VirtualBox

Ticket #20619: VBoxHardening.log

File VBoxHardening.log, 407.7 KB (added by desteves, 3 years ago)

VBoxHardening

Line 
11d34.3528: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6300
21d34.3528: \SystemRoot\System32\ntdll.dll:
31d34.3528: CreationTime: 2021-10-13T23:12:56.711628000Z
41d34.3528: LastWriteTime: 2021-10-13T23:12:56.758533100Z
51d34.3528: ChangeTime: 2021-10-13T23:16:18.091413900Z
61d34.3528: FileAttributes: 0x20
71d34.3528: Size: 0x1ee520
81d34.3528: NT Headers: 0xe8
91d34.3528: Timestamp: 0xa280d1d6
101d34.3528: Machine: 0x8664 - amd64
111d34.3528: Timestamp: 0xa280d1d6
121d34.3528: Image Version: 10.0
131d34.3528: SizeOfImage: 0x1f5000 (2052096)
141d34.3528: Resource Dir: 0x184000 LB 0x6fdc8
151d34.3528: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161d34.3528: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
171d34.3528: ProductName: Microsoft® Windows® Operating System
181d34.3528: ProductVersion: 10.0.19041.1288
191d34.3528: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
201d34.3528: FileDescription: NT Layer DLL
211d34.3528: \SystemRoot\System32\kernel32.dll:
221d34.3528: CreationTime: 2021-09-07T23:40:09.064711900Z
231d34.3528: LastWriteTime: 2021-09-07T23:40:09.080716000Z
241d34.3528: ChangeTime: 2021-10-13T23:13:44.885510200Z
251d34.3528: FileAttributes: 0x20
261d34.3528: Size: 0xbc060
271d34.3528: NT Headers: 0xe8
281d34.3528: Timestamp: 0x871fae9
291d34.3528: Machine: 0x8664 - amd64
301d34.3528: Timestamp: 0x871fae9
311d34.3528: Image Version: 10.0
321d34.3528: SizeOfImage: 0xbe000 (778240)
331d34.3528: Resource Dir: 0xbc000 LB 0x520
341d34.3528: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351d34.3528: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
361d34.3528: ProductName: Microsoft® Windows® Operating System
371d34.3528: ProductVersion: 10.0.19041.1202
381d34.3528: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
391d34.3528: FileDescription: Windows NT BASE API Client DLL
401d34.3528: \SystemRoot\System32\KernelBase.dll:
411d34.3528: CreationTime: 2021-09-07T23:40:31.583512700Z
421d34.3528: LastWriteTime: 2021-09-07T23:40:31.657507500Z
431d34.3528: ChangeTime: 2021-10-13T23:13:45.338652600Z
441d34.3528: FileAttributes: 0x20
451d34.3528: Size: 0x2c9da8
461d34.3528: NT Headers: 0xf0
471d34.3528: Timestamp: 0xc9db1934
481d34.3528: Machine: 0x8664 - amd64
491d34.3528: Timestamp: 0xc9db1934
501d34.3528: Image Version: 10.0
511d34.3528: SizeOfImage: 0x2c9000 (2920448)
521d34.3528: Resource Dir: 0x2a0000 LB 0x548
531d34.3528: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541d34.3528: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
551d34.3528: ProductName: Microsoft® Windows® Operating System
561d34.3528: ProductVersion: 10.0.19041.1202
571d34.3528: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
581d34.3528: FileDescription: Windows NT BASE API Client DLL
591d34.3528: \SystemRoot\System32\apisetschema.dll:
601d34.3528: CreationTime: 2019-12-07T09:08:13.518339400Z
611d34.3528: LastWriteTime: 2019-12-07T09:08:13.518339400Z
621d34.3528: ChangeTime: 2021-10-13T23:13:44.869885400Z
631d34.3528: FileAttributes: 0x20
641d34.3528: Size: 0x1f538
651d34.3528: NT Headers: 0xd0
661d34.3528: Timestamp: 0x31288ce0
671d34.3528: Machine: 0x8664 - amd64
681d34.3528: Timestamp: 0x31288ce0
691d34.3528: Image Version: 10.0
701d34.3528: SizeOfImage: 0x20000 (131072)
711d34.3528: Resource Dir: 0x1f000 LB 0x408
721d34.3528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731d34.3528: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
741d34.3528: ProductName: Microsoft® Windows® Operating System
751d34.3528: ProductVersion: 10.0.19041.1
761d34.3528: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
771d34.3528: FileDescription: ApiSet Schema DLL
781d34.3528: NtOpenDirectoryObject failed on \Driver: 0xc0000022
791d34.3528: supR3HardenedWinFindAdversaries: 0x0
801d34.3528: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
811d34.3528: Calling main()
821d34.3528: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
831d34.3528: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
841d34.3528: SUPR3HardenedMain: Respawn #1
851d34.3528: System32: \Device\HarddiskVolume3\Windows\System32
861d34.3528: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
871d34.3528: KnownDllPath: C:\Windows\System32
881d34.3528: supR3HardenedWinInit: Performing a limited self purification...
891d34.3528: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
901d34.3528: *0000000000000000-0000000000b3ffff 0x0001/0x0000 0x0000000
911d34.3528: *0000000000b40000-0000000000b4ffff 0x0004/0x0004 0x0040000
921d34.3528: 0000000000b50000-0000000000b5ffff 0x0001/0x0000 0x0000000
931d34.3528: *0000000000b60000-0000000000b7cfff 0x0002/0x0002 0x0040000
941d34.3528: 0000000000b7d000-0000000000b7ffff 0x0001/0x0000 0x0000000
951d34.3528: *0000000000b80000-0000000000b83fff 0x0002/0x0002 0x0040000
961d34.3528: 0000000000b84000-0000000000b8ffff 0x0001/0x0000 0x0000000
971d34.3528: *0000000000b90000-0000000000b91fff 0x0004/0x0004 0x0020000
981d34.3528: 0000000000b92000-0000000000b9ffff 0x0001/0x0000 0x0000000
991d34.3528: *0000000000ba0000-0000000000ba1fff 0x0004/0x0004 0x0020000
1001d34.3528: 0000000000ba2000-0000000000bd1fff 0x0000/0x0004 0x0020000
1011d34.3528: 0000000000bd2000-0000000000bfffff 0x0001/0x0000 0x0000000
1021d34.3528: *0000000000c00000-0000000000da2fff 0x0000/0x0004 0x0020000
1031d34.3528: 0000000000da3000-0000000000da5fff 0x0004/0x0004 0x0020000
1041d34.3528: 0000000000da6000-0000000000dfffff 0x0000/0x0004 0x0020000
1051d34.3528: *0000000000e00000-0000000000eb8fff 0x0000/0x0004 0x0020000
1061d34.3528: 0000000000eb9000-0000000000ebbfff 0x0104/0x0004 0x0020000
1071d34.3528: 0000000000ebc000-0000000000efffff 0x0004/0x0004 0x0020000
1081d34.3528: 0000000000f00000-0000000000faffff 0x0001/0x0000 0x0000000
1091d34.3528: *0000000000fb0000-0000000000fb4fff 0x0004/0x0004 0x0020000
1101d34.3528: 0000000000fb5000-00000000010affff 0x0000/0x0004 0x0020000
1111d34.3528: *00000000010b0000-0000000001178fff 0x0002/0x0002 0x0040000
1121d34.3528: 0000000001179000-000000000117ffff 0x0001/0x0000 0x0000000
1131d34.3528: *0000000001180000-00000000011a4fff 0x0004/0x0004 0x0020000
1141d34.3528: 00000000011a5000-000000000127ffff 0x0000/0x0004 0x0020000
1151d34.3528: 0000000001280000-00000000012effff 0x0001/0x0000 0x0000000
1161d34.3528: *00000000012f0000-00000000012fefff 0x0004/0x0004 0x0020000
1171d34.3528: 00000000012ff000-00000000012fffff 0x0000/0x0004 0x0020000
1181d34.3528: *0000000001300000-0000000001301fff 0x0000/0x0004 0x0020000
1191d34.3528: 0000000001302000-00000000014f7fff 0x0004/0x0004 0x0020000
1201d34.3528: 00000000014f8000-00000000014f8fff 0x0000/0x0004 0x0020000
1211d34.3528: 00000000014f9000-000000007ffdffff 0x0001/0x0000 0x0000000
1221d34.3528: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1231d34.3528: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
1241d34.3528: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
1251d34.3528: 000000007fff0000-00007ff4a0e7ffff 0x0001/0x0000 0x0000000
1261d34.3528: *00007ff4a0e80000-00007ff4a0e84fff 0x0002/0x0002 0x0040000
1271d34.3528: 00007ff4a0e85000-00007ff4a0f7ffff 0x0000/0x0002 0x0040000
1281d34.3528: *00007ff4a0f80000-00007ff5a0f9ffff 0x0000/0x0004 0x0020000
1291d34.3528: *00007ff5a0fa0000-00007ff5a2f9ffff 0x0000/0x0004 0x0020000
1301d34.3528: 00007ff5a2fa0000-00007ff5a2fa0fff 0x0004/0x0004 0x0020000
1311d34.3528: 00007ff5a2fa1000-00007ff5a2faffff 0x0001/0x0000 0x0000000
1321d34.3528: *00007ff5a2fb0000-00007ff5a2fb0fff 0x0002/0x0002 0x0040000
1331d34.3528: 00007ff5a2fb1000-00007ff5a2fbffff 0x0001/0x0000 0x0000000
1341d34.3528: *00007ff5a2fc0000-00007ff5a2fe2fff 0x0002/0x0002 0x0040000
1351d34.3528: 00007ff5a2fe3000-00007ff610b5ffff 0x0001/0x0000 0x0000000
1361d34.3528: *00007ff610b60000-00007ff610b60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1371d34.3528: 00007ff610b61000-00007ff610bd7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1381d34.3528: 00007ff610bd8000-00007ff610bd8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1391d34.3528: 00007ff610bd9000-00007ff610c21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1401d34.3528: 00007ff610c22000-00007ff610c24fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1411d34.3528: 00007ff610c25000-00007ff610c27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1421d34.3528: 00007ff610c28000-00007ff610c2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1431d34.3528: 00007ff610c2b000-00007ff610c2bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1441d34.3528: 00007ff610c2c000-00007ff610c2dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1451d34.3528: 00007ff610c2e000-00007ff610c2efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1461d34.3528: 00007ff610c2f000-00007ff610c77fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1471d34.3528: 00007ff610c78000-00007ff86c51ffff 0x0001/0x0000 0x0000000
1481d34.3528: *00007ff86c520000-00007ff86c520fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1491d34.3528: 00007ff86c521000-00007ff86c632fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1501d34.3528: 00007ff86c633000-00007ff86c7aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1511d34.3528: 00007ff86c7ab000-00007ff86c7aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1521d34.3528: 00007ff86c7af000-00007ff86c7affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1531d34.3528: 00007ff86c7b0000-00007ff86c7e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1541d34.3528: 00007ff86c7e9000-00007ff86d0effff 0x0001/0x0000 0x0000000
1551d34.3528: *00007ff86d0f0000-00007ff86d0f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1561d34.3528: 00007ff86d0f1000-00007ff86d16ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1571d34.3528: 00007ff86d170000-00007ff86d1a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1581d34.3528: 00007ff86d1a3000-00007ff86d1a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1591d34.3528: 00007ff86d1a4000-00007ff86d1a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1601d34.3528: 00007ff86d1a5000-00007ff86d1adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1611d34.3528: 00007ff86d1ae000-00007ff86e96ffff 0x0001/0x0000 0x0000000
1621d34.3528: *00007ff86e970000-00007ff86e970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1631d34.3528: 00007ff86e971000-00007ff86ea8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1641d34.3528: 00007ff86ea8c000-00007ff86ead3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1651d34.3528: 00007ff86ead4000-00007ff86ead4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1661d34.3528: 00007ff86ead5000-00007ff86ead6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1671d34.3528: 00007ff86ead7000-00007ff86eadffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1681d34.3528: 00007ff86eae0000-00007ff86eb64fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1691d34.3528: 00007ff86eb65000-00007ffffffeffff 0x0001/0x0000 0x0000000
1701d34.3528: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
1711d34.3528: kernelbase.dll: timestamp 0xc9db1934 (rc=VINF_SUCCESS)
1721d34.3528: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
1731d34.3528: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1741d34.3528: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1751d34.3528: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1761d34.3528: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1771d34.3528: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1781d34.3528: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1791d34.3528: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1801d34.3528: supR3HardNtEnableThreadCreationEx:
1811d34.3528: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86e9e4b00 pvNtTerminateThread=00007ff86ea0d7c0
1821d34.3528: supR3HardenedWinDoReSpawn(1): New child 1c88.2b74 [kernel32].
