
307751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
307851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
307951e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
308051e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
308151e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
308251e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
308351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
308451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
308551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
308651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
308751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
308851e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
308951e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
309051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
309151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
309251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
309351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
309451e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
309551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
309651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
309751e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
309851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
309951e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
310051e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
310151e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefdca0000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
310251e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
310351e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef6410000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
310451e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
310551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6410000 'C:\WINDOWS\System32\MMDevApi.dll'
310651e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001080 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
310751e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
310851e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
310951e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
311051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
311151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
311251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
311351e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
311451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
311551e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
311651e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
311751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
311851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
311951e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
312051e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
312151e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
312251e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
312351e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
312451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
312551e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
312651e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
312751e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefd4c0000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
312851e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
312951e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffec4a60000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
313051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
313151e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffec0ad0000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
313251e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
313351e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
313451e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
313551e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffefd330000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
313651e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
313751e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
313851e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
313951e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
314051e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
314151e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
314251e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
314351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
314451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
314751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
314851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
314951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec0ad0000 'C:\WINDOWS\System32\dsound.dll'
315051e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
315151e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
315251e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
315351e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
315451e0.5db0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
315551e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
315651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec0ad0000 'C:\WINDOWS\System32\dsound.dll'
315751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
315851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
315951e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
316051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
316151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
316251e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
316351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
316451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
316551e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
316651e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
316751e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
316851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec0ad0000 'C:\WINDOWS\system32\dsound.dll'
316951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
317051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
317151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6410000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
317251e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
317351e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
317451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
317551e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d4 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
317651e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
317751e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
317851e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
317951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
318051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
318151e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
318251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
318351e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
318451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
318551e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
318651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
318751e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
318851e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
318951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
319051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
319151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
319251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
319351e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
319451e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
319551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
319651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
319751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
319851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
319951e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
320051e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
320151e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
320251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
320351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
320451e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
320551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
320651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
320751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
320851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
320951e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
321051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
321151e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
321251e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
321351e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
321451e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef3c80000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
321551e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
321651e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef66c0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
321751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
321851e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffebf280000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
321951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
322051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
322151e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
322251e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
322351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
322451e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
322551e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
322651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
322751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
322851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
322951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
323051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
323151e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
323251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
323351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
323451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
323551e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
323651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
323751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
323851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
323951e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
324051e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
324151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
324251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
324351e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
324451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
324551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
324651e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
324751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
324851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
324951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
325051e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
325151e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
325251e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
325351e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffef64a0000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
325451e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
325551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef64a0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
325651e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
325751e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
325851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
325951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
326051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
326151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf280000 'C:\WINDOWS\System32\wdmaud.drv'
326951e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e94 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
327051e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
327151e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
327251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F871EA11D693E9807F8DF13D54497BA0E40D30AB
327351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
327451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
327551e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
327651e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
327751e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
327851e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
327951e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
328051e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
328151e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
328251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
328351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
328451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
328551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
328651e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
328751e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
328851e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
328951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
329051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
329151e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
329251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
329351e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
329451e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
329551e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
329651e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
329751e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
329851e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
329951e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffeebd00000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
330051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
330151e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffeec200000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
330251e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
330351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
330451e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
330551e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
330651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
330751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
330851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
330951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
331051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
331151e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
331251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
331351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
331451e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
331551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
331651e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
331751e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
331851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
331951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
332051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
332151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
332251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
332351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
332451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec200000 'C:\WINDOWS\System32\msacm32.drv'
332551e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001130 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
332651e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011d4ce0
332751e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011d4ce0
332851e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B1E0F68F4DF584853FE4112795D7092EFE15F7D
332951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
333051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
333151e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.870.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
333251e0.5db0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
333351e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
333451e0.5db0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
333551e0.5db0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
333651e0.5db0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
333751e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
333851e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
333951e0.5db0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
334051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
334151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
334251e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
334351e0.5db0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
334451e0.5db0: supR3HardenedDllNotificationCallback: load 00007ffee6f30000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
334551e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
334651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee6f30000 'C:\WINDOWS\System32\midimap.dll'
334751e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
334851e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
334951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee6f30000 'C:\WINDOWS\System32\midimap.dll'
335051e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
335151e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
335251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee6f30000 'C:\WINDOWS\System32\midimap.dll'
335351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
335451e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
335551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee6f30000 'C:\WINDOWS\System32\midimap.dll'
335651e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
335751e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
335851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
335951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
336051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
336151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
336951e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
337051e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
337151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
337251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
337351e0.5e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
337451e0.5e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
337551e0.5e98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
337651e0.5e98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
337751e0.5e98: supR3HardenedDllNotificationCallback: load 00007ffefb290000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
337851e0.5e98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
337951e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
338051e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
338151e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
338251e0.5db0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
338351e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
338451e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
338551e0.5db0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
338651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
338751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
338851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
338951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
339451e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
339551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec0ad0000 'C:\WINDOWS\system32\dsound.dll'
339651e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339751e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339851e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
339951e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
340051e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
340151e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
340251e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
340351e0.5db0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
340451e0.5db0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
340551e0.5db0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeebff0000 'C:\WINDOWS\System32\winmm.dll'
340651e0.31ec: KiUserExceptionDispatcher: 0xc0000005 (0000000000000000, 0000000200000012) @ 00007ffe918e77e3 (flags=0x0)
3407 rax=0000000005531eb0 rbx=0000000005a88620 rcx=0000000200000012 rdx=000000000be6f458
3408 rsi=0000000000000149 rdi=000000000739bd00 r8 =0000000000000001 r9 =0000000005a88628
3409 r10=0000000000000000 r11=0000000000000246 r12=0000000005a88620 r13=00007ffe91b21f70
3410 r14=0000000000000000 r15=00007ffe91b12c20 P1=00000000011ee160 P2=00007ffefff17a07
3411 rip=00007ffe918e77e3 rsp=000000000be6f420 rbp=0000000000000149 ctxflags=0010005f
3412 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010282 mxcrx=00001f80
3413 P3=0000f9eb42c6a0e9 P4=00007ffefffb3f77 P5=0000000001995708 P6=0000000001995708
3414 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
3415 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000002080074 dcr=000000000be6f150
3416 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
341751e0.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
341851e0.31ec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
341951e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefefd0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
342051e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefeef0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
342151e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcfe0000 'C:\WINDOWS\system32\rsaenh.dll'
342251e0.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
342351e0.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
342451e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe4b0000 'C:\WINDOWS\System32\WINTRUST.DLL'
342551e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\CRYPT32.dll'
342651e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe5c0000 'C:\WINDOWS\System32\crypt32.dll'
342751e0.31ec: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
342851e0.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
342951e0.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
343051e0.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
343151e0.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00790000 'C:\WINDOWS\System32\ntdll.dll'
34325038.63c8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 43826 ms, the end);
343341d8.41bc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 44384 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy