VirtualBox

Ticket #20893: VBoxHardening.log

File VBoxHardening.log, 397.3 KB (added by Mamá Cora, 2 years ago)

VBox hardening log file

Line 
132a8.2850: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000078 g_uNtVerCombined=0xa04a6300
232a8.2850: \SystemRoot\System32\ntdll.dll:
332a8.2850: CreationTime: 2022-03-16T10:50:20.809495200Z
432a8.2850: LastWriteTime: 2022-03-16T10:50:20.868323400Z
532a8.2850: ChangeTime: 2022-03-16T11:08:20.006216200Z
632a8.2850: FileAttributes: 0x20
732a8.2850: Size: 0x1eeb20
832a8.2850: NT Headers: 0xe8
932a8.2850: Timestamp: 0x1be73aa8
1032a8.2850: Machine: 0x8664 - amd64
1132a8.2850: Timestamp: 0x1be73aa8
1232a8.2850: Image Version: 10.0
1332a8.2850: SizeOfImage: 0x1f5000 (2052096)
1432a8.2850: Resource Dir: 0x184000 LB 0x6ff08
1532a8.2850: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1632a8.2850: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1732a8.2850: ProductName: Microsoft® Windows® Operating System
1832a8.2850: ProductVersion: 10.0.19041.1566
1932a8.2850: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
2032a8.2850: FileDescription: NT Layer DLL
2132a8.2850: \SystemRoot\System32\kernel32.dll:
2232a8.2850: CreationTime: 2022-03-16T10:49:09.749242600Z
2332a8.2850: LastWriteTime: 2022-03-16T10:49:09.881464200Z
2432a8.2850: ChangeTime: 2022-03-16T11:08:09.318981400Z
2532a8.2850: FileAttributes: 0x20
2632a8.2850: Size: 0xbc058
2732a8.2850: NT Headers: 0xe8
2832a8.2850: Timestamp: 0xf32175d9
2932a8.2850: Machine: 0x8664 - amd64
3032a8.2850: Timestamp: 0xf32175d9
3132a8.2850: Image Version: 10.0
3232a8.2850: SizeOfImage: 0xbe000 (778240)
3332a8.2850: Resource Dir: 0xbc000 LB 0x520
3432a8.2850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3532a8.2850: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3632a8.2850: ProductName: Microsoft® Windows® Operating System
3732a8.2850: ProductVersion: 10.0.19041.1566
3832a8.2850: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
3932a8.2850: FileDescription: Windows NT BASE API Client DLL
4032a8.2850: \SystemRoot\System32\KernelBase.dll:
4132a8.2850: CreationTime: 2022-03-16T10:50:23.347241400Z
4232a8.2850: LastWriteTime: 2022-03-16T10:50:23.473992300Z
4332a8.2850: ChangeTime: 2022-03-16T11:08:17.865576300Z
4432a8.2850: FileAttributes: 0x20
4532a8.2850: Size: 0x2c9578
4632a8.2850: NT Headers: 0xf0
4732a8.2850: Timestamp: 0x833f2d4
4832a8.2850: Machine: 0x8664 - amd64
4932a8.2850: Timestamp: 0x833f2d4
5032a8.2850: Image Version: 10.0
5132a8.2850: SizeOfImage: 0x2c8000 (2916352)
5232a8.2850: Resource Dir: 0x29f000 LB 0x548
5332a8.2850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5432a8.2850: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5532a8.2850: ProductName: Microsoft® Windows® Operating System
5632a8.2850: ProductVersion: 10.0.19041.1566
5732a8.2850: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
5832a8.2850: FileDescription: Windows NT BASE API Client DLL
5932a8.2850: \SystemRoot\System32\apisetschema.dll:
6032a8.2850: CreationTime: 2019-12-07T09:08:13.518339400Z
6132a8.2850: LastWriteTime: 2019-12-07T09:08:13.518339400Z
6232a8.2850: ChangeTime: 2022-03-16T10:56:54.504405300Z
6332a8.2850: FileAttributes: 0x20
6432a8.2850: Size: 0x1f538
6532a8.2850: NT Headers: 0xd0
6632a8.2850: Timestamp: 0x31288ce0
6732a8.2850: Machine: 0x8664 - amd64
6832a8.2850: Timestamp: 0x31288ce0
6932a8.2850: Image Version: 10.0
7032a8.2850: SizeOfImage: 0x20000 (131072)
7132a8.2850: Resource Dir: 0x1f000 LB 0x408
7232a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7332a8.2850: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7432a8.2850: ProductName: Microsoft® Windows® Operating System
7532a8.2850: ProductVersion: 10.0.19041.1
7632a8.2850: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7732a8.2850: FileDescription: ApiSet Schema DLL
7832a8.2850: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7932a8.2850: supR3HardenedWinFindAdversaries: 0x24
8032a8.2850: \SystemRoot\System32\drivers\aswMonFlt.sys:
8132a8.2850: CreationTime: 2020-10-19T10:05:23.385865200Z
8232a8.2850: LastWriteTime: 2022-03-25T10:06:37.972769600Z
8332a8.2850: ChangeTime: 2022-03-25T10:06:37.972769600Z
8432a8.2850: FileAttributes: 0x20
8532a8.2850: Size: 0x41c80
8632a8.2850: NT Headers: 0xf0
8732a8.2850: Timestamp: 0x621c9823
8832a8.2850: Machine: 0x8664 - amd64
8932a8.2850: Timestamp: 0x621c9823
9032a8.2850: Image Version: 10.0
9132a8.2850: SizeOfImage: 0x44000 (278528)
9232a8.2850: Resource Dir: 0x42000 LB 0x3a0
9332a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9432a8.2850: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
9532a8.2850: ProductName: Avast Antivirus
9632a8.2850: ProductVersion: 22.2.349.0
9732a8.2850: FileVersion: 22.2.349.0
9832a8.2850: FileDescription: Avast File System Filter
9932a8.2850: \SystemRoot\System32\drivers\aswRdr2.sys:
10032a8.2850: CreationTime: 2019-11-19T10:51:06.381407600Z
10132a8.2850: LastWriteTime: 2022-03-25T10:06:37.765737300Z
10232a8.2850: ChangeTime: 2022-03-25T10:06:37.765737300Z
10332a8.2850: FileAttributes: 0x20
10432a8.2850: Size: 0x1a970
10532a8.2850: NT Headers: 0xe8
10632a8.2850: Timestamp: 0x621c9820
10732a8.2850: Machine: 0x8664 - amd64
10832a8.2850: Timestamp: 0x621c9820
10932a8.2850: Image Version: 10.0
11032a8.2850: SizeOfImage: 0x1a000 (106496)
11132a8.2850: Resource Dir: 0x18000 LB 0x388
11232a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11332a8.2850: [Raw version resource data: 0x18060 LB 0x324, codepage 0x0 (reserved 0x0)]
11432a8.2850: ProductName: Avast Antivirus
11532a8.2850: ProductVersion: 22.2.349.0
11632a8.2850: FileVersion: 22.2.349.0
11732a8.2850: FileDescription: Avast Antivirus
11832a8.2850: \SystemRoot\System32\drivers\aswRvrt.sys:
11932a8.2850: CreationTime: 2019-11-19T10:51:06.505485200Z
12032a8.2850: LastWriteTime: 2022-03-25T10:06:38.088661700Z
12132a8.2850: ChangeTime: 2022-03-25T10:06:38.088661700Z
12232a8.2850: FileAttributes: 0x20
12332a8.2850: Size: 0x14808
12432a8.2850: NT Headers: 0xe8
12532a8.2850: Timestamp: 0x621c9822
12632a8.2850: Machine: 0x8664 - amd64
12732a8.2850: Timestamp: 0x621c9822
12832a8.2850: Image Version: 10.0
12932a8.2850: SizeOfImage: 0x13000 (77824)
13032a8.2850: Resource Dir: 0x11000 LB 0x380
13132a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
13232a8.2850: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
13332a8.2850: ProductName: Avast Antivirus
13432a8.2850: ProductVersion: 22.2.349.0
13532a8.2850: FileVersion: 22.2.349.0
13632a8.2850: FileDescription: Avast Revert
13732a8.2850: \SystemRoot\System32\drivers\aswSnx.sys:
13832a8.2850: CreationTime: 2019-11-19T10:51:06.140261000Z
13932a8.2850: LastWriteTime: 2022-03-25T10:06:24.083299600Z
14032a8.2850: ChangeTime: 2022-03-25T10:06:24.083299600Z
14132a8.2850: FileAttributes: 0x20
14232a8.2850: Size: 0xd0d28
14332a8.2850: NT Headers: 0xf0
14432a8.2850: Timestamp: 0x621c9828
14532a8.2850: Machine: 0x8664 - amd64
14632a8.2850: Timestamp: 0x621c9828
14732a8.2850: Image Version: 10.0
14832a8.2850: SizeOfImage: 0xcd000 (839680)
14932a8.2850: Resource Dir: 0xca000 LB 0x388
15032a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15132a8.2850: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
15232a8.2850: ProductName: Avast Antivirus
15332a8.2850: ProductVersion: 22.2.349.0
15432a8.2850: FileVersion: 22.2.349.0
15532a8.2850: FileDescription: Avast Antivirus
15632a8.2850: \SystemRoot\System32\drivers\aswsp.sys:
15732a8.2850: CreationTime: 2019-11-19T10:51:06.538873000Z
15832a8.2850: LastWriteTime: 2022-03-25T10:06:38.204544200Z
15932a8.2850: ChangeTime: 2022-03-25T10:06:38.204544200Z
16032a8.2850: FileAttributes: 0x20
16132a8.2850: Size: 0x86bf0
16232a8.2850: NT Headers: 0xe8
16332a8.2850: Timestamp: 0x621c9832
16432a8.2850: Machine: 0x8664 - amd64
16532a8.2850: Timestamp: 0x621c9832
16632a8.2850: Image Version: 10.0
16732a8.2850: SizeOfImage: 0x87000 (552960)
16832a8.2850: Resource Dir: 0x85000 LB 0x388
16932a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
17032a8.2850: [Raw version resource data: 0x85060 LB 0x328, codepage 0x0 (reserved 0x0)]
17132a8.2850: ProductName: Avast Antivirus
17232a8.2850: ProductVersion: 22.2.349.0
17332a8.2850: FileVersion: 22.2.349.0
17432a8.2850: FileDescription: Avast Self Protection
17532a8.2850: \SystemRoot\System32\drivers\aswStm.sys:
17632a8.2850: CreationTime: 2022-03-25T10:06:57.322661500Z
17732a8.2850: LastWriteTime: 2022-03-25T10:06:39.554827200Z
17832a8.2850: ChangeTime: 2022-03-25T10:06:39.554827200Z
17932a8.2850: FileAttributes: 0x20
18032a8.2850: Size: 0x34b70
18132a8.2850: NT Headers: 0xf0
18232a8.2850: Timestamp: 0x621c9825
18332a8.2850: Machine: 0x8664 - amd64
18432a8.2850: Timestamp: 0x621c9825
18532a8.2850: Image Version: 10.0
18632a8.2850: SizeOfImage: 0x34000 (212992)
18732a8.2850: Resource Dir: 0x32000 LB 0x390
18832a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
18932a8.2850: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
19032a8.2850: ProductName: Avast Antivirus
19132a8.2850: ProductVersion: 22.2.349.0
19232a8.2850: FileVersion: 22.2.349.0
19332a8.2850: FileDescription: Avast Stream Filter
19432a8.2850: \SystemRoot\System32\drivers\aswVmm.sys:
19532a8.2850: CreationTime: 2019-11-19T10:51:06.632896600Z
19632a8.2850: LastWriteTime: 2022-03-25T10:06:41.359531900Z
19732a8.2850: ChangeTime: 2022-03-25T10:06:41.359531900Z
19832a8.2850: FileAttributes: 0x20
19932a8.2850: Size: 0x4dd28
20032a8.2850: NT Headers: 0xe8
20132a8.2850: Timestamp: 0x621c9822
20232a8.2850: Machine: 0x8664 - amd64
20332a8.2850: Timestamp: 0x621c9822
20432a8.2850: Image Version: 10.0
20532a8.2850: SizeOfImage: 0x4b000 (307200)
20632a8.2850: Resource Dir: 0x49000 LB 0x388
20732a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
20832a8.2850: [Raw version resource data: 0x49060 LB 0x328, codepage 0x0 (reserved 0x0)]
20932a8.2850: ProductName: Avast Antivirus
21032a8.2850: ProductVersion: 22.2.349.0
21132a8.2850: FileVersion: 22.2.349.0
21232a8.2850: FileDescription: Avast VM Monitor
21332a8.2850: \SystemRoot\System32\drivers\mfeapfk.sys:
21432a8.2850: CreationTime: 2014-03-28T15:40:51.464941000Z
21532a8.2850: LastWriteTime: 2014-03-28T16:06:10.610945600Z
21632a8.2850: ChangeTime: 2020-11-02T18:01:55.914119900Z
21732a8.2850: FileAttributes: 0x20
21832a8.2850: Size: 0x2c030
21932a8.2850: NT Headers: 0xe8
22032a8.2850: Timestamp: 0x52ab7fef
22132a8.2850: Machine: 0x8664 - amd64
22232a8.2850: Timestamp: 0x52ab7fef
22332a8.2850: Image Version: 0.0
22432a8.2850: SizeOfImage: 0x29d00 (171264)
22532a8.2850: Resource Dir: 0x29500 LB 0x340
22632a8.2850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
22732a8.2850: [Raw version resource data: 0x29560 LB 0x2dc, codepage 0x0 (reserved 0x0)]
22832a8.2850: ProductName: SYSCORE
22932a8.2850: FileVersion: SYSCORE.15.1.0.656
23032a8.2850: PrivateBuild: SYSCORE.15.1.0.656 F16
23132a8.2850: FileDescription: Access Protection Filter Driver
23232a8.2850: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
23332a8.2850: Calling main()
23432a8.2850: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
23532a8.2850: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
23632a8.2850: SUPR3HardenedMain: Respawn #1
23732a8.2850: System32: \Device\HarddiskVolume2\Windows\System32
23832a8.2850: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
23932a8.2850: KnownDllPath: C:\WINDOWS\System32
24032a8.2850: supR3HardenedWinInit: Performing a limited self purification...
24132a8.2850: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
24232a8.2850: *0000000000000000-0000000000ccffff 0x0001/0x0000 0x0000000
24332a8.2850: *0000000000cd0000-0000000000cdffff 0x0004/0x0004 0x0040000
24432a8.2850: 0000000000ce0000-0000000000ceffff 0x0001/0x0000 0x0000000
24532a8.2850: *0000000000cf0000-0000000000d0cfff 0x0002/0x0002 0x0040000
24632a8.2850: 0000000000d0d000-0000000000d0ffff 0x0001/0x0000 0x0000000
24732a8.2850: *0000000000d10000-0000000000d10fff 0x0020/0x0020 0x0040000 !!
24832a8.2850: 0000000000d11000-0000000000d1ffff 0x0001/0x0000 0x0000000
24932a8.2850: *0000000000d20000-0000000000d23fff 0x0002/0x0002 0x0040000
25032a8.2850: 0000000000d24000-0000000000d2ffff 0x0001/0x0000 0x0000000
25132a8.2850: *0000000000d30000-0000000000d31fff 0x0004/0x0004 0x0020000
25232a8.2850: 0000000000d32000-0000000000d3ffff 0x0001/0x0000 0x0000000
25332a8.2850: *0000000000d40000-0000000000d41fff 0x0004/0x0004 0x0020000
25432a8.2850: 0000000000d42000-0000000000d59fff 0x0000/0x0004 0x0020000
25532a8.2850: 0000000000d5a000-0000000000ddffff 0x0001/0x0000 0x0000000
25632a8.2850: *0000000000de0000-0000000000deefff 0x0004/0x0004 0x0020000
25732a8.2850: 0000000000def000-0000000000deffff 0x0000/0x0004 0x0020000
25832a8.2850: 0000000000df0000-0000000000dfffff 0x0001/0x0000 0x0000000
25932a8.2850: *0000000000e00000-0000000000f86fff 0x0000/0x0004 0x0020000
26032a8.2850: 0000000000f87000-0000000000f89fff 0x0004/0x0004 0x0020000
26132a8.2850: 0000000000f8a000-0000000000ffffff 0x0000/0x0004 0x0020000
26232a8.2850: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
26332a8.2850: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
26432a8.2850: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
26532a8.2850: *0000000001100000-00000000011c8fff 0x0002/0x0002 0x0040000
26632a8.2850: 00000000011c9000-00000000012bffff 0x0001/0x0000 0x0000000
26732a8.2850: *00000000012c0000-00000000012c5fff 0x0004/0x0004 0x0020000
26832a8.2850: 00000000012c6000-00000000013bffff 0x0000/0x0004 0x0020000
26932a8.2850: *00000000013c0000-00000000013c2fff 0x0000/0x0004 0x0020000
27032a8.2850: 00000000013c3000-00000000015b8fff 0x0004/0x0004 0x0020000
27132a8.2850: 00000000015b9000-00000000015b9fff 0x0000/0x0004 0x0020000
27232a8.2850: 00000000015ba000-00000000015bffff 0x0001/0x0000 0x0000000
27332a8.2850: *00000000015c0000-00000000015e6fff 0x0004/0x0004 0x0020000
27432a8.2850: 00000000015e7000-00000000016bffff 0x0000/0x0004 0x0020000
27532a8.2850: 00000000016c0000-000000007ffdffff 0x0001/0x0000 0x0000000
27632a8.2850: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
27732a8.2850: 000000007ffe1000-000000007ffe5fff 0x0001/0x0000 0x0000000
27832a8.2850: *000000007ffe6000-000000007ffe6fff 0x0002/0x0002 0x0020000
27932a8.2850: 000000007ffe7000-00007ff48ff6ffff 0x0001/0x0000 0x0000000
28032a8.2850: *00007ff48ff70000-00007ff48ff74fff 0x0002/0x0002 0x0040000
28132a8.2850: 00007ff48ff75000-00007ff49006ffff 0x0000/0x0002 0x0040000
28232a8.2850: *00007ff490070000-00007ff59008ffff 0x0000/0x0004 0x0020000
28332a8.2850: *00007ff590090000-00007ff59208ffff 0x0000/0x0004 0x0020000
28432a8.2850: 00007ff592090000-00007ff592090fff 0x0004/0x0004 0x0020000
28532a8.2850: 00007ff592091000-00007ff59209ffff 0x0001/0x0000 0x0000000
28632a8.2850: *00007ff5920a0000-00007ff5920a0fff 0x0002/0x0002 0x0040000
28732a8.2850: 00007ff5920a1000-00007ff5920affff 0x0001/0x0000 0x0000000
28832a8.2850: *00007ff5920b0000-00007ff5920d2fff 0x0002/0x0002 0x0040000
28932a8.2850: 00007ff5920d3000-00007ff7dd7affff 0x0001/0x0000 0x0000000
29032a8.2850: *00007ff7dd7b0000-00007ff7dd7b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29132a8.2850: 00007ff7dd7b1000-00007ff7dd827fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29232a8.2850: 00007ff7dd828000-00007ff7dd828fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29332a8.2850: 00007ff7dd829000-00007ff7dd871fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29432a8.2850: 00007ff7dd872000-00007ff7dd874fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29532a8.2850: 00007ff7dd875000-00007ff7dd877fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29632a8.2850: 00007ff7dd878000-00007ff7dd87afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29732a8.2850: 00007ff7dd87b000-00007ff7dd87bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29832a8.2850: 00007ff7dd87c000-00007ff7dd87dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
29932a8.2850: 00007ff7dd87e000-00007ff7dd87efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
30032a8.2850: 00007ff7dd87f000-00007ff7dd8c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
30132a8.2850: 00007ff7dd8c8000-00007ffe51f4ffff 0x0001/0x0000 0x0000000
30232a8.2850: *00007ffe51f50000-00007ffe51f5ffff 0x0020/0x0040 0x0020000 !!
30332a8.2850: 00007ffe51f60000-00007ffe6962ffff 0x0001/0x0000 0x0000000
30432a8.2850: *00007ffe69630000-00007ffe69630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
30532a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe69630000 LB 0x1000 (base 00007ffe69630000) - 'aswhook.dll'
30632a8.2850: 00007ffe69631000-00007ffe69639fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
30732a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe69631000 LB 0x9000 (base 00007ffe69630000) - 'aswhook.dll'
30832a8.2850: 00007ffe6963a000-00007ffe6963cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
30932a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe6963a000 LB 0x3000 (base 00007ffe69630000) - 'aswhook.dll'
31032a8.2850: 00007ffe6963d000-00007ffe6963efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
31132a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe6963d000 LB 0x2000 (base 00007ffe69630000) - 'aswhook.dll'
31232a8.2850: 00007ffe6963f000-00007ffe69642fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
31332a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe6963f000 LB 0x4000 (base 00007ffe69630000) - 'aswhook.dll'
31432a8.2850: 00007ffe69643000-00007ffe69643fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
31532a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe69643000 LB 0x1000 (base 00007ffe69630000) - 'aswhook.dll'
31632a8.2850: 00007ffe69644000-00007ffe69645fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
31732a8.2850: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffe69644000 LB 0x2000 (base 00007ffe69630000) - 'aswhook.dll'
31832a8.2850: 00007ffe69646000-00007ffe8f82ffff 0x0001/0x0000 0x0000000
31932a8.2850: *00007ffe8f830000-00007ffe8f830fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32032a8.2850: 00007ffe8f831000-00007ffe8f941fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32132a8.2850: 00007ffe8f942000-00007ffe8fab9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32232a8.2850: 00007ffe8faba000-00007ffe8fabdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32332a8.2850: 00007ffe8fabe000-00007ffe8fabefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32432a8.2850: 00007ffe8fabf000-00007ffe8faf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32532a8.2850: 00007ffe8faf8000-00007ffe8ff7ffff 0x0001/0x0000 0x0000000
32632a8.2850: *00007ffe8ff80000-00007ffe8ff80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32732a8.2850: 00007ffe8ff81000-00007ffe8fffffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32832a8.2850: 00007ffe90000000-00007ffe90032fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32932a8.2850: 00007ffe90033000-00007ffe90033fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
33032a8.2850: 00007ffe90034000-00007ffe90034fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
33132a8.2850: 00007ffe90035000-00007ffe9003dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
33232a8.2850: 00007ffe9003e000-00007ffe91e6ffff 0x0001/0x0000 0x0000000
33332a8.2850: *00007ffe91e70000-00007ffe91e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33432a8.2850: 00007ffe91e71000-00007ffe91f8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33532a8.2850: 00007ffe91f8c000-00007ffe91fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33632a8.2850: 00007ffe91fd4000-00007ffe91fd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33732a8.2850: 00007ffe91fd5000-00007ffe91fd6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33832a8.2850: 00007ffe91fd7000-00007ffe91fdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
33932a8.2850: 00007ffe91fe0000-00007ffe92064fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
34032a8.2850: 00007ffe92065000-00007ffffffeffff 0x0001/0x0000 0x0000000
34132a8.2850: kernel32.dll: timestamp 0xf32175d9 (rc=VINF_SUCCESS)
34232a8.2850: kernelbase.dll: timestamp 0x833f2d4 (rc=VINF_SUCCESS)
34332a8.2850: VirtualBoxVM.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
34432a8.2850: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
34532a8.2850: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
34632a8.2850: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
34732a8.2850: ntdll.dll: Differences in section #1 (.text) between file and memory:
34832a8.2850: 00007ffe91e857e0 / 0x00157e0: 4c != e9
34932a8.2850: 00007ffe91e857e1 / 0x00157e1: 89 != f3
35032a8.2850: 00007ffe91e857e2 / 0x00157e2: 4c != a9
35132a8.2850: 00007ffe91e857e3 / 0x00157e3: 24 != 0c
35232a8.2850: 00007ffe91e857e4 / 0x00157e4: 20 != c0
35332a8.2850: 00007ffe91e857e5 / 0x00157e5: 48 != cc
35432a8.2850: 00007ffe91e857e6 / 0x00157e6: 89 != cc
35532a8.2850: 00007ffe91e857e7 / 0x00157e7: 54 != cc
35632a8.2850: 00007ffe91e857e8 / 0x00157e8: 24 != cc
35732a8.2850: 00007ffe91e857e9 / 0x00157e9: 10 != cc
35832a8.2850: 00007ffe91e86a10 / 0x0016a10: 48 != e9
35932a8.2850: 00007ffe91e86a11 / 0x0016a11: 89 != 23
36032a8.2850: 00007ffe91e86a12 / 0x0016a12: 5c != 98
36132a8.2850: 00007ffe91e86a13 / 0x0016a13: 24 != 0c
36232a8.2850: 00007ffe91e86a14 / 0x0016a14: 10 != c0
36332a8.2850: 00007ffe91e86a15 / 0x0016a15: 56 != cc
36432a8.2850: Restored 0x2000 bytes of original file content at 00007ffe91e85000
36532a8.2850: ntdll.dll: Differences in section #1 (.text) between file and memory:
36632a8.2850: 00007ffe91f656d0 / 0x00f56d0: 48 != e9
36732a8.2850: 00007ffe91f656d1 / 0x00f56d1: 89 != a3
36832a8.2850: 00007ffe91f656d2 / 0x00f56d2: 5c != aa
36932a8.2850: 00007ffe91f656d3 / 0x00f56d3: 24 != fe
37032a8.2850: 00007ffe91f656d4 / 0x00f56d4: 08 != bf
37132a8.2850: 00007ffe91f656d5 / 0x00f56d5: 57 != cc
37232a8.2850: Restored 0x2000 bytes of original file content at 00007ffe91f64bde
37332a8.2850: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=2
37432a8.2850: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
37532a8.2850: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
37632a8.2850: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe)
37732a8.2850: supR3HardNtEnableThreadCreationEx:
37832a8.2850: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe91ee4b00 pvNtTerminateThread=00007ffe91f0d7c0
37932a8.2850: supR3HardenedWinDoReSpawn(1): New child 2ab8.1528 [kernel32].
38032a8.2850: supR3HardNtChildGatherData: PebBaseAddress=0000000000799000 cbPeb=0x388
38132a8.2850: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe91e70000 uNtDllChildAddr=00007ffe91e70000
38232a8.2850: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe91ee4b00
38332a8.2850: supR3HardenedWinSetupChildInit: Initial context:
384 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7dd7b7900 rdx=0000000000799000
385 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
386 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
387 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
388 rip=00007ffe91ec2630 rsp=000000000093fd38 rbp=0000000000000000 ctxflags=0010001b
389 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
390 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
391 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
392 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
393 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
39432a8.2850: supR3HardenedWinSetupChildInit: Start child.
39532a8.2850: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
39632a8.2850: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 33 sleeps
39732a8.2850: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
39832a8.2850: *0000000000000000-00000000005fffff 0x0001/0x0000 0x0000000
39932a8.2850: *0000000000600000-0000000000798fff 0x0000/0x0004 0x0020000
40032a8.2850: 0000000000799000-000000000079bfff 0x0004/0x0004 0x0020000
40132a8.2850: 000000000079c000-00000000007fffff 0x0000/0x0004 0x0020000
40232a8.2850: *0000000000800000-000000000081ffff 0x0004/0x0004 0x0020000
40332a8.2850: *0000000000820000-000000000083cfff 0x0002/0x0002 0x0040000
40432a8.2850: 000000000083d000-000000000083ffff 0x0001/0x0000 0x0000000
40532a8.2850: *0000000000840000-000000000093afff 0x0000/0x0004 0x0020000
40632a8.2850: 000000000093b000-000000000093dfff 0x0104/0x0004 0x0020000
40732a8.2850: 000000000093e000-000000000093ffff 0x0004/0x0004 0x0020000
40832a8.2850: *0000000000940000-0000000000940fff 0x0020/0x0020 0x0040000 !!
40932a8.2850: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000000000940000 (0000000000940000/0000000000940000 LB 0x1000)
41032a8.2850: 0000000000941000-000000000094ffff 0x0001/0x0000 0x0000000
41132a8.2850: *0000000000950000-0000000000953fff 0x0002/0x0002 0x0040000
41232a8.2850: 0000000000954000-000000000095ffff 0x0001/0x0000 0x0000000
41332a8.2850: *0000000000960000-0000000000961fff 0x0004/0x0004 0x0020000
41432a8.2850: 0000000000962000-000000007ffdffff 0x0001/0x0000 0x0000000
41532a8.2850: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
41632a8.2850: 000000007ffe1000-000000007ffe5fff 0x0001/0x0000 0x0000000
41732a8.2850: *000000007ffe6000-000000007ffe6fff 0x0002/0x0002 0x0020000
41832a8.2850: 000000007ffe7000-00007ff56759ffff 0x0001/0x0000 0x0000000
41932a8.2850: *00007ff5675a0000-00007ff5675a0fff 0x0002/0x0002 0x0040000
42032a8.2850: 00007ff5675a1000-00007ff5675affff 0x0001/0x0000 0x0000000
42132a8.2850: *00007ff5675b0000-00007ff5675d2fff 0x0002/0x0002 0x0040000
42232a8.2850: 00007ff5675d3000-00007ff7dd7affff 0x0001/0x0000 0x0000000
42332a8.2850: *00007ff7dd7b0000-00007ff7dd7b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42432a8.2850: 00007ff7dd7b1000-00007ff7dd827fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42532a8.2850: 00007ff7dd828000-00007ff7dd828fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42632a8.2850: 00007ff7dd829000-00007ff7dd871fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42732a8.2850: 00007ff7dd872000-00007ff7dd872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42832a8.2850: 00007ff7dd873000-00007ff7dd873fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
42932a8.2850: 00007ff7dd874000-00007ff7dd878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
43032a8.2850: 00007ff7dd879000-00007ff7dd879fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
43132a8.2850: 00007ff7dd87a000-00007ff7dd87afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
43232a8.2850: 00007ff7dd87b000-00007ff7dd87efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
43332a8.2850: 00007ff7dd87f000-00007ff7dd8c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
43432a8.2850: 00007ff7dd8c8000-00007ffe91e6ffff 0x0001/0x0000 0x0000000
43532a8.2850: *00007ffe91e70000-00007ffe91e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43632a8.2850: 00007ffe91e71000-00007ffe91f8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43732a8.2850: 00007ffe91f8c000-00007ffe91fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43832a8.2850: 00007ffe91fd4000-00007ffe91fdffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
43932a8.2850: 00007ffe91fe0000-00007ffe91feefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
44032a8.2850: 00007ffe91fef000-00007ffe91feffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
44132a8.2850: 00007ffe91ff0000-00007ffe91ff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
44232a8.2850: 00007ffe91ff3000-00007ffe92064fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
44332a8.2850: 00007ffe92065000-00007ffffffeffff 0x0001/0x0000 0x0000000
44432a8.2850: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x24
44532a8.2850: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 33 sleeps
44632a8.2850: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
44732a8.2850: *0000000000000000-00000000005fffff 0x0001/0x0000 0x0000000
44832a8.2850: *0000000000600000-0000000000798fff 0x0000/0x0004 0x0020000
44932a8.2850: 0000000000799000-000000000079bfff 0x0004/0x0004 0x0020000
45032a8.2850: 000000000079c000-00000000007fffff 0x0000/0x0004 0x0020000
45132a8.2850: *0000000000800000-000000000081ffff 0x0004/0x0004 0x0020000
45232a8.2850: *0000000000820000-000000000083cfff 0x0002/0x0002 0x0040000
45332a8.2850: 000000000083d000-000000000083ffff 0x0001/0x0000 0x0000000
45432a8.2850: *0000000000840000-000000000093afff 0x0000/0x0004 0x0020000
45532a8.2850: 000000000093b000-000000000093dfff 0x0104/0x0004 0x0020000
45632a8.2850: 000000000093e000-000000000093ffff 0x0004/0x0004 0x0020000
45732a8.2850: 0000000000940000-000000000094ffff 0x0001/0x0000 0x0000000
45832a8.2850: *0000000000950000-0000000000953fff 0x0002/0x0002 0x0040000
45932a8.2850: 0000000000954000-000000000095ffff 0x0001/0x0000 0x0000000
46032a8.2850: *0000000000960000-0000000000961fff 0x0004/0x0004 0x0020000
46132a8.2850: 0000000000962000-000000007ffdffff 0x0001/0x0000 0x0000000
46232a8.2850: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
46332a8.2850: 000000007ffe1000-000000007ffe5fff 0x0001/0x0000 0x0000000
46432a8.2850: *000000007ffe6000-000000007ffe6fff 0x0002/0x0002 0x0020000
46532a8.2850: 000000007ffe7000-00007ff56759ffff 0x0001/0x0000 0x0000000
46632a8.2850: *00007ff5675a0000-00007ff5675a0fff 0x0002/0x0002 0x0040000
46732a8.2850: 00007ff5675a1000-00007ff5675affff 0x0001/0x0000 0x0000000
46832a8.2850: *00007ff5675b0000-00007ff5675d2fff 0x0002/0x0002 0x0040000
46932a8.2850: 00007ff5675d3000-00007ff7dd7affff 0x0001/0x0000 0x0000000
47032a8.2850: *00007ff7dd7b0000-00007ff7dd7b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47132a8.2850: 00007ff7dd7b1000-00007ff7dd827fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47232a8.2850: 00007ff7dd828000-00007ff7dd828fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47332a8.2850: 00007ff7dd829000-00007ff7dd871fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47432a8.2850: 00007ff7dd872000-00007ff7dd87efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47532a8.2850: 00007ff7dd87f000-00007ff7dd8c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
47632a8.2850: 00007ff7dd8c8000-00007ffe91e6ffff 0x0001/0x0000 0x0000000
47732a8.2850: *00007ffe91e70000-00007ffe91e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47832a8.2850: 00007ffe91e71000-00007ffe91f8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
47932a8.2850: 00007ffe91f8c000-00007ffe91fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48032a8.2850: 00007ffe91fd4000-00007ffe91fd7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48132a8.2850: 00007ffe91fd8000-00007ffe91fdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48232a8.2850: 00007ffe91fe0000-00007ffe91feefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48332a8.2850: 00007ffe91fef000-00007ffe91feffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48432a8.2850: 00007ffe91ff0000-00007ffe91ff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48532a8.2850: 00007ffe91ff3000-00007ffe92064fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
48632a8.2850: 00007ffe92065000-00007ffffffeffff 0x0001/0x0000 0x0000000
48732a8.2850: supR3HardNtChildPurify: Done after 1054 ms and 1 fixes (loop #1).
4882ab8.1528: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
4892ab8.1528: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe91e70000 g_uNtVerCombined=0xa04a6300 (stack ~000000000093f7c8)
4902ab8.1528: ntdll.dll: timestamp 0x1be73aa8 (rc=VINF_SUCCESS)
4912ab8.1528: New simple heap: #1 0000000000a70000 LB 0x400000 (for 2052096 allocation)
4922ab8.1528: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
4932ab8.1528: System32: \Device\HarddiskVolume2\Windows\System32
4942ab8.1528: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
4952ab8.1528: KnownDllPath: C:\WINDOWS\System32
4962ab8.1528: supR3HardenedVmProcessInit: Opening vboxdrv stub...
49732a8.2850: supR3HardNtEnableThreadCreationEx:
4982ab8.1528: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4992ab8.1528: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5002ab8.1528: Registered Dll notification callback with NTDLL.
5012ab8.1528: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5022ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5032ab8.1528: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5042ab8.1528: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000940088 enmState=3 -> supR3HardenedWinDummyApcRoutine
5052ab8.1528: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000940000 pvArg2=0000000000000000 pvArg3=0000000000000000
5062ab8.1528: supR3HardenedDllNotificationCallback: load 00007ffe8f830000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5072ab8.1528: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5082ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5092ab8.1528: supR3HardenedDllNotificationCallback: load 00007ffe8ff80000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5102ab8.1528: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5112ab8.1528: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\KERNEL32.DLL'
5122ab8.1528: supR3HardenedDllNotificationCallback: load 00007ff7dd7b0000 LB 0x00118000 C:\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5132ab8.1528: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5142ab8.1528: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
5152ab8.1528: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe)
5162ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
5172ab8.1528: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe91ee4b00 pvNtTerminateThread=00007ffe91f0d7c0
51832a8.2850: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 132 ms.
5192ab8.1528: \SystemRoot\System32\ntdll.dll:
5202ab8.1528: CreationTime: 2022-03-16T10:50:20.809495200Z
5212ab8.1528: LastWriteTime: 2022-03-16T10:50:20.868323400Z
5222ab8.1528: ChangeTime: 2022-03-16T11:08:20.006216200Z
5232ab8.1528: FileAttributes: 0x20
5242ab8.1528: Size: 0x1eeb20
5252ab8.1528: NT Headers: 0xe8
5262ab8.1528: Timestamp: 0x1be73aa8
5272ab8.1528: Machine: 0x8664 - amd64
5282ab8.1528: Timestamp: 0x1be73aa8
5292ab8.1528: Image Version: 10.0
5302ab8.1528: SizeOfImage: 0x1f5000 (2052096)
5312ab8.1528: Resource Dir: 0x184000 LB 0x6ff08
5322ab8.1528: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5332ab8.1528: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5342ab8.1528: ProductName: Microsoft® Windows® Operating System
5352ab8.1528: ProductVersion: 10.0.19041.1566
5362ab8.1528: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
5372ab8.1528: FileDescription: NT Layer DLL
5382ab8.1528: \SystemRoot\System32\kernel32.dll:
5392ab8.1528: CreationTime: 2022-03-16T10:49:09.749242600Z
5402ab8.1528: LastWriteTime: 2022-03-16T10:49:09.881464200Z
5412ab8.1528: ChangeTime: 2022-03-16T11:08:09.318981400Z
5422ab8.1528: FileAttributes: 0x20
5432ab8.1528: Size: 0xbc058
5442ab8.1528: NT Headers: 0xe8
5452ab8.1528: Timestamp: 0xf32175d9
5462ab8.1528: Machine: 0x8664 - amd64
5472ab8.1528: Timestamp: 0xf32175d9
5482ab8.1528: Image Version: 10.0
5492ab8.1528: SizeOfImage: 0xbe000 (778240)
5502ab8.1528: Resource Dir: 0xbc000 LB 0x520
5512ab8.1528: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5522ab8.1528: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5532ab8.1528: ProductName: Microsoft® Windows® Operating System
5542ab8.1528: ProductVersion: 10.0.19041.1566
5552ab8.1528: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
5562ab8.1528: FileDescription: Windows NT BASE API Client DLL
5572ab8.1528: \SystemRoot\System32\KernelBase.dll:
5582ab8.1528: CreationTime: 2022-03-16T10:50:23.347241400Z
5592ab8.1528: LastWriteTime: 2022-03-16T10:50:23.473992300Z
5602ab8.1528: ChangeTime: 2022-03-16T11:08:17.865576300Z
5612ab8.1528: FileAttributes: 0x20
5622ab8.1528: Size: 0x2c9578
5632ab8.1528: NT Headers: 0xf0
5642ab8.1528: Timestamp: 0x833f2d4
5652ab8.1528: Machine: 0x8664 - amd64
5662ab8.1528: Timestamp: 0x833f2d4
5672ab8.1528: Image Version: 10.0
5682ab8.1528: SizeOfImage: 0x2c8000 (2916352)
5692ab8.1528: Resource Dir: 0x29f000 LB 0x548
5702ab8.1528: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5712ab8.1528: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5722ab8.1528: ProductName: Microsoft® Windows® Operating System
5732ab8.1528: ProductVersion: 10.0.19041.1566
5742ab8.1528: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
5752ab8.1528: FileDescription: Windows NT BASE API Client DLL