1831d34.3528: supR3HardNtChildGatherData: PebBaseAddress=0000000000580000 cbPeb=0x388
1841d34.3528: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff86e970000 uNtDllChildAddr=00007ff86e970000
1851d34.3528: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff86e9e4b00
1861d34.3528: supR3HardenedWinSetupChildInit: Initial context:
187 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff610b67900 rdx=0000000000580000
188 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
189 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
190 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
191 rip=00007ff86e9c2630 rsp=000000000039fae8 rbp=0000000000000000 ctxflags=0010001b
192 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
193 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
194 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
195 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
196 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
1971d34.3528: supR3HardenedWinSetupChildInit: Start child.
1981d34.3528: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1991d34.3528: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 17 sleeps
2001d34.3528: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2011d34.3528: *0000000000000000-000000000025ffff 0x0001/0x0000 0x0000000
2021d34.3528: *0000000000260000-000000000027ffff 0x0004/0x0004 0x0020000
2031d34.3528: *0000000000280000-000000000029cfff 0x0002/0x0002 0x0040000
2041d34.3528: 000000000029d000-000000000029ffff 0x0001/0x0000 0x0000000
2051d34.3528: *00000000002a0000-000000000039afff 0x0000/0x0004 0x0020000
2061d34.3528: 000000000039b000-000000000039dfff 0x0104/0x0004 0x0020000
2071d34.3528: 000000000039e000-000000000039ffff 0x0004/0x0004 0x0020000
2081d34.3528: *00000000003a0000-00000000003a3fff 0x0002/0x0002 0x0040000
2091d34.3528: 00000000003a4000-00000000003affff 0x0001/0x0000 0x0000000
2101d34.3528: *00000000003b0000-00000000003b1fff 0x0004/0x0004 0x0020000
2111d34.3528: 00000000003b2000-00000000003fffff 0x0001/0x0000 0x0000000
2121d34.3528: *0000000000400000-000000000057ffff 0x0000/0x0004 0x0020000
2131d34.3528: 0000000000580000-0000000000582fff 0x0004/0x0004 0x0020000
2141d34.3528: 0000000000583000-00000000005fffff 0x0000/0x0004 0x0020000
2151d34.3528: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
2161d34.3528: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2171d34.3528: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
2181d34.3528: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
2191d34.3528: 000000007fff0000-00007ff5a717ffff 0x0001/0x0000 0x0000000
2201d34.3528: *00007ff5a7180000-00007ff5a7180fff 0x0002/0x0002 0x0040000
2211d34.3528: 00007ff5a7181000-00007ff5a718ffff 0x0001/0x0000 0x0000000
2221d34.3528: *00007ff5a7190000-00007ff5a71b2fff 0x0002/0x0002 0x0040000
2231d34.3528: 00007ff5a71b3000-00007ff610b5ffff 0x0001/0x0000 0x0000000
2241d34.3528: *00007ff610b60000-00007ff610b60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2251d34.3528: 00007ff610b61000-00007ff610bd7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2261d34.3528: 00007ff610bd8000-00007ff610bd8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2271d34.3528: 00007ff610bd9000-00007ff610c21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2281d34.3528: 00007ff610c22000-00007ff610c22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2291d34.3528: 00007ff610c23000-00007ff610c23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2301d34.3528: 00007ff610c24000-00007ff610c28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2311d34.3528: 00007ff610c29000-00007ff610c29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2321d34.3528: 00007ff610c2a000-00007ff610c2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2331d34.3528: 00007ff610c2b000-00007ff610c2efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2341d34.3528: 00007ff610c2f000-00007ff610c77fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2351d34.3528: 00007ff610c78000-00007ff86e96ffff 0x0001/0x0000 0x0000000
2361d34.3528: *00007ff86e970000-00007ff86e970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2371d34.3528: 00007ff86e971000-00007ff86ea8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2381d34.3528: 00007ff86ea8c000-00007ff86ead3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2391d34.3528: 00007ff86ead4000-00007ff86eadffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2401d34.3528: 00007ff86eae0000-00007ff86eaeefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2411d34.3528: 00007ff86eaef000-00007ff86eaeffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2421d34.3528: 00007ff86eaf0000-00007ff86eaf2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2431d34.3528: 00007ff86eaf3000-00007ff86eb64fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2441d34.3528: 00007ff86eb65000-00007ffffffeffff 0x0001/0x0000 0x0000000
2451d34.3528: supR3HardNtChildPurify: Done after 267 ms and 0 fixes (loop #0).
2461c88.2b74: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
2471c88.2b74: supR3HardenedVmProcessInit: uNtDllAddr=00007ff86e970000 g_uNtVerCombined=0xa04a6300 (stack ~000000000039f578)
2481c88.2b74: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS)
2491c88.2b74: New simple heap: #1 0000000000700000 LB 0x400000 (for 2052096 allocation)
2501d34.3528: supR3HardNtEnableThreadCreationEx:
2511c88.2b74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2521c88.2b74: System32: \Device\HarddiskVolume3\Windows\System32
2531c88.2b74: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2541c88.2b74: KnownDllPath: C:\Windows\System32
2551c88.2b74: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2561c88.2b74: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2571c88.2b74: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2581c88.2b74: Registered Dll notification callback with NTDLL.
2591c88.2b74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2601c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2611c88.2b74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2621c88.2b74: supR3HardenedDllNotificationCallback: load 00007ff86c520000 LB 0x002c9000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
2631c88.2b74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2641c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2651c88.2b74: supR3HardenedDllNotificationCallback: load 00007ff86d0f0000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
2661c88.2b74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2671c88.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\KERNEL32.DLL'
2681c88.2b74: supR3HardenedDllNotificationCallback: load 00007ff610b60000 LB 0x00118000 D:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2691c88.2b74: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2701c88.2b74: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2711c88.2b74: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2721c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2731c88.2b74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86e9e4b00 pvNtTerminateThread=00007ff86ea0d7c0
2741d34.3528: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 107 ms.
2751c88.2b74: \SystemRoot\System32\ntdll.dll:
2761c88.2b74: CreationTime: 2021-10-13T23:12:56.711628000Z
2771c88.2b74: LastWriteTime: 2021-10-13T23:12:56.758533100Z
2781c88.2b74: ChangeTime: 2021-10-13T23:16:18.091413900Z
2791c88.2b74: FileAttributes: 0x20
2801c88.2b74: Size: 0x1ee520
2811c88.2b74: NT Headers: 0xe8
2821c88.2b74: Timestamp: 0xa280d1d6
2831c88.2b74: Machine: 0x8664 - amd64
2841c88.2b74: Timestamp: 0xa280d1d6
2851c88.2b74: Image Version: 10.0
2861c88.2b74: SizeOfImage: 0x1f5000 (2052096)
2871c88.2b74: Resource Dir: 0x184000 LB 0x6fdc8
2881c88.2b74: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2891c88.2b74: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2901c88.2b74: ProductName: Microsoft® Windows® Operating System
2911c88.2b74: ProductVersion: 10.0.19041.1288
2921c88.2b74: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
2931c88.2b74: FileDescription: NT Layer DLL
2941c88.2b74: \SystemRoot\System32\kernel32.dll:
2951c88.2b74: CreationTime: 2021-09-07T23:40:09.064711900Z
2961c88.2b74: LastWriteTime: 2021-09-07T23:40:09.080716000Z
2971c88.2b74: ChangeTime: 2021-10-13T23:13:44.885510200Z
2981c88.2b74: FileAttributes: 0x20
2991c88.2b74: Size: 0xbc060
3001c88.2b74: NT Headers: 0xe8
3011c88.2b74: Timestamp: 0x871fae9
3021c88.2b74: Machine: 0x8664 - amd64
3031c88.2b74: Timestamp: 0x871fae9
3041c88.2b74: Image Version: 10.0
3051c88.2b74: SizeOfImage: 0xbe000 (778240)
3061c88.2b74: Resource Dir: 0xbc000 LB 0x520
3071c88.2b74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3081c88.2b74: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3091c88.2b74: ProductName: Microsoft® Windows® Operating System
3101c88.2b74: ProductVersion: 10.0.19041.1202
3111c88.2b74: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
3121c88.2b74: FileDescription: Windows NT BASE API Client DLL
3131c88.2b74: \SystemRoot\System32\KernelBase.dll:
3141c88.2b74: CreationTime: 2021-09-07T23:40:31.583512700Z
3151c88.2b74: LastWriteTime: 2021-09-07T23:40:31.657507500Z
3161c88.2b74: ChangeTime: 2021-10-13T23:13:45.338652600Z
3171c88.2b74: FileAttributes: 0x20
3181c88.2b74: Size: 0x2c9da8
3191c88.2b74: NT Headers: 0xf0
3201c88.2b74: Timestamp: 0xc9db1934
3211c88.2b74: Machine: 0x8664 - amd64
3221c88.2b74: Timestamp: 0xc9db1934
3231c88.2b74: Image Version: 10.0
3241c88.2b74: SizeOfImage: 0x2c9000 (2920448)
3251c88.2b74: Resource Dir: 0x2a0000 LB 0x548
3261c88.2b74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3271c88.2b74: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3281c88.2b74: ProductName: Microsoft® Windows® Operating System
3291c88.2b74: ProductVersion: 10.0.19041.1202
3301c88.2b74: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
3311c88.2b74: FileDescription: Windows NT BASE API Client DLL
3321c88.2b74: \SystemRoot\System32\apisetschema.dll:
3331c88.2b74: CreationTime: 2019-12-07T09:08:13.518339400Z
3341c88.2b74: LastWriteTime: 2019-12-07T09:08:13.518339400Z
3351c88.2b74: ChangeTime: 2021-10-13T23:13:44.869885400Z
3361c88.2b74: FileAttributes: 0x20
3371c88.2b74: Size: 0x1f538
3381c88.2b74: NT Headers: 0xd0
3391c88.2b74: Timestamp: 0x31288ce0
3401c88.2b74: Machine: 0x8664 - amd64
3411c88.2b74: Timestamp: 0x31288ce0
3421c88.2b74: Image Version: 10.0
3431c88.2b74: SizeOfImage: 0x20000 (131072)
3441c88.2b74: Resource Dir: 0x1f000 LB 0x408
3451c88.2b74: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3461c88.2b74: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3471c88.2b74: ProductName: Microsoft® Windows® Operating System
3481c88.2b74: ProductVersion: 10.0.19041.1
3491c88.2b74: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
3501c88.2b74: FileDescription: ApiSet Schema DLL
3511c88.2b74: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3521c88.2b74: supR3HardenedWinFindAdversaries: 0x0
3531c88.2b74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3541c88.2b74: Calling main()
3551c88.2b74: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3561c88.2b74: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3571c88.2b74: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3581c88.2b74: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3591c88.2b74: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3601c88.2b74: SUPR3HardenedMain: Respawn #2
3611c88.2b74: supR3HardNtEnableThreadCreationEx:
3621c88.2b74: supR3HardenedDllNotificationCallback: load 00007ff86cf50000 LB 0x0012a000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
3631c88.2b74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3641c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3651c88.2b74: supR3HardenedDllNotificationCallback: load 00007ff86e3b0000 LB 0x0009b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
3661c88.2b74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3671c88.2b74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
3681c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
3691c88.2b74: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3701c88.2b74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
3711c88.2b74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3721c88.2b74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3731c88.2b74: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3741c88.2b74: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3751c88.2b74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3761c88.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e970000 'C:\Windows\System32\ntdll.dll'
3771c88.2b74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86e9e4b00 pvNtTerminateThread=00007ff86ea0d7c0
3781c88.2b74: supR3HardenedWinDoReSpawn(2): New child 39a0.3430 [kernel32].