5762ab8.1528: \SystemRoot\System32\apisetschema.dll:
5772ab8.1528: CreationTime: 2019-12-07T09:08:13.518339400Z
5782ab8.1528: LastWriteTime: 2019-12-07T09:08:13.518339400Z
5792ab8.1528: ChangeTime: 2022-03-16T10:56:54.504405300Z
5802ab8.1528: FileAttributes: 0x20
5812ab8.1528: Size: 0x1f538
5822ab8.1528: NT Headers: 0xd0
5832ab8.1528: Timestamp: 0x31288ce0
5842ab8.1528: Machine: 0x8664 - amd64
5852ab8.1528: Timestamp: 0x31288ce0
5862ab8.1528: Image Version: 10.0
5872ab8.1528: SizeOfImage: 0x20000 (131072)
5882ab8.1528: Resource Dir: 0x1f000 LB 0x408
5892ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5902ab8.1528: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5912ab8.1528: ProductName: Microsoft® Windows® Operating System
5922ab8.1528: ProductVersion: 10.0.19041.1
5932ab8.1528: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5942ab8.1528: FileDescription: ApiSet Schema DLL
5952ab8.1528: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5962ab8.1528: supR3HardenedWinFindAdversaries: 0x24
5972ab8.1528: \SystemRoot\System32\drivers\aswMonFlt.sys:
5982ab8.1528: CreationTime: 2020-10-19T10:05:23.385865200Z
5992ab8.1528: LastWriteTime: 2022-03-25T10:06:37.972769600Z
6002ab8.1528: ChangeTime: 2022-03-25T10:06:37.972769600Z
6012ab8.1528: FileAttributes: 0x20
6022ab8.1528: Size: 0x41c80
6032ab8.1528: NT Headers: 0xf0
6042ab8.1528: Timestamp: 0x621c9823
6052ab8.1528: Machine: 0x8664 - amd64
6062ab8.1528: Timestamp: 0x621c9823
6072ab8.1528: Image Version: 10.0
6082ab8.1528: SizeOfImage: 0x44000 (278528)
6092ab8.1528: Resource Dir: 0x42000 LB 0x3a0
6102ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6112ab8.1528: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
6122ab8.1528: ProductName: Avast Antivirus
6132ab8.1528: ProductVersion: 22.2.349.0
6142ab8.1528: FileVersion: 22.2.349.0
6152ab8.1528: FileDescription: Avast File System Filter
6162ab8.1528: \SystemRoot\System32\drivers\aswRdr2.sys:
6172ab8.1528: CreationTime: 2019-11-19T10:51:06.381407600Z
6182ab8.1528: LastWriteTime: 2022-03-25T10:06:37.765737300Z
6192ab8.1528: ChangeTime: 2022-03-25T10:06:37.765737300Z
6202ab8.1528: FileAttributes: 0x20
6212ab8.1528: Size: 0x1a970
6222ab8.1528: NT Headers: 0xe8
6232ab8.1528: Timestamp: 0x621c9820
6242ab8.1528: Machine: 0x8664 - amd64
6252ab8.1528: Timestamp: 0x621c9820
6262ab8.1528: Image Version: 10.0
6272ab8.1528: SizeOfImage: 0x1a000 (106496)
6282ab8.1528: Resource Dir: 0x18000 LB 0x388
6292ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6302ab8.1528: [Raw version resource data: 0x18060 LB 0x324, codepage 0x0 (reserved 0x0)]
6312ab8.1528: ProductName: Avast Antivirus
6322ab8.1528: ProductVersion: 22.2.349.0
6332ab8.1528: FileVersion: 22.2.349.0
6342ab8.1528: FileDescription: Avast Antivirus
6352ab8.1528: \SystemRoot\System32\drivers\aswRvrt.sys:
6362ab8.1528: CreationTime: 2019-11-19T10:51:06.505485200Z
6372ab8.1528: LastWriteTime: 2022-03-25T10:06:38.088661700Z
6382ab8.1528: ChangeTime: 2022-03-25T10:06:38.088661700Z
6392ab8.1528: FileAttributes: 0x20
6402ab8.1528: Size: 0x14808
6412ab8.1528: NT Headers: 0xe8
6422ab8.1528: Timestamp: 0x621c9822
6432ab8.1528: Machine: 0x8664 - amd64
6442ab8.1528: Timestamp: 0x621c9822
6452ab8.1528: Image Version: 10.0
6462ab8.1528: SizeOfImage: 0x13000 (77824)
6472ab8.1528: Resource Dir: 0x11000 LB 0x380
6482ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6492ab8.1528: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
6502ab8.1528: ProductName: Avast Antivirus
6512ab8.1528: ProductVersion: 22.2.349.0
6522ab8.1528: FileVersion: 22.2.349.0
6532ab8.1528: FileDescription: Avast Revert
6542ab8.1528: \SystemRoot\System32\drivers\aswSnx.sys:
6552ab8.1528: CreationTime: 2019-11-19T10:51:06.140261000Z
6562ab8.1528: LastWriteTime: 2022-03-25T10:06:24.083299600Z
6572ab8.1528: ChangeTime: 2022-03-25T10:06:24.083299600Z
6582ab8.1528: FileAttributes: 0x20
6592ab8.1528: Size: 0xd0d28
6602ab8.1528: NT Headers: 0xf0
6612ab8.1528: Timestamp: 0x621c9828
6622ab8.1528: Machine: 0x8664 - amd64
6632ab8.1528: Timestamp: 0x621c9828
6642ab8.1528: Image Version: 10.0
6652ab8.1528: SizeOfImage: 0xcd000 (839680)
6662ab8.1528: Resource Dir: 0xca000 LB 0x388
6672ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6682ab8.1528: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
6692ab8.1528: ProductName: Avast Antivirus
6702ab8.1528: ProductVersion: 22.2.349.0
6712ab8.1528: FileVersion: 22.2.349.0
6722ab8.1528: FileDescription: Avast Antivirus
6732ab8.1528: \SystemRoot\System32\drivers\aswsp.sys:
6742ab8.1528: CreationTime: 2019-11-19T10:51:06.538873000Z
6752ab8.1528: LastWriteTime: 2022-03-25T10:06:38.204544200Z
6762ab8.1528: ChangeTime: 2022-03-25T10:06:38.204544200Z
6772ab8.1528: FileAttributes: 0x20
6782ab8.1528: Size: 0x86bf0
6792ab8.1528: NT Headers: 0xe8
6802ab8.1528: Timestamp: 0x621c9832
6812ab8.1528: Machine: 0x8664 - amd64
6822ab8.1528: Timestamp: 0x621c9832
6832ab8.1528: Image Version: 10.0
6842ab8.1528: SizeOfImage: 0x87000 (552960)
6852ab8.1528: Resource Dir: 0x85000 LB 0x388
6862ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6872ab8.1528: [Raw version resource data: 0x85060 LB 0x328, codepage 0x0 (reserved 0x0)]
6882ab8.1528: ProductName: Avast Antivirus
6892ab8.1528: ProductVersion: 22.2.349.0
6902ab8.1528: FileVersion: 22.2.349.0
6912ab8.1528: FileDescription: Avast Self Protection
6922ab8.1528: \SystemRoot\System32\drivers\aswStm.sys:
6932ab8.1528: CreationTime: 2022-03-25T10:06:57.322661500Z
6942ab8.1528: LastWriteTime: 2022-03-25T10:06:39.554827200Z
6952ab8.1528: ChangeTime: 2022-03-25T10:06:39.554827200Z
6962ab8.1528: FileAttributes: 0x20
6972ab8.1528: Size: 0x34b70
6982ab8.1528: NT Headers: 0xf0
6992ab8.1528: Timestamp: 0x621c9825
7002ab8.1528: Machine: 0x8664 - amd64
7012ab8.1528: Timestamp: 0x621c9825
7022ab8.1528: Image Version: 10.0
7032ab8.1528: SizeOfImage: 0x34000 (212992)
7042ab8.1528: Resource Dir: 0x32000 LB 0x390
7052ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7062ab8.1528: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
7072ab8.1528: ProductName: Avast Antivirus
7082ab8.1528: ProductVersion: 22.2.349.0
7092ab8.1528: FileVersion: 22.2.349.0
7102ab8.1528: FileDescription: Avast Stream Filter
7112ab8.1528: \SystemRoot\System32\drivers\aswVmm.sys:
7122ab8.1528: CreationTime: 2019-11-19T10:51:06.632896600Z
7132ab8.1528: LastWriteTime: 2022-03-25T10:06:41.359531900Z
7142ab8.1528: ChangeTime: 2022-03-25T10:06:41.359531900Z
7152ab8.1528: FileAttributes: 0x20
7162ab8.1528: Size: 0x4dd28
7172ab8.1528: NT Headers: 0xe8
7182ab8.1528: Timestamp: 0x621c9822
7192ab8.1528: Machine: 0x8664 - amd64
7202ab8.1528: Timestamp: 0x621c9822
7212ab8.1528: Image Version: 10.0
7222ab8.1528: SizeOfImage: 0x4b000 (307200)
7232ab8.1528: Resource Dir: 0x49000 LB 0x388
7242ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7252ab8.1528: [Raw version resource data: 0x49060 LB 0x328, codepage 0x0 (reserved 0x0)]
7262ab8.1528: ProductName: Avast Antivirus
7272ab8.1528: ProductVersion: 22.2.349.0
7282ab8.1528: FileVersion: 22.2.349.0
7292ab8.1528: FileDescription: Avast VM Monitor
7302ab8.1528: \SystemRoot\System32\drivers\mfeapfk.sys:
7312ab8.1528: CreationTime: 2014-03-28T15:40:51.464941000Z
7322ab8.1528: LastWriteTime: 2014-03-28T16:06:10.610945600Z
7332ab8.1528: ChangeTime: 2020-11-02T18:01:55.914119900Z
7342ab8.1528: FileAttributes: 0x20
7352ab8.1528: Size: 0x2c030
7362ab8.1528: NT Headers: 0xe8
7372ab8.1528: Timestamp: 0x52ab7fef
7382ab8.1528: Machine: 0x8664 - amd64
7392ab8.1528: Timestamp: 0x52ab7fef
7402ab8.1528: Image Version: 0.0
7412ab8.1528: SizeOfImage: 0x29d00 (171264)
7422ab8.1528: Resource Dir: 0x29500 LB 0x340
7432ab8.1528: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7442ab8.1528: [Raw version resource data: 0x29560 LB 0x2dc, codepage 0x0 (reserved 0x0)]
7452ab8.1528: ProductName: SYSCORE
7462ab8.1528: FileVersion: SYSCORE.15.1.0.656
7472ab8.1528: PrivateBuild: SYSCORE.15.1.0.656 F16
7482ab8.1528: FileDescription: Access Protection Filter Driver
7492ab8.1528: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
7502ab8.1528: Calling main()
7512ab8.1528: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
7522ab8.1528: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
7532ab8.1528: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7542ab8.1528: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
7552ab8.1528: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe)
7562ab8.1528: SUPR3HardenedMain: Respawn #2
7572ab8.1528: supR3HardNtEnableThreadCreationEx:
7582ab8.1528: supR3HardenedDllNotificationCallback: load 00007ffe91a80000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
7592ab8.1528: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
7602ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
7612ab8.1528: supR3HardenedDllNotificationCallback: load 00007ffe916d0000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7622ab8.1528: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
7632ab8.1528: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
7642ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
7652ab8.1528: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
7662ab8.1528: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
7672ab8.1528: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
7682ab8.1528: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7692ab8.1528: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7702ab8.1528: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7712ab8.1528: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7722ab8.1528: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91e70000 'C:\WINDOWS\System32\ntdll.dll'
7732ab8.1528: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe91ee4b00 pvNtTerminateThread=00007ffe91f0d7c0
7742ab8.1528: supR3HardenedWinDoReSpawn(2): New child 1450.31ec [kernel32].
7752ab8.1528: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
7762ab8.1528: supR3HardNtChildGatherData: PebBaseAddress=00000000003c8000 cbPeb=0x388
7772ab8.1528: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe91e70000 uNtDllChildAddr=00007ffe91e70000
7782ab8.1528: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe91ee4b00
7792ab8.1528: supR3HardenedWinSetupChildInit: Initial context:
780 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7dd7b7900 rdx=00000000003c8000
781 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
782 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
783 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
784 rip=00007ffe91ec2630 rsp=00000000001cf948 rbp=0000000000000000 ctxflags=0010001b
785 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
786 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
787 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
788 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
789 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
7902ab8.1528: kernel32.dll: timestamp 0xf32175d9 (rc=VINF_SUCCESS)
7912ab8.1528: supR3HardenedWinSetupChildInit: Start child.
7922ab8.1528: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7932ab8.1528: supR3HardNtChildPurify: Startup delay kludge #1/0: 528 ms, 34 sleeps
7942ab8.1528: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7952ab8.1528: *0000000000000000-000000000008ffff 0x0001/0x0000 0x0000000
7962ab8.1528: *0000000000090000-00000000000affff 0x0004/0x0004 0x0020000
7972ab8.1528: *00000000000b0000-00000000000ccfff 0x0002/0x0002 0x0040000
7982ab8.1528: 00000000000cd000-00000000000cffff 0x0001/0x0000 0x0000000
7992ab8.1528: *00000000000d0000-00000000001cafff 0x0000/0x0004 0x0020000
8002ab8.1528: 00000000001cb000-00000000001cdfff 0x0104/0x0004 0x0020000
8012ab8.1528: 00000000001ce000-00000000001cffff 0x0004/0x0004 0x0020000
8022ab8.1528: *00000000001d0000-00000000001d0fff 0x0020/0x0020 0x0040000 !!