3791c88.2b74: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3801c88.2b74: supR3HardNtChildGatherData: PebBaseAddress=0000000000d76000 cbPeb=0x388
3811c88.2b74: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff86e970000 uNtDllChildAddr=00007ff86e970000
3821c88.2b74: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff86e9e4b00
3831c88.2b74: supR3HardenedWinSetupChildInit: Initial context:
384 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff610b67900 rdx=0000000000d76000
385 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
386 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
387 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
388 rip=00007ff86e9c2630 rsp=0000000000effa28 rbp=0000000000000000 ctxflags=0010001b
389 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
390 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
391 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
392 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
393 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3941c88.2b74: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
3951c88.2b74: supR3HardenedWinSetupChildInit: Start child.
3961c88.2b74: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3971c88.2b74: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 17 sleeps
3981c88.2b74: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3991c88.2b74: *0000000000000000-0000000000bbffff 0x0001/0x0000 0x0000000
4001c88.2b74: *0000000000bc0000-0000000000bdffff 0x0004/0x0004 0x0020000
4011c88.2b74: *0000000000be0000-0000000000bfcfff 0x0002/0x0002 0x0040000
4021c88.2b74: 0000000000bfd000-0000000000bfffff 0x0001/0x0000 0x0000000
4031c88.2b74: *0000000000c00000-0000000000d75fff 0x0000/0x0004 0x0020000
4041c88.2b74: 0000000000d76000-0000000000d78fff 0x0004/0x0004 0x0020000
4051c88.2b74: 0000000000d79000-0000000000dfffff 0x0000/0x0004 0x0020000
4061c88.2b74: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
4071c88.2b74: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
4081c88.2b74: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
4091c88.2b74: *0000000000f00000-0000000000f03fff 0x0002/0x0002 0x0040000
4101c88.2b74: 0000000000f04000-0000000000f0ffff 0x0001/0x0000 0x0000000
4111c88.2b74: *0000000000f10000-0000000000f11fff 0x0004/0x0004 0x0020000
4121c88.2b74: 0000000000f12000-000000007ffdffff 0x0001/0x0000 0x0000000
4131c88.2b74: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4141c88.2b74: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
4151c88.2b74: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
4161c88.2b74: 000000007fff0000-00007ff57731ffff 0x0001/0x0000 0x0000000
4171c88.2b74: *00007ff577320000-00007ff577320fff 0x0002/0x0002 0x0040000
4181c88.2b74: 00007ff577321000-00007ff57732ffff 0x0001/0x0000 0x0000000
4191c88.2b74: *00007ff577330000-00007ff577352fff 0x0002/0x0002 0x0040000
4201c88.2b74: 00007ff577353000-00007ff610b5ffff 0x0001/0x0000 0x0000000
4211c88.2b74: *00007ff610b60000-00007ff610b60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4221c88.2b74: 00007ff610b61000-00007ff610bd7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4231c88.2b74: 00007ff610bd8000-00007ff610bd8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4241c88.2b74: 00007ff610bd9000-00007ff610c21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4251c88.2b74: 00007ff610c22000-00007ff610c22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4261c88.2b74: 00007ff610c23000-00007ff610c23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4271c88.2b74: 00007ff610c24000-00007ff610c28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4281c88.2b74: 00007ff610c29000-00007ff610c29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4291c88.2b74: 00007ff610c2a000-00007ff610c2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4301c88.2b74: 00007ff610c2b000-00007ff610c2efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4311c88.2b74: 00007ff610c2f000-00007ff610c77fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4321c88.2b74: 00007ff610c78000-00007ff86e96ffff 0x0001/0x0000 0x0000000
4331c88.2b74: *00007ff86e970000-00007ff86e970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4341c88.2b74: 00007ff86e971000-00007ff86ea8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4351c88.2b74: 00007ff86ea8c000-00007ff86ead3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4361c88.2b74: 00007ff86ead4000-00007ff86eadffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4371c88.2b74: 00007ff86eae0000-00007ff86eaeefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4381c88.2b74: 00007ff86eaef000-00007ff86eaeffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4391c88.2b74: 00007ff86eaf0000-00007ff86eaf2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4401c88.2b74: 00007ff86eaf3000-00007ff86eb64fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4411c88.2b74: 00007ff86eb65000-00007ffffffeffff 0x0001/0x0000 0x0000000
4421c88.2b74: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
4431c88.2b74: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4441c88.2b74: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4451c88.2b74: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4461c88.2b74: supR3HardNtChildPurify: Done after 315 ms and 0 fixes (loop #0).
44739a0.3430: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
44839a0.3430: supR3HardenedVmProcessInit: uNtDllAddr=00007ff86e970000 g_uNtVerCombined=0xa04a6300 (stack ~0000000000eff4b8)
44939a0.3430: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS)
45039a0.3430: New simple heap: #1 0000000001020000 LB 0x400000 (for 2052096 allocation)
4511c88.2b74: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
4521c88.2b74: supR3HardNtEnableThreadCreationEx:
45339a0.3430: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
45439a0.3430: System32: \Device\HarddiskVolume3\Windows\System32
45539a0.3430: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
45639a0.3430: KnownDllPath: C:\Windows\System32
45739a0.3430: supR3HardenedVmProcessInit: Opening vboxdrv...
45839a0.3430: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
45939a0.3430: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
46039a0.3430: Registered Dll notification callback with NTDLL.
46139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
46239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
46339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
46439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c520000 LB 0x002c9000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
46539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
46639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
46739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d0f0000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
46839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
46939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\KERNEL32.DLL'
47039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff610b60000 LB 0x00118000 D:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
47139a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
47239a0.3430: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
47339a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
47439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
47539a0.3430: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff86e9e4b00 pvNtTerminateThread=00007ff86ea0d7c0
4761c88.2b74: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
47739a0.3430: \SystemRoot\System32\ntdll.dll:
47839a0.3430: CreationTime: 2021-10-13T23:12:56.711628000Z
47939a0.3430: LastWriteTime: 2021-10-13T23:12:56.758533100Z
48039a0.3430: ChangeTime: 2021-10-13T23:16:18.091413900Z
48139a0.3430: FileAttributes: 0x20
48239a0.3430: Size: 0x1ee520
48339a0.3430: NT Headers: 0xe8
48439a0.3430: Timestamp: 0xa280d1d6
48539a0.3430: Machine: 0x8664 - amd64
48639a0.3430: Timestamp: 0xa280d1d6
48739a0.3430: Image Version: 10.0
48839a0.3430: SizeOfImage: 0x1f5000 (2052096)
48939a0.3430: Resource Dir: 0x184000 LB 0x6fdc8
49039a0.3430: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
49139a0.3430: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
49239a0.3430: ProductName: Microsoft® Windows® Operating System
49339a0.3430: ProductVersion: 10.0.19041.1288
49439a0.3430: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
49539a0.3430: FileDescription: NT Layer DLL
49639a0.3430: \SystemRoot\System32\kernel32.dll:
49739a0.3430: CreationTime: 2021-09-07T23:40:09.064711900Z
49839a0.3430: LastWriteTime: 2021-09-07T23:40:09.080716000Z
49939a0.3430: ChangeTime: 2021-10-13T23:13:44.885510200Z
50039a0.3430: FileAttributes: 0x20
50139a0.3430: Size: 0xbc060
50239a0.3430: NT Headers: 0xe8
50339a0.3430: Timestamp: 0x871fae9
50439a0.3430: Machine: 0x8664 - amd64
50539a0.3430: Timestamp: 0x871fae9
50639a0.3430: Image Version: 10.0
50739a0.3430: SizeOfImage: 0xbe000 (778240)
50839a0.3430: Resource Dir: 0xbc000 LB 0x520
50939a0.3430: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
51039a0.3430: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
51139a0.3430: ProductName: Microsoft® Windows® Operating System
51239a0.3430: ProductVersion: 10.0.19041.1202
51339a0.3430: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
51439a0.3430: FileDescription: Windows NT BASE API Client DLL
51539a0.3430: \SystemRoot\System32\KernelBase.dll:
51639a0.3430: CreationTime: 2021-09-07T23:40:31.583512700Z
51739a0.3430: LastWriteTime: 2021-09-07T23:40:31.657507500Z
51839a0.3430: ChangeTime: 2021-10-13T23:13:45.338652600Z
51939a0.3430: FileAttributes: 0x20
52039a0.3430: Size: 0x2c9da8
52139a0.3430: NT Headers: 0xf0
52239a0.3430: Timestamp: 0xc9db1934
52339a0.3430: Machine: 0x8664 - amd64
52439a0.3430: Timestamp: 0xc9db1934
52539a0.3430: Image Version: 10.0
52639a0.3430: SizeOfImage: 0x2c9000 (2920448)
52739a0.3430: Resource Dir: 0x2a0000 LB 0x548
52839a0.3430: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
52939a0.3430: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
53039a0.3430: ProductName: Microsoft® Windows® Operating System
53139a0.3430: ProductVersion: 10.0.19041.1202
53239a0.3430: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
53339a0.3430: FileDescription: Windows NT BASE API Client DLL
53439a0.3430: \SystemRoot\System32\apisetschema.dll:
53539a0.3430: CreationTime: 2019-12-07T09:08:13.518339400Z
53639a0.3430: LastWriteTime: 2019-12-07T09:08:13.518339400Z
53739a0.3430: ChangeTime: 2021-10-13T23:13:44.869885400Z
53839a0.3430: FileAttributes: 0x20
53939a0.3430: Size: 0x1f538
54039a0.3430: NT Headers: 0xd0
54139a0.3430: Timestamp: 0x31288ce0
54239a0.3430: Machine: 0x8664 - amd64
54339a0.3430: Timestamp: 0x31288ce0
54439a0.3430: Image Version: 10.0
54539a0.3430: SizeOfImage: 0x20000 (131072)
54639a0.3430: Resource Dir: 0x1f000 LB 0x408
54739a0.3430: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54839a0.3430: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
54939a0.3430: ProductName: Microsoft® Windows® Operating System
55039a0.3430: ProductVersion: 10.0.19041.1
55139a0.3430: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
55239a0.3430: FileDescription: ApiSet Schema DLL
55339a0.3430: NtOpenDirectoryObject failed on \Driver: 0xc0000022
55439a0.3430: supR3HardenedWinFindAdversaries: 0x0
55539a0.3430: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
55639a0.3430: Calling main()
55739a0.3430: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
55839a0.3430: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
55939a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
56039a0.3430: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
56139a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
56239a0.3430: SUPR3HardenedMain: Final process, opening VBoxDrv...