8032ab8.1528: supHardNtVpScanVirtualMemory: Unmapping exec mem at 00000000001d0000 (00000000001d0000/00000000001d0000 LB 0x1000)
8042ab8.1528: 00000000001d1000-00000000001dffff 0x0001/0x0000 0x0000000
8052ab8.1528: *00000000001e0000-00000000001e3fff 0x0002/0x0002 0x0040000
8062ab8.1528: 00000000001e4000-00000000001effff 0x0001/0x0000 0x0000000
8072ab8.1528: *00000000001f0000-00000000001f1fff 0x0004/0x0004 0x0020000
8082ab8.1528: 00000000001f2000-00000000001fffff 0x0001/0x0000 0x0000000
8092ab8.1528: *0000000000200000-00000000003c7fff 0x0000/0x0004 0x0020000
8102ab8.1528: 00000000003c8000-00000000003cafff 0x0004/0x0004 0x0020000
8112ab8.1528: 00000000003cb000-00000000003fffff 0x0000/0x0004 0x0020000
8122ab8.1528: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
8132ab8.1528: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
8142ab8.1528: 000000007ffe1000-000000007ffe5fff 0x0001/0x0000 0x0000000
8152ab8.1528: *000000007ffe6000-000000007ffe6fff 0x0002/0x0002 0x0020000
8162ab8.1528: 000000007ffe7000-00007ff54eebffff 0x0001/0x0000 0x0000000
8172ab8.1528: *00007ff54eec0000-00007ff54eec0fff 0x0002/0x0002 0x0040000
8182ab8.1528: 00007ff54eec1000-00007ff54eecffff 0x0001/0x0000 0x0000000
8192ab8.1528: *00007ff54eed0000-00007ff54eef2fff 0x0002/0x0002 0x0040000
8202ab8.1528: 00007ff54eef3000-00007ff7dd7affff 0x0001/0x0000 0x0000000
8212ab8.1528: *00007ff7dd7b0000-00007ff7dd7b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8222ab8.1528: 00007ff7dd7b1000-00007ff7dd827fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8232ab8.1528: 00007ff7dd828000-00007ff7dd828fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8242ab8.1528: 00007ff7dd829000-00007ff7dd871fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8252ab8.1528: 00007ff7dd872000-00007ff7dd872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8262ab8.1528: 00007ff7dd873000-00007ff7dd873fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8272ab8.1528: 00007ff7dd874000-00007ff7dd878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8282ab8.1528: 00007ff7dd879000-00007ff7dd879fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8292ab8.1528: 00007ff7dd87a000-00007ff7dd87afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8302ab8.1528: 00007ff7dd87b000-00007ff7dd87efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8312ab8.1528: 00007ff7dd87f000-00007ff7dd8c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8322ab8.1528: 00007ff7dd8c8000-00007ffe91e6ffff 0x0001/0x0000 0x0000000
8332ab8.1528: *00007ffe91e70000-00007ffe91e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8342ab8.1528: 00007ffe91e71000-00007ffe91f8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8352ab8.1528: 00007ffe91f8c000-00007ffe91fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8362ab8.1528: 00007ffe91fd4000-00007ffe91fdffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8372ab8.1528: 00007ffe91fe0000-00007ffe91feefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8382ab8.1528: 00007ffe91fef000-00007ffe91feffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8392ab8.1528: 00007ffe91ff0000-00007ffe91ff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8402ab8.1528: 00007ffe91ff3000-00007ffe92064fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8412ab8.1528: 00007ffe92065000-00007ffffffeffff 0x0001/0x0000 0x0000000
8422ab8.1528: VirtualBoxVM.exe: timestamp 0x61e55350 (rc=VINF_SUCCESS)
8432ab8.1528: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
8442ab8.1528: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
8452ab8.1528: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
8462ab8.1528: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x24
8472ab8.1528: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 33 sleeps
8482ab8.1528: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
8492ab8.1528: *0000000000000000-000000000008ffff 0x0001/0x0000 0x0000000
8502ab8.1528: *0000000000090000-00000000000affff 0x0004/0x0004 0x0020000
8512ab8.1528: *00000000000b0000-00000000000ccfff 0x0002/0x0002 0x0040000
8522ab8.1528: 00000000000cd000-00000000000cffff 0x0001/0x0000 0x0000000
8532ab8.1528: *00000000000d0000-00000000001cafff 0x0000/0x0004 0x0020000
8542ab8.1528: 00000000001cb000-00000000001cdfff 0x0104/0x0004 0x0020000
8552ab8.1528: 00000000001ce000-00000000001cffff 0x0004/0x0004 0x0020000
8562ab8.1528: 00000000001d0000-00000000001dffff 0x0001/0x0000 0x0000000
8572ab8.1528: *00000000001e0000-00000000001e3fff 0x0002/0x0002 0x0040000
8582ab8.1528: 00000000001e4000-00000000001effff 0x0001/0x0000 0x0000000
8592ab8.1528: *00000000001f0000-00000000001f1fff 0x0004/0x0004 0x0020000
8602ab8.1528: 00000000001f2000-00000000001fffff 0x0001/0x0000 0x0000000
8612ab8.1528: *0000000000200000-00000000003c7fff 0x0000/0x0004 0x0020000
8622ab8.1528: 00000000003c8000-00000000003cafff 0x0004/0x0004 0x0020000
8632ab8.1528: 00000000003cb000-00000000003fffff 0x0000/0x0004 0x0020000
8642ab8.1528: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
8652ab8.1528: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
8662ab8.1528: 000000007ffe1000-000000007ffe5fff 0x0001/0x0000 0x0000000
8672ab8.1528: *000000007ffe6000-000000007ffe6fff 0x0002/0x0002 0x0020000
8682ab8.1528: 000000007ffe7000-00007ff54eebffff 0x0001/0x0000 0x0000000
8692ab8.1528: *00007ff54eec0000-00007ff54eec0fff 0x0002/0x0002 0x0040000
8702ab8.1528: 00007ff54eec1000-00007ff54eecffff 0x0001/0x0000 0x0000000
8712ab8.1528: *00007ff54eed0000-00007ff54eef2fff 0x0002/0x0002 0x0040000
8722ab8.1528: 00007ff54eef3000-00007ff7dd7affff 0x0001/0x0000 0x0000000
8732ab8.1528: *00007ff7dd7b0000-00007ff7dd7b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8742ab8.1528: 00007ff7dd7b1000-00007ff7dd827fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8752ab8.1528: 00007ff7dd828000-00007ff7dd828fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8762ab8.1528: 00007ff7dd829000-00007ff7dd871fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8772ab8.1528: 00007ff7dd872000-00007ff7dd87efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8782ab8.1528: 00007ff7dd87f000-00007ff7dd8c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
8792ab8.1528: 00007ff7dd8c8000-00007ffe91e6ffff 0x0001/0x0000 0x0000000
8802ab8.1528: *00007ffe91e70000-00007ffe91e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8812ab8.1528: 00007ffe91e71000-00007ffe91f8bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8822ab8.1528: 00007ffe91f8c000-00007ffe91fd3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8832ab8.1528: 00007ffe91fd4000-00007ffe91fd7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8842ab8.1528: 00007ffe91fd8000-00007ffe91fdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8852ab8.1528: 00007ffe91fe0000-00007ffe91feefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8862ab8.1528: 00007ffe91fef000-00007ffe91feffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8872ab8.1528: 00007ffe91ff0000-00007ffe91ff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8882ab8.1528: 00007ffe91ff3000-00007ffe92064fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
8892ab8.1528: 00007ffe92065000-00007ffffffeffff 0x0001/0x0000 0x0000000
8902ab8.1528: supR3HardNtChildPurify: Done after 1111 ms and 1 fixes (loop #1).
8911450.31ec: Log file opened: 6.1.32r149290 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
8921450.31ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe91e70000 g_uNtVerCombined=0xa04a6300 (stack ~00000000001cf3d8)
8931450.31ec: ntdll.dll: timestamp 0x1be73aa8 (rc=VINF_SUCCESS)
8941450.31ec: New simple heap: #1 0000000000500000 LB 0x400000 (for 2052096 allocation)
8952ab8.1528: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a70000 LB 0x400000)
8962ab8.1528: supR3HardNtEnableThreadCreationEx:
8971450.31ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
8981450.31ec: System32: \Device\HarddiskVolume2\Windows\System32
8991450.31ec: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
9001450.31ec: KnownDllPath: C:\WINDOWS\System32
9011450.31ec: supR3HardenedVmProcessInit: Opening vboxdrv...
9021450.31ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
9031450.31ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
9041450.31ec: Registered Dll notification callback with NTDLL.
9051450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
9061450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
9071450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
9081450.31ec: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00000000001d0088 enmState=4 -> supR3HardenedWinDummyApcRoutine
9091450.31ec: supR3HardenedWinDummyApcRoutine: pvArg1=00000000001d0000 pvArg2=0000000000000000 pvArg3=0000000000000000
9101450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f830000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
9111450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
9121450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
9131450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8ff80000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
9141450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9151450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\KERNEL32.DLL'
9161450.31ec: supR3HardenedDllNotificationCallback: load 00007ff7dd7b0000 LB 0x00118000 C:\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
9171450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
9181450.31ec: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
9191450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe)
9201450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe
9211450.31ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe91ee4b00 pvNtTerminateThread=00007ffe91f0d7c0
9222ab8.1528: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 148 ms.
9231450.31ec: \SystemRoot\System32\ntdll.dll:
9241450.31ec: CreationTime: 2022-03-16T10:50:20.809495200Z
9251450.31ec: LastWriteTime: 2022-03-16T10:50:20.868323400Z
9261450.31ec: ChangeTime: 2022-03-16T11:08:20.006216200Z
9271450.31ec: FileAttributes: 0x20
9281450.31ec: Size: 0x1eeb20
9291450.31ec: NT Headers: 0xe8
9301450.31ec: Timestamp: 0x1be73aa8
9311450.31ec: Machine: 0x8664 - amd64
9321450.31ec: Timestamp: 0x1be73aa8
9331450.31ec: Image Version: 10.0
9341450.31ec: SizeOfImage: 0x1f5000 (2052096)
9351450.31ec: Resource Dir: 0x184000 LB 0x6ff08
9361450.31ec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
9371450.31ec: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
9381450.31ec: ProductName: Microsoft® Windows® Operating System
9391450.31ec: ProductVersion: 10.0.19041.1566
9401450.31ec: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
9411450.31ec: FileDescription: NT Layer DLL
9421450.31ec: \SystemRoot\System32\kernel32.dll:
9431450.31ec: CreationTime: 2022-03-16T10:49:09.749242600Z
9441450.31ec: LastWriteTime: 2022-03-16T10:49:09.881464200Z
9451450.31ec: ChangeTime: 2022-03-16T11:08:09.318981400Z
9461450.31ec: FileAttributes: 0x20
9471450.31ec: Size: 0xbc058
9481450.31ec: NT Headers: 0xe8
9491450.31ec: Timestamp: 0xf32175d9
9501450.31ec: Machine: 0x8664 - amd64
9511450.31ec: Timestamp: 0xf32175d9
9521450.31ec: Image Version: 10.0
9531450.31ec: SizeOfImage: 0xbe000 (778240)
9541450.31ec: Resource Dir: 0xbc000 LB 0x520
9551450.31ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9561450.31ec: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
9571450.31ec: ProductName: Microsoft® Windows® Operating System
9581450.31ec: ProductVersion: 10.0.19041.1566
9591450.31ec: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
9601450.31ec: FileDescription: Windows NT BASE API Client DLL
9611450.31ec: \SystemRoot\System32\KernelBase.dll:
9621450.31ec: CreationTime: 2022-03-16T10:50:23.347241400Z
9631450.31ec: LastWriteTime: 2022-03-16T10:50:23.473992300Z
9641450.31ec: ChangeTime: 2022-03-16T11:08:17.865576300Z
9651450.31ec: FileAttributes: 0x20
9661450.31ec: Size: 0x2c9578
9671450.31ec: NT Headers: 0xf0
9681450.31ec: Timestamp: 0x833f2d4
9691450.31ec: Machine: 0x8664 - amd64
9701450.31ec: Timestamp: 0x833f2d4
9711450.31ec: Image Version: 10.0
9721450.31ec: SizeOfImage: 0x2c8000 (2916352)
9731450.31ec: Resource Dir: 0x29f000 LB 0x548
9741450.31ec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9751450.31ec: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
9761450.31ec: ProductName: Microsoft® Windows® Operating System
9771450.31ec: ProductVersion: 10.0.19041.1566
9781450.31ec: FileVersion: 10.0.19041.1566 (WinBuild.160101.0800)
9791450.31ec: FileDescription: Windows NT BASE API Client DLL
9801450.31ec: \SystemRoot\System32\apisetschema.dll:
9811450.31ec: CreationTime: 2019-12-07T09:08:13.518339400Z
9821450.31ec: LastWriteTime: 2019-12-07T09:08:13.518339400Z
9831450.31ec: ChangeTime: 2022-03-16T10:56:54.504405300Z
9841450.31ec: FileAttributes: 0x20
9851450.31ec: Size: 0x1f538
9861450.31ec: NT Headers: 0xd0
9871450.31ec: Timestamp: 0x31288ce0
9881450.31ec: Machine: 0x8664 - amd64
9891450.31ec: Timestamp: 0x31288ce0
9901450.31ec: Image Version: 10.0
9911450.31ec: SizeOfImage: 0x20000 (131072)
9921450.31ec: Resource Dir: 0x1f000 LB 0x408
9931450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9941450.31ec: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
9951450.31ec: ProductName: Microsoft® Windows® Operating System
9961450.31ec: ProductVersion: 10.0.19041.1
9971450.31ec: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
9981450.31ec: FileDescription: ApiSet Schema DLL
9991450.31ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
10001450.31ec: supR3HardenedWinFindAdversaries: 0x24
10011450.31ec: \SystemRoot\System32\drivers\aswMonFlt.sys:
10021450.31ec: CreationTime: 2020-10-19T10:05:23.385865200Z
10031450.31ec: LastWriteTime: 2022-03-25T10:06:37.972769600Z
10041450.31ec: ChangeTime: 2022-03-25T10:06:37.972769600Z
10051450.31ec: FileAttributes: 0x20
10061450.31ec: Size: 0x41c80
10071450.31ec: NT Headers: 0xf0
10081450.31ec: Timestamp: 0x621c9823
10091450.31ec: Machine: 0x8664 - amd64
10101450.31ec: Timestamp: 0x621c9823
10111450.31ec: Image Version: 10.0
10121450.31ec: SizeOfImage: 0x44000 (278528)
10131450.31ec: Resource Dir: 0x42000 LB 0x3a0
10141450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10151450.31ec: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
10161450.31ec: ProductName: Avast Antivirus
10171450.31ec: ProductVersion: 22.2.349.0
10181450.31ec: FileVersion: 22.2.349.0
10191450.31ec: FileDescription: Avast File System Filter
10201450.31ec: \SystemRoot\System32\drivers\aswRdr2.sys:
10211450.31ec: CreationTime: 2019-11-19T10:51:06.381407600Z
10221450.31ec: LastWriteTime: 2022-03-25T10:06:37.765737300Z
10231450.31ec: ChangeTime: 2022-03-25T10:06:37.765737300Z
10241450.31ec: FileAttributes: 0x20
10251450.31ec: Size: 0x1a970
10261450.31ec: NT Headers: 0xe8
10271450.31ec: Timestamp: 0x621c9820
10281450.31ec: Machine: 0x8664 - amd64
10291450.31ec: Timestamp: 0x621c9820
10301450.31ec: Image Version: 10.0
10311450.31ec: SizeOfImage: 0x1a000 (106496)
10321450.31ec: Resource Dir: 0x18000 LB 0x388
10331450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10341450.31ec: [Raw version resource data: 0x18060 LB 0x324, codepage 0x0 (reserved 0x0)]
10351450.31ec: ProductName: Avast Antivirus
10361450.31ec: ProductVersion: 22.2.349.0
10371450.31ec: FileVersion: 22.2.349.0
10381450.31ec: FileDescription: Avast Antivirus
10391450.31ec: \SystemRoot\System32\drivers\aswRvrt.sys:
10401450.31ec: CreationTime: 2019-11-19T10:51:06.505485200Z
10411450.31ec: LastWriteTime: 2022-03-25T10:06:38.088661700Z
10421450.31ec: ChangeTime: 2022-03-25T10:06:38.088661700Z
10431450.31ec: FileAttributes: 0x20
10441450.31ec: Size: 0x14808
10451450.31ec: NT Headers: 0xe8
10461450.31ec: Timestamp: 0x621c9822
10471450.31ec: Machine: 0x8664 - amd64
10481450.31ec: Timestamp: 0x621c9822
10491450.31ec: Image Version: 10.0
10501450.31ec: SizeOfImage: 0x13000 (77824)
10511450.31ec: Resource Dir: 0x11000 LB 0x380
10521450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10531450.31ec: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
10541450.31ec: ProductName: Avast Antivirus
10551450.31ec: ProductVersion: 22.2.349.0
10561450.31ec: FileVersion: 22.2.349.0
10571450.31ec: FileDescription: Avast Revert
10581450.31ec: \SystemRoot\System32\drivers\aswSnx.sys:
10591450.31ec: CreationTime: 2019-11-19T10:51:06.140261000Z
10601450.31ec: LastWriteTime: 2022-03-25T10:06:24.083299600Z
10611450.31ec: ChangeTime: 2022-03-25T10:06:24.083299600Z
10621450.31ec: FileAttributes: 0x20
10631450.31ec: Size: 0xd0d28
10641450.31ec: NT Headers: 0xf0
10651450.31ec: Timestamp: 0x621c9828
10661450.31ec: Machine: 0x8664 - amd64
10671450.31ec: Timestamp: 0x621c9828
10681450.31ec: Image Version: 10.0
10691450.31ec: SizeOfImage: 0xcd000 (839680)
10701450.31ec: Resource Dir: 0xca000 LB 0x388
10711450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10721450.31ec: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
10731450.31ec: ProductName: Avast Antivirus
10741450.31ec: ProductVersion: 22.2.349.0
10751450.31ec: FileVersion: 22.2.349.0
10761450.31ec: FileDescription: Avast Antivirus
10771450.31ec: \SystemRoot\System32\drivers\aswsp.sys:
10781450.31ec: CreationTime: 2019-11-19T10:51:06.538873000Z
10791450.31ec: LastWriteTime: 2022-03-25T10:06:38.204544200Z
10801450.31ec: ChangeTime: 2022-03-25T10:06:38.204544200Z
10811450.31ec: FileAttributes: 0x20
10821450.31ec: Size: 0x86bf0
10831450.31ec: NT Headers: 0xe8
10841450.31ec: Timestamp: 0x621c9832
10851450.31ec: Machine: 0x8664 - amd64
10861450.31ec: Timestamp: 0x621c9832
10871450.31ec: Image Version: 10.0
10881450.31ec: SizeOfImage: 0x87000 (552960)
10891450.31ec: Resource Dir: 0x85000 LB 0x388
10901450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10911450.31ec: [Raw version resource data: 0x85060 LB 0x328, codepage 0x0 (reserved 0x0)]
10921450.31ec: ProductName: Avast Antivirus
10931450.31ec: ProductVersion: 22.2.349.0
10941450.31ec: FileVersion: 22.2.349.0
10951450.31ec: FileDescription: Avast Self Protection
10961450.31ec: \SystemRoot\System32\drivers\aswStm.sys:
10971450.31ec: CreationTime: 2022-03-25T10:06:57.322661500Z
10981450.31ec: LastWriteTime: 2022-03-25T10:06:39.554827200Z
10991450.31ec: ChangeTime: 2022-03-25T10:06:39.554827200Z
11001450.31ec: FileAttributes: 0x20
11011450.31ec: Size: 0x34b70
11021450.31ec: NT Headers: 0xf0
11031450.31ec: Timestamp: 0x621c9825
11041450.31ec: Machine: 0x8664 - amd64
11051450.31ec: Timestamp: 0x621c9825
11061450.31ec: Image Version: 10.0
11071450.31ec: SizeOfImage: 0x34000 (212992)
11081450.31ec: Resource Dir: 0x32000 LB 0x390
11091450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11101450.31ec: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
11111450.31ec: ProductName: Avast Antivirus
11121450.31ec: ProductVersion: 22.2.349.0
11131450.31ec: FileVersion: 22.2.349.0
11141450.31ec: FileDescription: Avast Stream Filter
11151450.31ec: \SystemRoot\System32\drivers\aswVmm.sys:
11161450.31ec: CreationTime: 2019-11-19T10:51:06.632896600Z
11171450.31ec: LastWriteTime: 2022-03-25T10:06:41.359531900Z
11181450.31ec: ChangeTime: 2022-03-25T10:06:41.359531900Z
11191450.31ec: FileAttributes: 0x20
11201450.31ec: Size: 0x4dd28
11211450.31ec: NT Headers: 0xe8
11221450.31ec: Timestamp: 0x621c9822
11231450.31ec: Machine: 0x8664 - amd64
11241450.31ec: Timestamp: 0x621c9822
11251450.31ec: Image Version: 10.0
11261450.31ec: SizeOfImage: 0x4b000 (307200)
11271450.31ec: Resource Dir: 0x49000 LB 0x388
11281450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11291450.31ec: [Raw version resource data: 0x49060 LB 0x328, codepage 0x0 (reserved 0x0)]
11301450.31ec: ProductName: Avast Antivirus
11311450.31ec: ProductVersion: 22.2.349.0
11321450.31ec: FileVersion: 22.2.349.0
11331450.31ec: FileDescription: Avast VM Monitor
11341450.31ec: \SystemRoot\System32\drivers\mfeapfk.sys:
11351450.31ec: CreationTime: 2014-03-28T15:40:51.464941000Z
11361450.31ec: LastWriteTime: 2014-03-28T16:06:10.610945600Z
11371450.31ec: ChangeTime: 2020-11-02T18:01:55.914119900Z
11381450.31ec: FileAttributes: 0x20
11391450.31ec: Size: 0x2c030
11401450.31ec: NT Headers: 0xe8
11411450.31ec: Timestamp: 0x52ab7fef
11421450.31ec: Machine: 0x8664 - amd64
11431450.31ec: Timestamp: 0x52ab7fef
11441450.31ec: Image Version: 0.0
11451450.31ec: SizeOfImage: 0x29d00 (171264)
11461450.31ec: Resource Dir: 0x29500 LB 0x340
11471450.31ec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11481450.31ec: [Raw version resource data: 0x29560 LB 0x2dc, codepage 0x0 (reserved 0x0)]
11491450.31ec: ProductName: SYSCORE
11501450.31ec: FileVersion: SYSCORE.15.1.0.656
11511450.31ec: PrivateBuild: SYSCORE.15.1.0.656 F16
11521450.31ec: FileDescription: Access Protection Filter Driver
11531450.31ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
11541450.31ec: Calling main()
11551450.31ec: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
11561450.31ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox'
11571450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
11581450.31ec: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe' has no imports
11591450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe)
11601450.31ec: SUPR3HardenedMain: Final process, opening VBoxDrv...
11611450.31ec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
11621450.31ec: supR3HardNtEnableThreadCreationEx:
11631450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
11641450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll)
11651450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll
11661450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11671450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11681450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe84d80000 LB 0x00005000 C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
11691450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11701450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11711450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11721450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84d80000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
11731450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11741450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11751450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84d80000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
11761450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84d80000 'C:\Program Files\Oracle VM VirtualBox\VBoxSupLib.DLL'
11771450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11781450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
11791450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
11801450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
11811450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11831450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
11841450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11861450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11871450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