56339a0.3430: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001020000 LB 0x400000)
56439a0.3430: supR3HardNtEnableThreadCreationEx:
56539a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
56639a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
56739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
56839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56939a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff867310000 LB 0x00005000 D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
57139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867310000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
57639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867310000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867310000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
57939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
58039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
58139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
58239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
58339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
58639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
58739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
58839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
59039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
59139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
59239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d7d0000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
59339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
59439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86cf50000 LB 0x0012a000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
59539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
59639a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c820000 LB 0x00060000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
59739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
59839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c090000 LB 0x00100000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
59939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
60039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
60139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c340000 LB 0x00156000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
60239a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
60339a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
60439a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
60539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-synch-l1-2-0'
60739a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
60839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
60939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-fibers-l1-1-1'
61039a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
61139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-fibers-l1-1-1'
61339a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
61439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-synch-l1-2-0'
61639a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
61739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
61839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-localization-l1-2-1'
61939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
62039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
62139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86bba0000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
62239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
62339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c820000 'C:\Windows\system32\Wintrust.dll'
62439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
62539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
62639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c4f0000 LB 0x00027000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
62839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
62939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c4f0000 'C:\Windows\system32\bcrypt.dll'
63039a0.3430: bcrypt.dll loaded at 00007ff86c4f0000, BCryptOpenAlgorithmProvider at 00007ff86c4f51e0, preloading providers:
63139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
63239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
63339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c880000 LB 0x00083000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
63539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
63639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c880000 'C:\Windows\system32\bcryptprimitives.dll'
63739a0.3430: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000157fed0)
63839a0.3430: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001580d60)
63939a0.3430: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001581080)
64039a0.3430: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000015813a0)
64139a0.3430: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000015816c0)
64239a0.3430: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000015819e0)
64339a0.3430: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001581d00)
64439a0.3430: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001582020)
64539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
64639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
64739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86b970000 LB 0x00018000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
64839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
64939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
65039a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
65139a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
65239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
65339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
65439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65639a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86b0b0000 LB 0x00034000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
65839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
66039a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
66139a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
66239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86b8a0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
66339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
66439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
66539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\kernel32.dll'
66739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
66839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c820000 'C:\Windows\System32\WINTRUST.DLL'
67039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
67139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\CRYPT32.dll'
67339a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86cca0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
67439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
67539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
67639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
67739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
67939a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86e3b0000 LB 0x0009b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
68039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
68139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
68239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
68339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
68539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
68639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
68739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86a710000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
68839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
68939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
69039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
69139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86bfd0000 LB 0x0001f000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
69239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
69339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
69439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
69539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
69639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
69739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
69839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
69939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
70039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
70439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
70539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
70639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
71039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
71139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
71239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71339a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff860580000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
71539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
71939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
72239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
72539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
72739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
72839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
73039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
73139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
73339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
73439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
73639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
73839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
73939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
74039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
74239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
74439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
74539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
74639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
74739a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86cd20000 LB 0x000ac000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
74839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
75039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
75139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
75239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
75339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
75539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
75639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
75739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
75839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
75939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
76039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
76539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
76639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
76839a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
76939a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000015cb4f0
77039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
77139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF5EACF36F78DD76A9C15BF564DC1094C86C4B18
77239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
77339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cf50000 'C:\Windows\System32\rpcrt4.dll'
77539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
77839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
77939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
78139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\SystemRoot\System32\ntdll.dll'
78239a0.3430: g_pfnWinVerifyTrust=00007ff86c821da0
78339a0.3430: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
78439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
78739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
78839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
79039a0.3430: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
79139a0.3430: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
79239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
79539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
79639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
79839a0.3430: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
79939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
80239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
80339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
80539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
80639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
80839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
80939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
81039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
81239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
81339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
81439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
81639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
81739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
81839a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
82039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
82139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
82239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
82439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
82539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
82639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
82839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
82939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
83039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
83239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
83339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
83439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
83539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
83739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
83839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
84039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
84139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
84239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
84339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
84439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
84539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
84639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
84739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
84839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
84939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
85039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
85139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
85239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
85339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
85439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
85539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
85639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
85739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
85839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
85939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
86039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
86139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
86239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
86339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
86439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
86539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
86639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
86739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
86839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
86939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\system32\crypt32.dll'
87039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
87139a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
87239a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
87339a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
87439a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
87539a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
87639a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xe42b2a065642d400 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
87739a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
87839a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
87939a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
88039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xdb6af081a010426f CN=LAPASUSDE
88139a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
88239a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
88339a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
88439a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
88539a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
88639a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
88739a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
88839a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
88939a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
89039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
89139a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
89239a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
89339a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
89439a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
89539a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
89639a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
89739a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
89839a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
89939a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
90039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
90139a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
90239a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
90339a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
90439a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
90539a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
90639a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
90739a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
90839a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
90939a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
91039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
91139a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
91239a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
91339a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
91439a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
91539a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
91639a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
91739a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
91839a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
91939a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
92039a0.3430: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
92139a0.3430: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=51
92239a0.3430: SUPR3HardenedMain: Load Runtime...
92339a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
92439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
92539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
92639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
92739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
92839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
92939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
93039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
93139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
93239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
93339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
93439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
93539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
93639a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
93739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
93839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
93939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
94039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
94139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
94239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
94339a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
94439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
94539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
94639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
94739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
94839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
94939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
95039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
95139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
95239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
95339a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
95439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
95539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
95639a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
95739a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
95839a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll)
95939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
96039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
96139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
96239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
96339a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
96439a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
96539a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
96639a0.3430: supR3HardenedDllNotificationCallback: load 000000006cd30000 LB 0x000d2000 D:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
96739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
96839a0.3430: supR3HardenedDllNotificationCallback: load 000000006cc90000 LB 0x00098000 D:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
96939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
97039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d080000 LB 0x0006b000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
97139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
97239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff807a30000 LB 0x005e0000 D:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
97339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
97439a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
97539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
97639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
97739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
98439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
98839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
98939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
99139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99539a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
99739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
99839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100039a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100239a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100439a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
100539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
100639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100739a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
100839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
100939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
101239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101439a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102439a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
102739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
102839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103439a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
103739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
103839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104439a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
104739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
104839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
105439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
105839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
105939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
106839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
106939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
107639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
107839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
107939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
108639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
108839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
108939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
109639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
109839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
109939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
110639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
110839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
110939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
111639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
111839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
111939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
112639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
112839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
112939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113139a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
113539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
113639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
113739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
113839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
113939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114039a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
114339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114539a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
114739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
114839a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
114939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
115039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff807a30000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
115139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
115239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'
115339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
115439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
115539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c820000 'C:\Windows\system32\Wintrust.dll'
115639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
115739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
115839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
115939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
116039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
116139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
116239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\system32\crypt32.dll'
116339a0.3430: SUPR3HardenedMain: Load TrustedMain...
116439a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
116539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
116639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
116739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
116839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
116939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
117039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
117139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
117239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
117339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
117439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
117539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
117639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
117739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
117839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
117939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
118039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
118139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
118239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
118339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
118439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
118539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
118639a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
118739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
118839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
118939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
119039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
119139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
119239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
119339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
119439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
119539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
119639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
119739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
119839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
119939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
120039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
120139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
120239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
120339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
120439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
120539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
120639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
120739a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
120839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
120939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
121039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
121139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
121239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
121339a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
121439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
121539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
121639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
121739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
121839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
121939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
122039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
122139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
122239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
122339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
122439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
122539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
122639a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
122739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
122839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
122939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
123039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
123139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
123239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
123339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
123439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
123539a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
123639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
123739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
123839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
123939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
124039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
124139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
124239a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
124339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
124439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
124539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
124639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
124739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
124839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
124939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
125039a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
125139a0.3430: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
125239a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
125339a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
125439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
125539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
125639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
125739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
125839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
125939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
126039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
126139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
126239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
126339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
126439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
126539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
126639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
126739a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
126839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
126939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
127039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
127139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
127239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
127339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
127439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
127539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
127639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
127739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
127839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
127939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
128039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
128139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
128239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
128339a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
128439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
128539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
128639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
128739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
128839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
128939a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
129039a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
129139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
129239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
129339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
129439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
129539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
129639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
129739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
129839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
129939a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
130039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
130139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
130239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
130339a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
130439a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
130539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
130639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
130739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
130839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
130939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
131039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
131139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
131239a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
131339a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
131439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
131539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
131639a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
131739a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
131839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
131939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
132039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
132139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
132239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
132339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
132439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
132539a0.3430: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
132639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
132739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
132839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
132939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
133039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
133139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
133239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
133339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
133439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
133539a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
133639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
133739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
133839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
133939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
134039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
134139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
134239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
134339a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
134439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
134539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
134639a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
134739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
134839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
134939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
135039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
135139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
135239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
135339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
135439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
135539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
135639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
135739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
135839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
135939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
136039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
136139a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
136239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
136339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
136439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
136539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
136639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
136739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
136839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
136939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
137039a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
137139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
137239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
137339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
137439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
137539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
137639a0.3430: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
137739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
137839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
137939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
138039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
138139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
138239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
138339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
138439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
138539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
138639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
138739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
138839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
138939a0.3430: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
139039a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
139139a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
139239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
139339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
139439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
139539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
139639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
139739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
139839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
139939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
140039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
140139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
140239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
140339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
140439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
140539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
140639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
140739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
140839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
140939a0.3430: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
141039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
141139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
141239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
141339a0.3430: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
141439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
141539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
141639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
141739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
141839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
141939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
142039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
142139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
142239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
142339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
142439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
142539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
142639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
142739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
142839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
142939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
143039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
143139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
143239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
143339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
143439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
143539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
143639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
143739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
143839a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
143939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
144039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
144139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
144239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
144339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
144439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
144539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
144639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
144739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
144839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
144939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
145039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
145139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
145239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
145339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
145439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
145539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
145639a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
145739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
145839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
145939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
146039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
146139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
146239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
146339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
146439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
146539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
146639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
146739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
146839a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
146939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
147039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
147139a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
147239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
147339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
147439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
147539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
147639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
147739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
147839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
147939a0.3430: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
148039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
148139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
148239a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
148339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
148439a0.3430: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
148539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
148639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
148739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
148839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
148939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
149039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
149139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
149239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
149339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
149439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
149539a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
149639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
149739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
149839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
149939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
150039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
150139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
150239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
150339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
150439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
150539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
150639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
150739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
150839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
150939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
151039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
151139a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
151239a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
151339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
151439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
151539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E7659A85CD9E1DD85A2EDD240E0AFC0D2340903
151639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
151739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
151839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
151939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
152039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
152139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
152239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
152339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
152439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
152539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
152639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
152739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
152839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
152939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
153039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
153139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
153239a0.3430: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
153339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
153439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
153539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
153639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
153739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
153839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
153939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
154039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
154139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
154239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
154339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
154439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
154539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
154639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
154739a0.3430: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
154839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
154939a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
155039a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
155139a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
155239a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
155339a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
155439a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
155539a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
155639a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
155739a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
155839a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
155939a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c7f0000 LB 0x00022000 C:\Windows\System32\win32u.dll [fFlags=0x0]
156039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
156139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c2a0000 LB 0x0009d000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
156239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
156339a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c190000 LB 0x0010b000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
156439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
156539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
156639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
156739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
156839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
156939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
157039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d9c0000 LB 0x0002b000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
157139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
157239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86c9c0000 LB 0x001a1000 C:\Windows\System32\USER32.dll [fFlags=0x0]
157339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
157439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d470000 LB 0x00355000 C:\Windows\System32\combase.dll [fFlags=0x0]
157539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
157639a0.3430: supR3HardenedDllNotificationCallback: load 00007ff84f850000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
157739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
157839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff84cb90000 LB 0x00125000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
157939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
158039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86dba0000 LB 0x0073f000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
158139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
158239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86cb70000 LB 0x0012a000 C:\Windows\System32\ole32.dll [fFlags=0x0]
158339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
158439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff863220000 LB 0x0001d000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
158539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
158639a0.3430: supR3HardenedDllNotificationCallback: load 000000006ce10000 LB 0x00565000 D:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
158739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
158839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff805410000 LB 0x005f7000 D:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
158939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
159039a0.3430: supR3HardenedDllNotificationCallback: load 000000006c720000 LB 0x00561000 D:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
159139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
159239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86e2e0000 LB 0x000cd000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
159339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
159439a0.3430: supR3HardenedDllNotificationCallback: load 00007ffff64f0000 LB 0x02316000 D:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
159539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
159639a0.3430: supR3HardenedDllNotificationCallback: load 000000006c6c0000 LB 0x00054000 D:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
159739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
159839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff859740000 LB 0x00027000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
159939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
160039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff820690000 LB 0x001c8000 D:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
160139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
160239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
160339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
160439a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
160539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
160639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
160739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
160839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
160939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
161039a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
161139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
161239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
161339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
161439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
161539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
161639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
161739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
161839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
161939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
162039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
162139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
162239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
162339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
162439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
162539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
162639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
162739a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
162839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
163139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
163239a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
163339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
163639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
163739a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
163839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
163939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
164039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
164139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
164239a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
164339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
164439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\kernel32.dll'
164539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
164639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
164739a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
164839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
164939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
165039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
165139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
165239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
165339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
165439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
165539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
165639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
165739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
165839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
165939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
166039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
166139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
166239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
166339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
166439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
166539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
166639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
166739a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
166839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
166939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
167039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
167139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
167239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
167339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
167439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
167539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
167639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
167739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
167839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
167939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
168039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
168139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
168239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
168339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
168439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
168539a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
168639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
168739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-string-l1-1-0'
168839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
168939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
169039a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
169139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
169239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
169339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
169439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
169539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
169639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
169739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
169839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
169939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
170039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
170139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
170239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
170339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
170439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
170539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
170639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
170739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
170839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
170939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
171039a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
171139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
171239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
171339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
171439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
171539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
171639a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
171739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
171839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
171939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
172039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
172139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
172239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
172339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
172439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
172539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
172639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
172739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
172839a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
172939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-datetime-l1-1-1'
173139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
173239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
173339a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
173439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
173539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
173639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
173739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
173839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
173939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
174039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
174139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
174239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
174339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
174439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
174539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
174639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
174739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
174839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
174939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
175039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
175139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
175239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
175339a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
175439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
175539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
175639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
175739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
175839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
175939a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
176039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
176139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
176239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
176339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
176439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
176539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
176639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
176739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
176839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
176939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
177039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
177139a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
177239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
177339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-localization-obsolete-l1-2-0'
177439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
177539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
177639a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
177739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
177839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
177939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
178039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
178139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
178239a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
178339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
178439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
178539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
178639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
178739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
178839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
178939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
179039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
179139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
179239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
179339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
179439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
179539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
179639a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
179739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
179839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
179939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
180039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
180139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
180239a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
180339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
180439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
180539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
180639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
180739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
180839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
180939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
181039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
181139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
181239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
181339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
181439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
181539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
181639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
181739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
181839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
181939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
182039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
182139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
182239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
182339a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
182439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
182539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
182639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
182739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
182839a0.3430: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
182939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
183039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86ce90000 LB 0x00030000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
183139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
183239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ce90000 'C:\Windows\system32\IMM32.DLL'
183339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
183439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
183539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
183639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
183739a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
183839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
183939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
184039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
184139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
184239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
184339a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
184439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
184539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
184639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
184739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
184839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
184939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
185039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
185139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
185239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
185339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
185439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
185539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
185639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
185739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
185839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
185939a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
186039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
186139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
186239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
186339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
186439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
186539a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
186639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
186739a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
186839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
186939a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
187039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
187139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
187239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
187339a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
187439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
187539a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
187639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
187739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
187839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cd20000 'C:\Windows\System32\ADVAPI32.DLL'
188039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
188139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
188239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
188339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
188439a0.3430: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
188539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
188639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
188739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
188839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
188939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
189039a0.3430: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
189139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
189239a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
189339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
189439a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
189539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
189639a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
189739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
189839a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
189939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
190039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
190139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
190239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820690000 'D:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
190339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
190439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
190539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
190639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
190739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
190839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
190939a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
191039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
191139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
191239a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0FEA41B8444B51E45D80438EF35CC443EA7D79A6
191339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
191439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
191539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
191639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
191739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
191839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
191939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
192039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
192139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
192239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
192339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
192439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
192539a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
192639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
192739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
192839a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
192939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
193039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
193139a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
193239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
193339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
193439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
193539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
193639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
193739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
193839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
193939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
194039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
194139a0.3430: SUPR3HardenedMain: Calling TrustedMain (00007ff8206916c0)...
194239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
194339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
194439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
194539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
194639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
194739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
194939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
195039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86b930000 LB 0x0002c000 C:\Windows\SYSTEM32\Wldp.dll [fFlags=0x0]
195139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
195239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff869e60000 LB 0x00790000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
195339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
195439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d3b0000 LB 0x000ad000 C:\Windows\System32\SHCORE.dll [fFlags=0x0]
195539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
195739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
195839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
195939a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86e450000 LB 0x00055000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
196039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
196139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
196239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
196339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
196439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
196539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
196639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
196739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
196839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
196939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
197039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
197139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
197239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
197339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
197439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
197539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
197639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
197739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
197839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
197939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