11881450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11891450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11901450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe915a0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
11911450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11921450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91a80000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
11931450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11941450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fc30000 LB 0x00068000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
11951450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11961450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f6a0000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
11971450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
11981450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
11991450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fd70000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
12001450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
12011450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12021450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12031450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12041450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-synch-l1-2-0'
12051450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12061450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12071450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-fibers-l1-1-1'
12081450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12091450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12101450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-fibers-l1-1-1'
12111450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12121450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12131450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-synch-l1-2-0'
12141450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
12151450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12161450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-localization-l1-2-1'
12171450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
12181450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
12191450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f0a0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
12201450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
12211450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fc30000 'C:\WINDOWS\system32\Wintrust.dll'
12221450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
12231450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
12241450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12251450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fb00000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
12261450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12271450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fb00000 'C:\WINDOWS\system32\bcrypt.dll'
12281450.31ec: bcrypt.dll loaded at 00007ffe8fb00000, BCryptOpenAlgorithmProvider at 00007ffe8fb051e0, preloading providers:
12291450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
12301450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
12311450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12321450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f7a0000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
12331450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
12341450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f7a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
12351450.31ec: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000009ad190)
12361450.31ec: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000009b0170)
12371450.31ec: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000009b0490)
12381450.31ec: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000009b07b0)
12391450.31ec: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000009b0ad0)
12401450.31ec: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000009b0df0)
12411450.31ec: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000009b1110)
12421450.31ec: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000009b1840)
12431450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
12441450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
12451450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8ee80000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
12461450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
12471450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
12481450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
12491450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
12501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12511450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12521450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12531450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12541450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12551450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8e600000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
12561450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12571450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
12581450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
12591450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
12601450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8ee70000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
12611450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
12621450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
12631450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12641450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\kernel32.dll'
12651450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12661450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12671450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fc30000 'C:\WINDOWS\System32\WINTRUST.DLL'
12681450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12691450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12701450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\CRYPT32.dll'
12711450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91640000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
12721450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
12731450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
12741450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12751450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12761450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
12771450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe916d0000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
12781450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
12791450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
12801450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
12811450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12821450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
12831450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
12841450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
12851450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8de70000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
12861450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12871450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
12881450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
12891450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f4d0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
12901450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12911450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12921450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
12931450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
12941450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12951450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12961450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12971450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12981450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12991450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13001450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13011450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13021450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13031450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13041450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13051450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13061450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13081450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13091450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13101450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13111450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13121450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe87de0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
13131450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13141450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13151450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13161450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13171450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13181450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13201450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13211450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13221450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13231450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13241450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13261450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13271450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13281450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13291450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13301450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13311450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13321450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13331450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13341450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13351450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13361450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13381450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13391450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13401450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13411450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13421450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\WINDOWS\System32\cryptnet.dll'
13431450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13441450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87de0000 'C:\Windows\System32\cryptnet.dll'
13451450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe919d0000 LB 0x000ae000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
13461450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13471450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
13481450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
13491450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
13501450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13511450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13541450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13551450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
13561450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
13571450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
13581450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13591450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13601450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13611450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
13631450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13641450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13651450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
13661450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
13671450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009f9130
13681450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
13691450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA70772FF475AE7E47C883EA7B0E0E0AF877801F
13701450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13711450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13721450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91a80000 'C:\WINDOWS\System32\rpcrt4.dll'
13731450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13741450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13751450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
13761450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13771450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13781450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
13791450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\SystemRoot\System32\ntdll.dll'
13801450.31ec: g_pfnWinVerifyTrust=00007ffe8fc31ef0
13811450.31ec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13821450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13831450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13841450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
13851450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13861450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13871450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
13881450.31ec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13891450.31ec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13901450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13911450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13921450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
13931450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13941450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13951450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
13961450.31ec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13971450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13981450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13991450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14001450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14011450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14021450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14031450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14041450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14051450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14061450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14071450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
14081450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14091450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14101450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14111450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
14121450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14131450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14141450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14151450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
14161450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14171450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14181450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14191450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14201450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14211450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14221450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14231450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14241450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14261450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14271450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14281450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14291450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14301450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14311450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
14321450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
14331450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14341450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14351450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14361450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14381450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14391450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14401450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14411450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
14421450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14431450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14441450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
14451450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14461450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14471450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14481450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14491450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14501450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
14511450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14521450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14531450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14541450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14551450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14561450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
14571450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14581450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSupLib.dll'
14591450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14601450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.exe'
14611450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14631450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
14641450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
14651450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
14661450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14671450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\system32\crypt32.dll'
14681450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14691450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14701450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x32f28b4bf33ac000 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
14711450.31ec: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA
14721450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
14731450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14741450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
14751450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14761450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14771450.31ec: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
14781450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14791450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
14801450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14811450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14821450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
14831450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
14841450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
14851450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14861450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14871450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
14881450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
14891450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14901450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
14911450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
14921450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
14931450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14941450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14951450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
14961450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
14971450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
14981450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
14991450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
15001450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
15011450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15021450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15031450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15041450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
15051450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15061450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15071450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
15081450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15091450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
15101450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
15111450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
15121450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15131450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
15141450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
15151450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15161450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
15171450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15181450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
15191450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
15201450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
15211450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
15221450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
15231450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15241450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
15251450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
15261450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
15271450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
15281450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
15291450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
15301450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15311450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
15321450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
15331450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
15341450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
15351450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
15361450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
15371450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15381450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
15391450.31ec: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15401450.31ec: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=70
15411450.31ec: SUPR3HardenedMain: Load Runtime...
15421450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
15431450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
15441450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15451450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15461450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
15471450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
15481450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll) WinVerifyTrust
15491450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
15501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15511450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15521450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
15531450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
15541450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
15551450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
15561450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15571450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15581450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15591450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15601450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15611450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15621450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
15631450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15641450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15651450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15661450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
15671450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15681450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll) WinVerifyTrust
15691450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
15701450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15711450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15721450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
15731450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15741450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15751450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
15761450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
15771450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll)
15781450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
15791450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
15801450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll) WinVerifyTrust
15811450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15821450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
15831450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15841450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
15851450.31ec: supR3HardenedDllNotificationCallback: load 0000000056de0000 LB 0x000d2000 C:\Program Files\Oracle VM VirtualBox\MSVCR100.dll [fFlags=0x0]
15861450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15871450.31ec: supR3HardenedDllNotificationCallback: load 0000000056260000 LB 0x00098000 C:\Program Files\Oracle VM VirtualBox\MSVCP100.dll [fFlags=0x0]
15881450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
15891450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91660000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
15901450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15911450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe41ce0000 LB 0x005eb000 C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll [fFlags=0x0]
15921450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
15931450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
15941450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
15951450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
15961450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15971450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
15981450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
15991450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16001450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16011450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16021450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16031450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16041450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16051450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16061450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16071450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16081450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16091450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16101450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16111450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16121450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16131450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16141450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16151450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16161450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16171450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16181450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16191450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16201450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16211450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16221450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16231450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16241450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16261450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16271450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16281450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16291450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16301450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16311450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16321450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16331450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16341450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16351450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16361450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16381450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16391450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16401450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16411450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16421450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16431450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16441450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16451450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16461450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16471450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16481450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16491450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16501450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16511450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16521450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16531450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16541450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16551450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16561450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16571450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16581450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16591450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16601450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16611450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16631450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16641450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16651450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16661450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16671450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16681450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16691450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16701450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16711450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16721450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
16731450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16741450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16751450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16761450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16771450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16781450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16791450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16801450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16811450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16821450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16831450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16841450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16851450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16861450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16871450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16881450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16891450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16901450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16911450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16921450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16931450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16941450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
16951450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16961450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16971450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
16981450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
16991450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17001450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17011450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17021450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17031450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17041450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17051450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17061450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17071450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17081450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17091450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17101450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17111450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17121450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17131450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17141450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17151450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17161450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17171450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17181450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17201450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17211450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17221450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17231450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17241450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17251450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17261450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17271450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17281450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17291450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17301450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17311450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17321450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17331450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17341450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17351450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17361450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17371450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17381450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17391450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17401450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17411450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17421450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17431450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17441450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17451450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17461450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17471450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17481450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17491450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17501450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17511450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17521450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17531450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17541450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxRT.dll
17551450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17561450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17571450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17581450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17591450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17601450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17611450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17621450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17631450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17641450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17651450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17661450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17671450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'.
17681450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rescheduled]
17691450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe41ce0000 'C:\Program Files\Oracle VM VirtualBox\VBoxRT.dll'
17701450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
17711450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll'
17721450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
17731450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17741450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fc30000 'C:\WINDOWS\system32\Wintrust.dll'
17751450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
17761450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17771450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
17781450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
17791450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
17801450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
17811450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\system32\crypt32.dll'
17821450.31ec: SUPR3HardenedMain: Load TrustedMain...
17831450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
17841450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
17851450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
17861450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
17871450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17881450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
17891450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
17901450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
17911450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
17921450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
17931450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
17941450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
17951450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
17961450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
17971450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
17981450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
17991450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll
18001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18011450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18021450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
18031450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
18041450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18051450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
18061450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
18071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18081450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18091450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18101450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18111450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
18121450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
18131450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
18141450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
18151450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
18161450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
18171450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
18181450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18191450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18201450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18211450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18221450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18231450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18241450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18251450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18261450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18271450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
18281450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
18291450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
18301450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18311450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18321450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18331450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
18341450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
18351450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18361450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
18381450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
18391450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18401450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
18411450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
18421450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
18431450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
18441450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
18451450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
18461450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
18471450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18481450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18491450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18511450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
18521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18541450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18551450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18561450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
18571450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
18581450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
18591450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18601450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18611450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18621450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'.
18631450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
18641450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18651450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18661450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18671450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18681450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18691450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18701450.31ec: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
18711450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
18721450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
18731450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18741450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18751450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18771450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18781450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18791450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
18801450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
18811450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18821450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
18831450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
18841450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
18851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
18861450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
18871450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18891450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18911450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18921450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18931450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
18941450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
18951450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
18961450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
18971450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
18981450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
18991450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll
19001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19011450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19021450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
19031450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19041450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19051450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
19061450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19081450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
19091450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll'.
19101450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
19111450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
19121450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
19131450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19141450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19151450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
19161450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
19171450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
19181450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll)
19191450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll
19201450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19211450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19221450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
19231450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll'.
19241450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
19251450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
19261450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19271450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19281450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
19291450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
19301450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
19311450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll)
19321450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll
19331450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19341450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19351450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
19361450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
19371450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19381450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
19391450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
19401450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
19411450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
19421450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
19431450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
19441450.31ec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll)
19451450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll
19461450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19471450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19481450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
19491450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19511450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
19521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19541450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
19551450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
19561450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
19571450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
19581450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
19591450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
19601450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19611450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19621450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
19631450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19641450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19651450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
19661450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19671450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19681450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
19691450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19701450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19711450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19721450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19731450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19741450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
19751450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19771450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
19781450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19791450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19801450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
19811450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19831450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
19841450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19861450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19871450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19891450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
19901450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19911450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
19921450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19931450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19941450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
19951450.31ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
19961450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19971450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19981450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19991450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20011450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20021450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
20031450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20041450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20051450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
20061450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
20071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
20081450.31ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
20091450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
20101450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
20111450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20121450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20131450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20141450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20151450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20161450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20171450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20181450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20191450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20201450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20211450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20221450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
20231450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20241450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20251450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
20261450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
20271450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
20281450.31ec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
20291450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20301450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
20311450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
20321450.31ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
20331450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
20341450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20351450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20361450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20371450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20381450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20391450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
20401450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20411450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20421450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20441450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20451450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20461450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20471450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20481450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20491450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20511450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
20521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20541450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
20551450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20561450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20571450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
20581450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20591450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20601450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
20611450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20621450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20631450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20641450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
20651450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20661450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20671450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
20681450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
20691450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
20701450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
20711450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
20721450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
20731450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20741450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20751450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
20761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20771450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20781450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
20791450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20801450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20811450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
20821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20831450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20841450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
20851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20861450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20871450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
20881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20901450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
20911450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20921450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20931450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
20941450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20951450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20961450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20971450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
20981450.31ec: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll'
20991450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21011450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
21021450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
21031450.31ec: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll'
21041450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21051450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21061450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
21071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21081450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21091450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
21101450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21111450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21121450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
21131450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
21141450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
21151450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
21161450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21171450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
21181450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
21191450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
21201450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
21211450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
21221450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
21231450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
21241450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
21251450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
21261450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\UICommon.dll) WinVerifyTrust
21271450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\UICommon.dll
21281450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21291450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21301450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
21311450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
21321450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
21331450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
21341450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9139DEFC7B1B28F28787768304EA263590045C17
21351450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21361450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21371450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21381450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21391450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21401450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21411450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21421450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21441450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21451450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21461450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21471450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21481450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
21491450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21501450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21511450.31ec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
21521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21541450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll
21551450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21561450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21571450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll
21581450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21591450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21601450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21611450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
21631450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
21641450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
21651450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21661450.31ec: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
21671450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
21681450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll
21691450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21701450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\UICommon.dll
21711450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll
21721450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll
21731450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
21741450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll
21751450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21761450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
21771450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
21781450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fd40000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
21791450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
21801450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fca0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
21811450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
21821450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f590000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
21831450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
21841450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
21851450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
21861450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
21871450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
21881450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
21891450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91ca0000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
21901450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
21911450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91770000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
21921450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
21931450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe90040000 LB 0x00354000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
21941450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
21951450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe64820000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
21961450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
21971450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe64890000 LB 0x00126000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
21981450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21991450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe90710000 LB 0x00744000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
22001450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
22011450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91cd0000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
22021450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22031450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe81700000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
22041450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
22051450.31ec: supR3HardenedDllNotificationCallback: load 0000000056870000 LB 0x00565000 C:\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
22061450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll
22071450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe3f3c0000 LB 0x005f7000 C:\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
22081450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll
22091450.31ec: supR3HardenedDllNotificationCallback: load 0000000056300000 LB 0x00561000 C:\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
22101450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
22111450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe90560000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
22121450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22131450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe3f9c0000 LB 0x02320000 C:\Program Files\Oracle VM VirtualBox\UICommon.dll [fFlags=0x0]
22141450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\UICommon.dll
22151450.31ec: supR3HardenedDllNotificationCallback: load 00000000561c0000 LB 0x00054000 C:\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
22161450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5OpenGLVBox.dll
22171450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe78c40000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
22181450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22191450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe3e780000 LB 0x001c9000 C:\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
22201450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll
22211450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
22221450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
22231450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
22241450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
22251450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
22261450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
22271450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
22281450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
22291450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
22301450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22311450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
22321450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
22331450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
22341450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
22351450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
22361450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
22371450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
22381450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
22391450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
22401450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
22411450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
22421450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22441450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
22451450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
22461450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
22471450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22481450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22491450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
22501450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
22511450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
22521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22541450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
22551450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
22561450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22571450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22581450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22591450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
22601450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
22611450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
22621450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
22631450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\kernel32.dll'
22641450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
22651450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
22661450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
22671450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
22681450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
22691450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
22701450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
22711450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
22721450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
22731450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22741450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
22751450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
22761450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
22771450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
22781450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
22791450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
22801450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
22811450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
22821450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
22831450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
22841450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
22851450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
22861450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
22871450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
22881450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
22891450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
22901450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
22911450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
22921450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
22931450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
22941450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
22951450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
22961450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
22971450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
22981450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
22991450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
23001450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
23011450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
23021450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
23031450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
23041450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
23051450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23061450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-string-l1-1-0'
23071450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
23081450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
23091450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
23101450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
23111450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
23121450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
23131450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
23141450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
23151450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
23161450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23171450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
23181450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
23191450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
23201450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
23211450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
23221450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
23231450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
23241450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
23251450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
23261450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
23271450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
23281450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
23291450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
23301450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
23311450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
23321450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
23331450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
23341450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
23351450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
23361450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23371450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
23381450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
23391450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
23401450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
23411450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
23421450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
23431450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
23441450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
23451450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
23461450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
23471450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
23481450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23491450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-datetime-l1-1-1'
23501450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
23511450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
23521450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
23531450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
23541450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
23551450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
23561450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
23571450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
23581450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
23591450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23601450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
23611450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
23621450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
23631450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
23641450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
23651450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
23661450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
23671450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
23681450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
23691450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
23701450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
23711450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
23721450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
23731450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
23741450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
23751450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
23761450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
23771450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
23781450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
23791450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
23801450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
23811450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
23821450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
23831450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
23841450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
23851450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
23861450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
23871450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
23881450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
23891450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
23901450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
23911450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23921450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-localization-obsolete-l1-2-0'
23931450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
23941450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
23951450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
23961450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
23971450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
23981450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
23991450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
24001450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
24011450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
24021450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24031450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
24041450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
24051450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
24061450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
24071450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
24081450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
24091450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
24101450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
24111450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
24121450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
24131450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
24141450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
24151450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
24161450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
24171450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
24181450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
24191450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
24201450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
24211450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
24221450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24231450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
24241450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
24251450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
24261450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
24271450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
24281450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
24291450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
24301450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
24311450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
24321450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
24331450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
24341450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
24351450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
24361450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
24371450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
24381450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24391450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24401450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
24411450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
24421450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
24431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24441450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24451450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
24461450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
24471450.31ec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
24481450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24491450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91e00000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
24501450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
24511450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91e00000 'C:\WINDOWS\system32\IMM32.DLL'
24521450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
24531450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
24541450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
24551450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
24561450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
24571450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
24581450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
24591450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
24601450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
24611450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
24621450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
24631450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24641450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
24651450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
24661450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
24671450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
24681450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
24691450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
24701450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
24711450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
24721450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
24731450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
24741450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
24751450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
24761450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
24771450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
24781450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
24791450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
24801450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
24811450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
24821450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
24831450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
24841450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
24851450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
24861450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
24871450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
24881450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
24891450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
24901450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
24911450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
24921450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
24931450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
24941450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
24951450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
24961450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24971450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24981450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe919d0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
24991450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
25001450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
25011450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
25021450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
25031450.31ec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
25041450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
25051450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
25061450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
25071450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
25081450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
25091450.31ec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'.
25101450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
25111450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
25121450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
25131450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
25141450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
25151450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
25161450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
25171450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
25181450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
25191450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
25201450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
25211450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe3e780000 'C:\Program Files\Oracle VM VirtualBox\VirtualBoxVM.dll'
25221450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25231450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25241450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
25251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25261450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25271450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'
25281450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
25291450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
25301450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
25311450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37D878D7DA7EAB0779C720A2A8214C25224C19F5
25321450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25331450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25341450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
25351450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25361450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
25371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25381450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25391450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
25401450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25411450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25421450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
25431450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25441450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5WidgetsVBox.dll'
25451450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25461450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25471450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
25481450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25491450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25501450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
25511450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25521450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25531450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
25541450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25551450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25561450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
25571450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
25581450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
25591450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
25601450.31ec: SUPR3HardenedMain: Calling TrustedMain (00007ffe3e7816c0)...
25611450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'combase.dll'.
25621450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msvcp_win.dll'.
25631450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'wldp.dll'.
25641450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
25651450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
25661450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25671450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wldp.dll)
25681450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wldp.dll
25691450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8ef20000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
25701450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
25711450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8d6c0000 LB 0x00794000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
25721450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
25731450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8fed0000 LB 0x000ad000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
25741450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25751450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
25761450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
25771450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
25781450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe91c40000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
25791450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
25801450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
25811450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
25821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25831450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25841450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
25851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25861450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25871450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
25881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25911450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25921450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
25931450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
25941450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [lacks WinVerifyTrust]
25951450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
25961450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
25971450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
25981450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25991450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26001450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
26011450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26021450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26031450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
26041450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26051450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26061450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
26071450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26081450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26091450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wldp.dll'
26101450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26111450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26121450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
26131450.31ec: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
26141450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26151450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
26161450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
26171450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26181450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
26191450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
26201450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26211450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
26221450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
26231450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
26241450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
26251450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
26261450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll) WinVerifyTrust
26271450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll
26281450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26291450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26301450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
26311450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
26321450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5CoreVBox.dll
26331450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
26341450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
26351450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\Qt5GuiVBox.dll
26361450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26371450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26381450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
26391450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26401450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26411450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26421450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26441450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26451450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26461450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26471450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26481450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26491450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26501450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
26511450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26521450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26531450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26541450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26551450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26561450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26571450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26581450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26591450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll
26601450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe7bba0000 LB 0x0012e000 C:\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll [fFlags=0x0]
26611450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll
26621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bba0000 'C:\Program Files\Oracle VM VirtualBox\platforms\qwindows.dll'
26631450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
26641450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
26651450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
26661450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
26671450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8d4c0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
26681450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
26691450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26701450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26711450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26721450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26731450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26741450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26751450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
26761450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26771450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
26781450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
26791450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D52B5B313F26D198724C9A8532CECB1A8130856B
26801450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
26811450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
26821450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0519~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
26831450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26841450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26851450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
26861450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
26871450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
26881450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26911450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26921450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26931450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26941450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26951450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26961450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26971450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8d0e0000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
26981450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26991450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d0e0000 'C:\WINDOWS\system32\uxtheme.dll'
27001450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91770000 'C:\WINDOWS\system32\user32.dll'
27011450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27021450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27031450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\shell32.dll'
27041450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
27051450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27061450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fed0000 'C:\WINDOWS\system32\SHCore.dll'
27071450.31ec: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
27081450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
27091450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27101450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27111450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78c40000 'C:\WINDOWS\system32\winmm.dll'
27121450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27131450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27141450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78c40000 'C:\WINDOWS\system32\winmm.dll'
27151450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27161450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27171450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\shell32.dll'
27181450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
27191450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27201450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d0e0000 'C:\WINDOWS\system32\uxtheme.dll'
27211450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
27221450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27231450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe919d0000 'C:\WINDOWS\system32\advapi32.dll'
27241450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
27251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
27261450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
27271450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
27281450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
27291450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27301450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27311450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27321450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
27331450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f490000 LB 0x0002e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
27341450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
27351450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f490000 'C:\WINDOWS\system32\userenv.dll'
27361450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
27371450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27381450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\kernel32.dll'
27391450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe90e60000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
27401450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27411450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
27421450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
27431450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
27441450.32b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
27451450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27461450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27471450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27481450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27491450.32b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27501450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
27511450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
27521450.32b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
27531450.32b8: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
27541450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
27551450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27561450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27571450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27581450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
27591450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27601450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27611450.32b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll) WinVerifyTrust
27621450.32b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll
27631450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27641450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27651450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27661450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27671450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27681450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27691450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27701450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27711450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
27721450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27731450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27741450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27751450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27761450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll
27771450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27781450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27791450.32b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27801450.32b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll
27811450.32b8: supR3HardenedDllNotificationCallback: load 00007ffe45150000 LB 0x003c2000 C:\Program Files\Oracle VM VirtualBox\VBoxC.dll [fFlags=0x0]
27821450.32b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll
27831450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe45150000 'C:\Program Files\Oracle VM VirtualBox\VBoxC.dll'
27841450.32b8: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
27851450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
27861450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27871450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27881450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27891450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
27901450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27911450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27921450.32b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
27931450.32b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
27941450.32b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll
27951450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27961450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27971450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27981450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27991450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28001450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28011450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28021450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
28031450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
28041450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
28051450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
28061450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28071450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28081450.32b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
28091450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28101450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28111450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28121450.32b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28131450.32b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28141450.32b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll
28151450.32b8: supR3HardenedDllNotificationCallback: load 00007ffe7bab0000 LB 0x000ef000 C:\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
28161450.32b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll
28171450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bab0000 'C:\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll'
28181450.32b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28191450.32b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28201450.32b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90560000 'C:\Windows\System32\oleaut32.dll'
28211450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91ca0000 'C:\WINDOWS\system32\gdi32.dll'
28221450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28231450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28241450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\shell32.dll'
28251450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe903a0000 LB 0x00116000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
28261450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28271450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
28281450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
28291450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
28301450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
28311450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
28321450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
28331450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
28341450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
28351450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
28361450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28371450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28381450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28391450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28401450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28411450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28421450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28431450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28441450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28451450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
28461450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
28471450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
28481450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000960 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
28491450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
28501450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
28511450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F602E8855BCD942955FA9DBB13C4E4D44C41A311
28521450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
28531450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
28541450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.1526.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
28551450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28561450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28571450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
28581450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
28591450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
28601450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
28611450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
28621450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
28631450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
28641450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
28651450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
28661450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
28671450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
28681450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
28691450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
28701450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
28711450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
28721450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
28731450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
28741450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28751450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28761450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
28771450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
28781450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
28791450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28801450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
28811450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
28821450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
28831450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
28841450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28861450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28871450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28881450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
28891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
28901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
28911450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
28921450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
28931450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28941450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
28951450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll) WinVerifyTrust
28961450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
28971450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28981450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28991450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
29001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
29011450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
29021450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
29031450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29041450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29051450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29061450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
29071450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
29081450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
29091450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
29101450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8dea0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
29111450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
29121450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8bdc0000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
29131450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
29141450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8b5e0000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
29151450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
29161450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6adf0000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
29171450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
29181450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91ca0000 'C:\WINDOWS\System32\gdi32.dll'
29191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6adf0000 'C:\WINDOWS\system32\dataexchange.dll'
29201450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
29211450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
29221450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
29231450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
29241450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
29251450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8b2b0000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
29261450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
29271450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
29281450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
29291450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
29301450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29311450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29321450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
29331450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29341450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29351450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
29361450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
29371450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
29381450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
29391450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
29401450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29411450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fed0000 'C:\WINDOWS\system32\Shcore.dll'
29421450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29431450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
29441450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
29451450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
29461450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
29471450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
29481450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
29491450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29501450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
29511450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
29521450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
29531450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
29541450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
29551450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29561450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
29571450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
29581450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
29591450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
29601450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
29611450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
29621450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
29631450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
29641450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
29651450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
29661450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8e290000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
29671450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
29681450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8ccd0000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
29691450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
29701450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8b800000 LB 0x00154000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
29711450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
29721450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8c5f0000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
29731450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
29741450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe80920000 LB 0x000f9000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
29751450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
29761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
29771450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
29781450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
29791450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29801450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29811450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29831450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
29841450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29861450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29871450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
29901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
29911450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
29921450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29931450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29941450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
29951450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
29961450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
29971450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29981450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29991450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
30001450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
30011450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
30021450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
30031450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
30041450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
30051450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30061450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30081450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30091450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
30101450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30111450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30121450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30131450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30141450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
30151450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30161450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30171450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
30181450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30201450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
30211450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30221450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30231450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
30241450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30261450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
30271450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
30281450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30291450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91770000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
30301450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
30311450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30321450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91770000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
30331450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
30341450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30351450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90040000 'api-ms-win-core-com-l1-1-0.dll'
30361450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
30371450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30381450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe903a0000 'C:\WINDOWS\System32\MSCTF.dll'
30391450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
30401450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30411450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\shell32.dll'
30421450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\shell32.dll'
30431450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
30441450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30451450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91cd0000 'C:\WINDOWS\System32\ole32.dll'
30461450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90560000 'C:\WINDOWS\System32\OLEAUT32.dll'
30471450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
30481450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
30491450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
30501450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5E9B4B8E891F6D9AAF89D119CB8AAE1934ED673
30511450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30521450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
30531450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30541450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30551450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
30561450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30571450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30581450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
30591450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
30601450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
30611450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
30621450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
30631450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
30641450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
30651450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
30661450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
30671450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B97C1D711C478066C1314800E4F6D26F93811194
30681450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30691450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30701450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
30711450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30721450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30731450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
30741450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
30751450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30771450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30781450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30791450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30801450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30811450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30821450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30831450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
30841450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
30851450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe83850000 LB 0x00090000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
30861450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
30871450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6b390000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
30881450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
30891450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
30901450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30911450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
30921450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b390000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
30931450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
30941450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
30951450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
30961450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CA332CD27CD01F33F85EB4BED516FAA617B555A
30971450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
30981450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
30991450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
31001450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31011450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31021450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31031450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
31041450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
31051450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31061450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31071450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31081450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31091450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31101450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
31111450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6aff0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
31121450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
31131450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6aff0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
31141450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
31151450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31161450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-localization-l1-2-0.dll'
31171450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
31181450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
31201450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
31211450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
31221450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
31231450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
31241450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
31251450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
31261450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
31271450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31281450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31291450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
31301450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
31311450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
31321450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
31331450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
31341450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
31351450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31361450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31371450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31381450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
31391450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6b010000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
31401450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
31411450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b010000 'C:\WINDOWS\system32\wbem\fastprox.dll'
31421450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac8 pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
31431450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
31441450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
31451450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
31461450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
31471450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
31481450.31ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
31491450.31ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31501450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31511450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
31521450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
31531450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
31541450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31551450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31561450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31571450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31581450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31591450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
31601450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6abb0000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
31611450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
31621450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6abb0000 'C:\WINDOWS\System32\amsi.dll'
31631450.31ec: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll: Owner is administrators group.
31641450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
31651450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
31661450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31671450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31681450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
31691450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
31701450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
31711450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
31721450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'powrprof.dll'.
31731450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll) WinVerifyTrust
31741450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll
31751450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
31761450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
31771450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
31781450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
31791450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
31801450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
31811450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31821450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31831450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31841450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31851450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31861450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31871450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31881450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
31891450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
31901450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31911450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31921450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31931450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31941450.31ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
31951450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31961450.31ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31971450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVAST Software\Avast\aswAMSI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31981450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll
31991450.31ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
32001450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f400000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\POWRPROF.dll [fFlags=0x0]
32011450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
32021450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe6a9f0000 LB 0x001bd000 C:\Program Files\AVAST Software\Avast\aswAMSI.dll [fFlags=0x0]
32031450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll
32041450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll)
32051450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll
32061450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe8f3e0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
32071450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
32081450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32091450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32101450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
32111450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32121450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-synch-l1-2-0'
32131450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32141450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32151450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32161450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32171450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
32181450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32191450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-fibers-l1-1-1'
32201450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32211450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32221450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32231450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32241450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
32251450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32261450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-synch-l1-2-0'
32271450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32281450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32291450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32301450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32311450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
32321450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32331450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-fibers-l1-1-1'
32341450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32351450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32361450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32371450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32381450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
32391450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32401450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f830000 'api-ms-win-core-localization-l1-2-1'
32411450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32421450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32431450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32441450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32451450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
32461450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32471450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8ff80000 'C:\WINDOWS\System32\kernel32.dll'
32481450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32491450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32501450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32511450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32521450.31ec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
32531450.31ec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
32541450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe919d0000 'api-ms-win-security-systemfunctions-l1-1-0'
32551450.31ec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
32561450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
32571450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6a9f0000 'C:\Program Files\AVAST Software\Avast\aswAMSI.dll'
32581450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
32591450.31ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
32601450.31ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'
32611450.323c: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
32621450.323c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
32631450.323c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32641450.323c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32651450.323c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll) WinVerifyTrust
32661450.323c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
32671450.323c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32681450.323c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32691450.323c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32701450.323c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32711450.323c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32721450.323c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
32731450.323c: supR3HardenedDllNotificationCallback: load 00007ffe3e400000 LB 0x0037e000 C:\Program Files\Oracle VM VirtualBox\VBoxVMM.DLL [fFlags=0x0]
32741450.323c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
32751450.323c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe3e400000 'C:\Program Files\Oracle VM VirtualBox\VBoxVMM.DLL'
32761450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe91cd0000 'C:\WINDOWS\system32\ole32.dll'
32771450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
32781450.2010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c30 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
32791450.2010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
32801450.2010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
32811450.2010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAC8C290E6A586220883FAD5DCDC734D078E5A36
32821450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
32831450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
32841450.2010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1566.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
32851450.2010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32861450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
32871450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
32881450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
32891450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
32901450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
32911450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
32921450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
32931450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
32941450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
32951450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
32961450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
32971450.2010: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c18 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
32981450.2010: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009f9130
32991450.2010: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009f9130
33001450.2010: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6C23BF3B67A596620B7EED4DB030740A61FEE94C
33011450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33021450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33031450.2010: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1586.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
33041450.2010: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33051450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) WinVerifyTrust
33061450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
33071450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
33081450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33091450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33101450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33111450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33121450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
33131450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
33141450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
33151450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
33161450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
33171450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
33181450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
33191450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
33201450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
33211450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
33221450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33231450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33241450.2010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
33251450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
33261450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
33271450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33281450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33291450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33301450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33311450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33321450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33331450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33341450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
33351450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
33361450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
33371450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33381450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33391450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
33401450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33411450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33421450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33431450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33441450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