198039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
198139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
198239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
198339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
198439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
198539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
198639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
198739a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
198839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
198939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
199039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
199139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
199239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
199339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
199439a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
199539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
199639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
199739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
199839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
199939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
200039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
200139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
200239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
200339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
200439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
200539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
200639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
200739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
200839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
200939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
201039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
201139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
201239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
201339a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
201439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
201539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
201639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
201739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
201839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
201939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
202039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
202139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
202239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
202339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
202439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
202539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
202639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
202739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
202839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
202939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
203039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
203139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
203239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
203539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
203639a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
203739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
203839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
203939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
204039a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
204139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff830460000 LB 0x0012e000 D:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
204239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
204339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830460000 'D:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
204439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
204539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
204639a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
204739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
204839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86adf0000 LB 0x00012000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
204939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
205039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
205139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
205239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
205439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
205539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
205639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
205739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c8 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
205839a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
205939a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
206039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D52B5B313F26D198724C9A8532CECB1A8130856B
206139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
206239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
206339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0519~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
206439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
206539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
206639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
206739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
206839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
206939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
207039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
207139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
207239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
207339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
207439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
207539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
207639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
207739a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
207839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff8694f0000 LB 0x0009e000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
207939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
208039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8694f0000 'C:\Windows\system32\uxtheme.dll'
208139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c9c0000 'C:\Windows\system32\user32.dll'
208239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
208339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
208439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
208539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
208639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
208739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d3b0000 'C:\Windows\system32\SHCore.dll'
208839a0.3430: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
208939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
209039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
209139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff859740000 'C:\Windows\system32\winmm.dll'
209339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
209439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff859740000 'C:\Windows\system32\winmm.dll'
209639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
209739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
209939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
210039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
210139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8694f0000 'C:\Windows\system32\uxtheme.dll'
210239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
210339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
210439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cd20000 'C:\Windows\system32\advapi32.dll'
210539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
210639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
210739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
210839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
210939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
211039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
211139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
211239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211339a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
211439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86bf90000 LB 0x0002e000 C:\Windows\system32\userenv.dll [fFlags=0x0]
211539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
211639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86bf90000 'C:\Windows\system32\userenv.dll'
211739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
211839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\kernel32.dll'
212039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86cde0000 LB 0x000a9000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
212139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
212239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
212339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
212439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
212539a0.3fc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
212639a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
212739a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
212839a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
212939a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
213039a0.3fc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
213139a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
213239a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
213339a0.3fc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
213439a0.3fc4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
213539a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
213639a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
213739a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
213839a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
213939a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
214039a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
214139a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
214239a0.3fc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
214339a0.3fc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
214439a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
214539a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
214639a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
214739a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
214839a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
214939a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
215039a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
215139a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
215239a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
215339a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
215439a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
215539a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
215639a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
215739a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
215839a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
215939a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
216039a0.3fc4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
216139a0.3fc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
216239a0.3fc4: supR3HardenedDllNotificationCallback: load 00007ff80fba0000 LB 0x003c1000 D:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
216339a0.3fc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
216439a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80fba0000 'D:\Program Files\Oracle\VirtualBox\VBoxC.dll'
216539a0.3fc4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
216639a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
216739a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
216839a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
216939a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
217039a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
217139a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
217239a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
217339a0.3fc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
217439a0.3fc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
217539a0.3fc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
217639a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
217739a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
217839a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
217939a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
218039a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
218139a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
218239a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
218339a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
218439a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
218539a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
218639a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
218739a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
218839a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
218939a0.3fc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
219039a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
219139a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
219239a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
219339a0.3fc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
219439a0.3fc4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
219539a0.3fc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
219639a0.3fc4: supR3HardenedDllNotificationCallback: load 00007ff8347c0000 LB 0x000ef000 D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
219739a0.3fc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
219839a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8347c0000 'D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
219939a0.3fc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
220039a0.3fc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
220139a0.3fc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e2e0000 'C:\Windows\System32\oleaut32.dll'
220239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d9c0000 'C:\Windows\system32\gdi32.dll'
220339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
220439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
220539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
220639a0.3430: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
220739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
220839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
220939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
221039a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
221139a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
221239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
221339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
221439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
221539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
221639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
221739a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
221839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff818c50000 LB 0x0037d000 D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
221939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
222039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818c50000 'D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
222139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86d290000 LB 0x00115000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
222239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
222339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
222439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
222539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
222639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
222739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
222839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
222939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
223039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
223139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
223239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
223339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
223439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
223539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
223639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
223739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
223839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
223939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
224039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
224139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
224239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
224339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
224439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000944 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
224539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
224639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
224739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=10C8EED78FF666463DD0F7C87CBD6A8D57556CBA
224839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
224939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
225039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
225139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
225239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
225439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
225539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
225639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
225739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
225839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
225939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
226039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
226139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
226239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
226339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
226439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
226539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
226639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
226739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
226839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
226939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
227039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
227139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
227239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
227339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
227439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
227539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
227639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
227739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
227839a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
227939a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
228039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
228339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
228439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
228539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
228639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
228739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
228839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
228939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
229039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
229139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
229239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
229339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
229439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
229539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
229639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
229739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
229839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
229939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
230039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
230139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
230239a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
230339a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
230439a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
230539a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
230639a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86a880000 LB 0x000f4000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
230739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
230839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff8677f0000 LB 0x00264000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
230939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
231039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff868720000 LB 0x001e5000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
231139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
231239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff846780000 LB 0x0003e000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
231339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
231439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d9c0000 'C:\Windows\System32\gdi32.dll'
231539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff846780000 'C:\Windows\system32\dataexchange.dll'
231639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
231739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
231839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
231939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
232039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
232139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff8634c0000 LB 0x00201000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
232239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
232339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
232439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
232539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
232639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
232739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
232839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
232939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
233039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
233139a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
233239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
233339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
233439a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
233539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
233639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d3b0000 'C:\Windows\system32\Shcore.dll'
233839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
233939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
234039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
234139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
234239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
234339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
234439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
234539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
234639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
234739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
234839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
234939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
235039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
235139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
235239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
235339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
235439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
235539a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
235639a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
235739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
235839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
235939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
236039a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
236139a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
236239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86ab60000 LB 0x00033000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
236339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
236439a0.3430: supR3HardenedDllNotificationCallback: load 00007ff868ff0000 LB 0x000f2000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
236539a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
236639a0.3430: supR3HardenedDllNotificationCallback: load 00007ff868480000 LB 0x00154000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
236739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
236839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff868c90000 LB 0x0035e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
236939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
237039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff84e6c0000 LB 0x000f9000 C:\Windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
237139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
237239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
237339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
237439a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
237539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
237639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
237739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
237839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
237939a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
238039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
238139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
238239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
238339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
238439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
238539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
238639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
238739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
238839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
238939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
239039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
239139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
239239a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
239339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
239439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
239539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
239639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
239739a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
239839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
239939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
240039a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
240139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
240239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
240339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
240439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
240539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
240639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
240739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
240839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
240939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
241039a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
241139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
241239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
241339a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
241439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
241539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
241639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
241739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
241839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
241939a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
242039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
242139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
242239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
242339a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
242439a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c9c0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
242639a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
242739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c9c0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
242939a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
243039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d470000 'api-ms-win-core-com-l1-1-0.dll'
243239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
243339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
243439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d290000 'C:\Windows\System32\MSCTF.dll'
243539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume3\Windows\System32\oleacc.dll
243639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
243739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
243839a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F5F6FD89BE6BD7C0A280D2BF2CB2B19B0118938
243939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
244039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
244139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
244339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1266.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleacc.dll'
244439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
244539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
244639a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleacc.dll) WinVerifyTrust
244739a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleacc.dll
244839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
244939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
245039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
245139a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
245239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff8593c0000 LB 0x00066000 C:\Windows\system32\Oleacc.dll [fFlags=0x0]
245339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
245439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8593c0000 'C:\Windows\system32\Oleacc.dll'
245539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e2e0000 'C:\Windows\System32\OLEAUT32.DLL'
245639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
245739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
245839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8593c0000 'C:\Windows\system32\oleacc.dll'
245939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
246039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
246139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8593c0000 'C:\Windows\System32\oleacc.dll'
246239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
246339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
246539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
246639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
246739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
246839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cb70000 'C:\Windows\System32\ole32.dll'
246939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e2e0000 'C:\Windows\System32\OLEAUT32.dll'
247039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a94 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
247139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
247239a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
247339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43C78A996B1A8A014016F442FFFD697A5BC70E12
247439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
247539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
247639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
247739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
247839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
248039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
248139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
248239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
248339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
248439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
248539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
248639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
248739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
248839a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3171C0A71232B61EEEB57057418104E9B8748536
248939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
249039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
249139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
249239a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
249339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
249439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
249539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
249639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
249739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
249839a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
249939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
250039a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
250139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
250239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
250339a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
250439a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
250539a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
250639a0.3430: supR3HardenedDllNotificationCallback: load 00007ff863cc0000 LB 0x00092000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
250739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
250839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff861f40000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
250939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
251039a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
251139a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
251239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
251339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff861f40000 'C:\Windows\system32\wbem\wbemprox.dll'
251439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a14 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
251539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
251639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
251739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992357962ADA496D4D946786336473A2571388C1
251839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
251939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
252039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
252139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
252239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252339a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
252439a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
252539a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
252639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
252739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
252839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
252939a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
253039a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
253139a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
253239a0.3430: supR3HardenedDllNotificationCallback: load 00007ff85fba0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
253339a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
253439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85fba0000 'C:\Windows\system32\wbem\wbemsvc.dll'
253539a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
253639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
253739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-localization-l1-2-0.dll'
253839a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
253939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
254039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
254139a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
254239a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
254339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
254439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
254539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
254639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
254739a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
254839a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
254939a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255039a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
255139a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
255239a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
255339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
255439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
255539a0.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
255639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
255739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
255839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
255939a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
256039a0.3430: supR3HardenedDllNotificationCallback: load 00007ff85e090000 LB 0x0010b000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
256139a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
256239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85e090000 'C:\Windows\system32\wbem\fastprox.dll'
256339a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab0 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
256439a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
256539a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
256639a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
256739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
256839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
256939a0.3430: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
257039a0.3430: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
257139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
257239a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
257339a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
257439a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
257539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
257639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
257739a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
257839a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
257939a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
258039a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
258139a0.3430: supR3HardenedDllNotificationCallback: load 00007ff85a2a0000 LB 0x00019000 C:\Windows\System32\amsi.dll [fFlags=0x0]
258239a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
258339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85a2a0000 'C:\Windows\System32\amsi.dll'
258439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
258539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
258639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
258739a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
258839a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
258939a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOAV.dll) WinVerifyTrust
259039a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOAV.dll
259139a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
259239a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
259339a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
259439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
259539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
259639a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
259739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
259839a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOAV.dll
259939a0.3430: supR3HardenedDllNotificationCallback: load 00007ff85a220000 LB 0x00079000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOav.dll [fFlags=0x0]
260039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOAV.dll
260139a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
260239a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
260339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-synch-l1-2-0'
260439a0.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
260539a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
260639a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c520000 'api-ms-win-core-localization-l1-2-1'
260739a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
260839a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
260939a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d0f0000 'C:\Windows\System32\kernel32.dll'
261039a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
261139a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
261239a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
261339a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
261439a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
261539a0.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
261639a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
261739a0.3430: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
261839a0.3430: supR3HardenedDllNotificationCallback: load 00007ff86ae30000 LB 0x0000a000 C:\Windows\system32\version.dll [fFlags=0x0]
261939a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
262039a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ae30000 'C:\Windows\system32\version.dll'
262139a0.3430: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
262239a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
262339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85a220000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpOav.dll'
262439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
262539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
262639a0.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
262739a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cd20000 'C:\Windows\System32\ADVAPI32.dll'
262839a0.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cb70000 'C:\Windows\system32\ole32.dll'
262939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86cb70000 'C:\Windows\system32\ole32.dll'
263039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
263139a0.c9c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
263239a0.c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
263339a0.c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
263439a0.c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
263539a0.c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
263639a0.c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
263739a0.c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
263839a0.c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
263939a0.c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
264039a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
264139a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
264239a0.c9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
264339a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
264439a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
264539a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
264639a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
264739a0.c9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
264839a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
264939a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
265039a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
265139a0.c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
265239a0.c9c: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
265339a0.c9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
265439a0.c9c: supR3HardenedDllNotificationCallback: load 00007ff867300000 LB 0x00010000 D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
265539a0.c9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
265639a0.c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff867300000 'D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
265739a0.1f78: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
265839a0.1f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
265939a0.1f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
266039a0.1f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
266139a0.1f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
266239a0.1f78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
266339a0.1f78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
266439a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
266539a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
266639a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
266739a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
266839a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
266939a0.1f78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
267039a0.1f78: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
267139a0.1f78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
267239a0.1f78: supR3HardenedDllNotificationCallback: load 00007ff865b70000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
267339a0.1f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
267439a0.1f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff865b70000 'D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
267539a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\Shell32.dll'
267639a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
267739a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
267839a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
267939a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4C882F4212D993AB8CD1218452ADE578B4E8723
268039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
268139a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
268239a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
268339a0.377c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
268439a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
268539a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
268639a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
268739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
268839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
268939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
269039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
269139a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
269239a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
269339a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
269439a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
269539a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
269639a0.377c: supR3HardenedDllNotificationCallback: load 00007ff863b20000 LB 0x0001b000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0]
269739a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
269839a0.377c: supR3HardenedDllNotificationCallback: load 00007ff8433a0000 LB 0x00026000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0]
269939a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
270039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8433a0000 'C:\Windows\system32\WinHvPlatform.dll'
270139a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
270239a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
270339a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff863b20000 'C:\Windows\system32\vid.dll'
270439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
270539a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
270639a0.377c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
270739a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
270839a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
270939a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
271039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e970000 'C:\Windows\system32\NTDLL.DLL'
271139a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
271239a0.377c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
271339a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
271439a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
271539a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
271639a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
271739a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
271839a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
271939a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
272039a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
272139a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
272239a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
272339a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
272439a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
272539a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
272639a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
272739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
272839a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
272939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
273039a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
273139a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
273239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
273339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
273439a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
273539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
273639a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
273739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
273839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
273939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
274039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
274139a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
274239a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
274339a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
274439a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'bcrypt.dll'.
274539a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
274639a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
274739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
274839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
274939a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
275039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
275139a0.377c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
275239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
275339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
275439a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
275539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
275639a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
275739a0.377c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
275839a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
275939a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
276039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
276139a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
276239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
276539a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
276639a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
276739a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
276839a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
276939a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
277039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
277139a0.377c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
277239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
277339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
277439a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
277539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
277639a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
277739a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
277839a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
277939a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
278039a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
278139a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
278239a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
278339a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
278439a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
278539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
278639a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
278739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
278839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
278939a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
279039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
279139a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
279239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
279339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
279439a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
279539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
279639a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
279739a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
279839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
279939a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
280039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
280139a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
280239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
280339a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
280439a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
280539a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
280639a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
280739a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
280839a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86c4a0000 LB 0x0004e000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
280939a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
281039a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86e4b0000 LB 0x00472000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
281139a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
281239a0.377c: supR3HardenedDllNotificationCallback: load 00007ff832ac0000 LB 0x00066000 D:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
281339a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
281439a0.377c: supR3HardenedDllNotificationCallback: load 00007ff800390000 LB 0x0085c000 D:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
281539a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
281639a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86b420000 LB 0x0003b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
281739a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
281839a0.377c: supR3HardenedDllNotificationCallback: load 00007ff800bf0000 LB 0x00a03000 D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
281939a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
282039a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff800bf0000 'D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
282139a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
282239a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
282339a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
282439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
282539a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
282639a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282739a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80fba0000 'D:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
282839a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
282939a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
283039a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283139a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff800390000 'D:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
283239a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
283339a0.2af4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
283439a0.2af4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
283539a0.2af4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
283639a0.2af4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
283739a0.2af4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
283839a0.2af4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
283939a0.2af4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
284039a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
284139a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
284239a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
284339a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
284439a0.2af4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
284539a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
284639a0.2af4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
284739a0.2af4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
284839a0.2af4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
284939a0.2af4: supR3HardenedDllNotificationCallback: load 00007ff865b50000 LB 0x00014000 D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
285039a0.2af4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
285139a0.2af4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff865b50000 'D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
285239a0.27c0: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
285339a0.27c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
285439a0.27c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
285539a0.27c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
285639a0.27c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
285739a0.27c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
285839a0.27c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
285939a0.27c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
286039a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
286139a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
286239a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
286339a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
286439a0.27c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
286539a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
286639a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
286739a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
286839a0.27c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
286939a0.27c0: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
287039a0.27c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
287139a0.27c0: supR3HardenedDllNotificationCallback: load 00007ff865830000 LB 0x0000c000 D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
287239a0.27c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
287339a0.27c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff865830000 'D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
287439a0.2740: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
287539a0.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
287639a0.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
287739a0.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
287839a0.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
287939a0.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
288039a0.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
288139a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
288239a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
288339a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
288439a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
288539a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
288639a0.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
288739a0.2740: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
288839a0.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
288939a0.2740: supR3HardenedDllNotificationCallback: load 00007ff865820000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
289039a0.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
289139a0.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff865820000 'D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
289239a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
289339a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
289439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b420000 'C:\Windows\system32\Iphlpapi.dll'
289539a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
289639a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
289739a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
289839a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
289939a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86cdd0000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
290039a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
290139a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
290239a0.377c: supR3HardenedDllNotificationCallback: load 00007ff865120000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
290339a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
290439a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
290539a0.377c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
290639a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
290739a0.377c: supR3HardenedDllNotificationCallback: load 00007ff864550000 LB 0x00017000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
290839a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
290939a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
291039a0.377c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
291139a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
291239a0.377c: supR3HardenedDllNotificationCallback: load 00007ff863b40000 LB 0x0001d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
291339a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
291439a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
291539a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
291639a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86b460000 LB 0x000cc000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
291739a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
291839a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291939a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
292139a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
292339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
292439a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
292539a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
292639a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292739a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
292839a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
292939a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
293039a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f6c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
293139a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
293239a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
293339a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
293439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
293539a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
293639a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
293739a0.377c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
293839a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
293939a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f64 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
294039a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
294139a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
294239a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
294339a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
294439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
294539a0.377c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
294639a0.377c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
294739a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
294839a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
294939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
295039a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
295139a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
295239a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
295339a0.377c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
295439a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
295539a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
295639a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
295739a0.377c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
295839a0.377c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
295939a0.377c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
296039a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
296139a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
296239a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
296339a0.377c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
296439a0.377c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
296539a0.377c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
296639a0.377c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
296739a0.377c: supR3HardenedDllNotificationCallback: load 00007ff86b710000 LB 0x0006a000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
296839a0.377c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
296939a0.377c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b710000 'C:\Windows\system32\mswsock.dll'
297039a0.c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c9c0000 'C:\Windows\system32\User32.dll'
297139a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297239a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297339a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297439a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297539a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297639a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
297739a0.3430: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
297839a0.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86dba0000 'C:\Windows\system32\shell32.dll'
297939a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'rpcrt4.dll'.
298039a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll)
298139a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
298239a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff8675a0000 LB 0x000f6000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0]
298339a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
298439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
298539a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'iertutil.dll'.
298639a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'srvcli.dll'.
298739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'netutils.dll'.
298839a0.3dc0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\urlmon.dll)
298939a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\urlmon.dll
299039a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
299139a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll)
299239a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll
299339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
299439a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll)
299539a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll
299639a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll)
299739a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll
299839a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff855d20000 LB 0x002b0000 C:\Windows\SYSTEM32\iertutil.dll [fFlags=0x0]
299939a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
300039a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff8631d0000 LB 0x00028000 C:\Windows\SYSTEM32\srvcli.dll [fFlags=0x0]
300139a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
300239a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86b530000 LB 0x0000c000 C:\Windows\SYSTEM32\netutils.dll [fFlags=0x0]
300339a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
300439a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff8561f0000 LB 0x001eb000 C:\Windows\SYSTEM32\urlmon.dll [fFlags=0x0]
300539a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\urlmon.dll [avoiding WinVerifyTrust]
300639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
300739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
300839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
300939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
301039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netutils.dll'...
301139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netutils.dll' -> '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rcNtRedir=0xc0150008]
301239a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [lacks WinVerifyTrust]
301339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'srvcli.dll'...
301439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'srvcli.dll' -> '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rcNtRedir=0xc0150008]
301539a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [lacks WinVerifyTrust]
301639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
301739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume3\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
301839a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
301939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
302039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
302139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
302239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
302339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
302439a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
302539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
302639a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c820000 'C:\Windows\System32\WINTRUST.DLL'
302739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\CRYPT32.dll'
302839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
302939a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll'
303039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
303139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
303239a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'
303339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
303439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
303539a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll'
303639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001214 pwszName=\Device\HarddiskVolume3\Windows\System32\urlmon.dll
303739a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
303839a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
303939a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=138C693C8243E9729BC9C11520619DBE8045EFC6
304039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
304139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
304239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\urlmon.dll'
304339a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
304439a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\urlmon.dll'
304539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
304639a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
304739a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\propsys.dll'
304839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c9c0000 'C:\Windows\System32\user32.dll'
304939a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001180 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
305039a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
305139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
305239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F31E71A54D251DB4275AFB17B2221425F5C5555A
305339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
305439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
305539a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
305639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
305739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
305839a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
305939a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll) WinVerifyTrust
306039a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
306139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
306239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
306339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
306439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
306539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
306639a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
306739a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff852880000 LB 0x0001d000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [fFlags=0x0]
306839a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
306939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff852880000 'C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
307039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
307139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
307239a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
307339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
307439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
307539a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
307639a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
307739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
307839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
307939a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
308039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
308139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
308239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
308339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
308439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
308539a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
308639a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff85fc70000 LB 0x00798000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
308739a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
308839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff85fc70000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
308939a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
309039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
309139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e970000 'C:\Windows\System32\ntdll.dll'
309239a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
309339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
309439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
309539a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'gdi32.dll'.
309639a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'.
309739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
309839a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
309939a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'shell32.dll'.
310039a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'iertutil.dll'.
310139a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
310239a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'netapi32.dll'.
310339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'version.dll'.
310439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'userenv.dll'.
310539a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winhttp.dll'.
310639a0.3dc0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ieframe.dll)
310739a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ieframe.dll
310839a0.3dc0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001114 (hFile=0000000000001138) with 0xc0000022 -> STATUS_TRUST_FAILURE
310939a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000112c pwszName=\Device\HarddiskVolume3\Windows\System32\ieframe.dll
311039a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
311139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
311239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A893276D7352BEC53AAC2B28DD43C239380CA99
311339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
311439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume3\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
311539a0.3dc0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winhttp.dll'.
311639a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winhttp.dll)
311739a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winhttp.dll
311839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
311939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
312039a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
312139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
312239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
312339a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
312439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
312539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
312639a0.3dc0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
312739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
312839a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netapi32.dll)
312939a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netapi32.dll
313039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
313239a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
313339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
313439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume3\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
313539a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll
313639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
313739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
313839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
313939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
314039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
314139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
314239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
314339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
314439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
314539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
314639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
314739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
314839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
315039a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
315139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
315239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
315339a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
315439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
315539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
315639a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
315739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
315839a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0211~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\ieframe.dll'
315939a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
316039a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ieframe.dll'
316139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
316239a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
316339a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'
316439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
316539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
316639a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winhttp.dll'
316739a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ieframe.dll
316839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
316939a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ieframe.dll
317039a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll
317139a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winhttp.dll
317239a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
317339a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wkscli.dll)
317439a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wkscli.dll
317539a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86ae50000 LB 0x00018000 C:\Windows\System32\NETAPI32.dll [fFlags=0x0]
317639a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll
317739a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff863290000 LB 0x00108000 C:\Windows\System32\WINHTTP.dll [fFlags=0x0]
317839a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winhttp.dll
317939a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86b1d0000 LB 0x00017000 C:\Windows\System32\WKSCLI.DLL [fFlags=0x0]
318039a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
318139a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff8068f0000 LB 0x00757000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
318239a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ieframe.dll
318339a0.3dc0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\wkscli.dll'.
318439a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll' [rescheduled]
318539a0.3dc0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'.
318639a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
318739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
318839a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
318939a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll)
319039a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
319139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
319239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
319339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
319439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
319539a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
319639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
319739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
319839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
319939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
320039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
320139a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll [avoiding WinVerifyTrust]
320239a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff857f20000 LB 0x0029a000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll [fFlags=0x0]
320339a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll [avoiding WinVerifyTrust]
320439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff857f20000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'
320539a0.3dc0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'.
320639a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll' [rescheduled]
320739a0.3dc0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\wkscli.dll'.
320839a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll' [rescheduled]
320939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8068f0000 'C:\Windows\System32\ieframe.dll'
321039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
321139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
321239a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'
321339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
321439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
321539a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll'
321639a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
321739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
321839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8675a0000 'C:\Windows\System32\PROPSYS.dll'
321939a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
322039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
322139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8675a0000 'C:\Windows\system32\propsys.dll'
322239a0.3dc0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-downlevel-ole32-l1-1-0.dll) -> 0x0, fPresent=1
322339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
322439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d470000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
322539a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
322639a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
322739a0.371c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
322839a0.371c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
322939a0.371c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll) WinVerifyTrust
323039a0.371c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
323139a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
323239a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
323339a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
323439a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
323539a0.371c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\\Windows.StateRepositoryPS.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
323639a0.371c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
323739a0.371c: supR3HardenedDllNotificationCallback: load 00007ff855550000 LB 0x00146000 C:\Windows\System32\Windows.StateRepositoryPS.dll [fFlags=0x0]
323839a0.371c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
323939a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff855550000 'C:\Windows\System32\\Windows.StateRepositoryPS.dll'
324039a0.371c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
324139a0.371c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WinTypes.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
324239a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868480000 'C:\Windows\System32\WinTypes.dll'
324339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
324439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
324539a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'oleaut32.dll'.
324639a0.3dc0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\edputil.dll)
324739a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\edputil.dll
324839a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff855b00000 LB 0x00024000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0]
324939a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
325039a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000135c pwszName=\Device\HarddiskVolume3\Windows\System32\edputil.dll
325139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
325239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
325339a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1A2CD668622142B3E23802D537F78478D7E21484
325439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
325539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
325639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
325739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
325839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
325939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
326039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
326139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
326239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\edputil.dll'
326339a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
326439a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\edputil.dll'
326539a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013ac pwszName=\Device\HarddiskVolume3\Windows\System32\secur32.dll
326639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
326739a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
326839a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A7F48EB8003675E482D73DC516063DCF991570AB
326939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
327039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
327139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1266.cat'; file='\Device\HarddiskVolume3\Windows\System32\secur32.dll'
327239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
327339a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\secur32.dll) WinVerifyTrust
327439a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\secur32.dll
327539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
327639a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\secur32.dll
327739a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86ae40000 LB 0x0000c000 C:\Windows\System32\Secur32.dll [fFlags=0x0]
327839a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\secur32.dll
327939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86ae40000 'C:\Windows\System32\Secur32.dll'
328039a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
328139a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sspicli.dll)
328239a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sspicli.dll
328339a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86bf50000 LB 0x00031000 C:\Windows\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
328439a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
328539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
328639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
328739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
328839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
328939a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sspicli.dll'
329039a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll
329139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
329239a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86bf50000 'C:\Windows\System32\sspicli.dll'
329339a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001298 pwszName=\Device\HarddiskVolume3\Windows\System32\mlang.dll
329439a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
329539a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
329639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E967E2A3519560522BB8CFB7A7AA864746AFCCF
329739a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
329839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
329939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
330039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
330139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05110~31bf3856ad364e35~amd64~~10.0.19041.1202.cat'; file='\Device\HarddiskVolume3\Windows\System32\mlang.dll'
330239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
330339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
330439a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mlang.dll) WinVerifyTrust
330539a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mlang.dll
330639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
330739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
330839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
330939a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mlang.dll
331039a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff832600000 LB 0x00042000 C:\Windows\System32\MLANG.dll [fFlags=0x0]
331139a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mlang.dll
331239a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff832600000 'C:\Windows\System32\MLANG.dll'
331339a0.3dc0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-downlevel-shlwapi-l2-1-0.dll) -> 0x0, fPresent=1
331439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
331539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86d3b0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
331639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010ec pwszName=\Device\HarddiskVolume3\Windows\System32\wininet.dll
331739a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
331839a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
331939a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5997C7E16EDA5A4C76DEF0F7EB4BF34EA8620F2
332039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
332139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
332239a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\wininet.dll'
332339a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
332439a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
332539a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wininet.dll) WinVerifyTrust
332639a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wininet.dll
332739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
332839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
332939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
333039a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wininet.dll
333139a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff8566b0000 LB 0x004d0000 C:\Windows\System32\WININET.dll [fFlags=0x0]
333239a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wininet.dll
333339a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8566b0000 'C:\Windows\System32\WININET.dll'
333439a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011f8 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll
333539a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
333639a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
333739a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D1FBFB64137C19A40EEB415BF963C618E3AFBA2
333839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
333939a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
334039a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll'
334139a0.3dc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
334239a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
334339a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'windows.storage.dll'.
334439a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll) WinVerifyTrust
334539a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll
334639a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'windows.storage.dll'...
334739a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'windows.storage.dll' -> '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rcNtRedir=0xc0150008]
334839a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
334939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
335039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
335139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.AppDefaults.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
335239a0.3dc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll
335339a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff835fd0000 LB 0x0004c000 C:\Windows\System32\Windows.UI.AppDefaults.dll [fFlags=0x0]
335439a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.AppDefaults.dll
335539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835fd0000 'C:\Windows\System32\Windows.UI.AppDefaults.dll'
335639a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
335739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
335839a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
335939a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\policymanager.dll)
336039a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\policymanager.dll
336139a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
336239a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll)
336339a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll
336439a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff86b140000 LB 0x0008a000 C:\Windows\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
336539a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
336639a0.3dc0: supR3HardenedDllNotificationCallback: load 00007ff866c90000 LB 0x000a0000 C:\Windows\SYSTEM32\policymanager.dll [fFlags=0x0]
336739a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
336839a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
336939a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
337039a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
337139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
337239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
337339a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
337439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
337539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
337639a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
337739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
337839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
337939a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'
338039a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
338139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
338239a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'
338339a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
338439a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
338539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff869e60000 'C:\Windows\system32\windows.storage.dll'
338639a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'chrome_elf.dll'.
338739a0.3dc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'.
338839a0.3dc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe)
338939a0.3dc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe
339039a0.3dc0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001130 (hFile=00000000000010c0) with 0xc0000022 -> STATUS_TRUST_FAILURE
339139a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
339239a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
339339a0.3dc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
339439a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'chrome_elf.dll'...
339539a0.3dc0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'chrome_elf.dll'
339639a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
339739a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
339839a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff860580000 'C:\Windows\System32\cryptnet.dll'
339939a0.3dc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe'
340039a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
340139a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wintypes.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
340239a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff868480000 'C:\Windows\System32\wintypes.dll'
340339a0.371c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011f4 pwszName=\Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll
340439a0.371c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015cb4f0
340539a0.371c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015cb4f0
340639a0.371c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A033EA9725377134FA1DA72E486B0C8019FEC7A
340739a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86b0b0000 'C:\Windows\system32\rsaenh.dll'
340839a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86c340000 'C:\Windows\System32\crypt32.dll'
340939a0.371c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll'
341039a0.371c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
341139a0.371c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341239a0.371c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
341339a0.371c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll) WinVerifyTrust
341439a0.371c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll
341539a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
341639a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
341739a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
341839a0.371c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
341939a0.371c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
342039a0.371c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll
342139a0.371c: supR3HardenedDllNotificationCallback: load 00007ff84f7d0000 LB 0x0007d000 C:\Windows\System32\OneCoreCommonProxyStub.dll [fFlags=0x0]
342239a0.371c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreCommonProxyStub.dll
342339a0.371c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff84f7d0000 'C:\Windows\System32\OneCoreCommonProxyStub.dll'
342439a0.3dc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
342539a0.3dc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342639a0.3dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff86e970000 'C:\Windows\System32\ntdll.dll'
342739a0.3dc0: supR3HardenedDllNotificationCallback: Unload 00007ff8068f0000 LB 0x00757000 C:\Windows\System32\ieframe.dll [flags=0x0]
342839a0.3dc0: supR3HardenedDllNotificationCallback: Unload 00007ff86ae50000 LB 0x00018000 C:\Windows\System32\NETAPI32.dll [flags=0x0]
342939a0.3dc0: supR3HardenedDllNotificationCallback: Unload 00007ff863290000 LB 0x00108000 C:\Windows\System32\WINHTTP.dll [flags=0x0]
343039a0.3dc0: supR3HardenedDllNotificationCallback: Unload 00007ff86b1d0000 LB 0x00017000 C:\Windows\System32\WKSCLI.DLL [flags=0x0]
343139a0.298c: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
343239a0.298c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
343339a0.298c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
343439a0.298c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000004fc (hFile=0000000000001300) with 0xc0000022 -> STATUS_TRUST_FAILURE
343539a0.298c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
343639a0.298c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001300 (hFile=00000000000004fc) with 0xc0000022 -> STATUS_TRUST_FAILURE
343739a0.2740: supR3HardenedDllNotificationCallback: Unload 00007ff865820000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
343839a0.27c0: supR3HardenedDllNotificationCallback: Unload 00007ff865830000 LB 0x0000c000 D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
343939a0.2af4: supR3HardenedDllNotificationCallback: Unload 00007ff865b50000 LB 0x00014000 D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
344039a0.1f78: supR3HardenedDllNotificationCallback: Unload 00007ff865b70000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
344139a0.c9c: supR3HardenedDllNotificationCallback: Unload 00007ff867300000 LB 0x00010000 D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
344239a0.377c: supR3HardenedDllNotificationCallback: Unload 00007ff800bf0000 LB 0x00a03000 D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
344339a0.377c: supR3HardenedDllNotificationCallback: Unload 00007ff832ac0000 LB 0x00066000 D:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
344439a0.377c: supR3HardenedDllNotificationCallback: Unload 00007ff800390000 LB 0x0085c000 D:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
344539a0.377c: supR3HardenedDllNotificationCallback: Unload 00007ff86e4b0000 LB 0x00472000 C:\Windows\System32\SETUPAPI.dll [flags=0x0]
344639a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff80fba0000 LB 0x003c1000 D:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
344739a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff855550000 LB 0x00146000 C:\Windows\System32\Windows.StateRepositoryPS.dll [flags=0x0]
344839a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff84f7d0000 LB 0x0007d000 C:\Windows\System32\OneCoreCommonProxyStub.dll [flags=0x0]
344939a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff8347c0000 LB 0x000ef000 D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
345039a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff85fba0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
345139a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff861f40000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
345239a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff852880000 LB 0x0001d000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [flags=0x0]
345339a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff846780000 LB 0x0003e000 C:\Windows\system32\dataexchange.dll [flags=0x0]
345439a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
345539a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
345639a0.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
345739a0.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
345839a0.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
345939a0.3430: supR3HardenedDllNotificationCallback: load 00007ff865390000 LB 0x0003b000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0]
346039a0.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
346139a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff8677f0000 LB 0x00264000 C:\Windows\system32\d3d11.dll [flags=0x0]
346239a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff86a880000 LB 0x000f4000 C:\Windows\system32\dxgi.dll [flags=0x0]
346339a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff868720000 LB 0x001e5000 C:\Windows\system32\dcomp.dll [flags=0x0]
346439a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff8634c0000 LB 0x00201000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
346539a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff85fc70000 LB 0x00798000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [flags=0x0]
346639a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff835fd0000 LB 0x0004c000 C:\Windows\System32\Windows.UI.AppDefaults.dll [flags=0x0]
346739a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff85e090000 LB 0x0010b000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
346839a0.3430: supR3HardenedDllNotificationCallback: Unload 00007ff863cc0000 LB 0x00092000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
346939a0.3430: Terminating the normal way: rcExit=0
34701c88.2b74: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 235701 ms, the end);
34711d34.3528: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 236225 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy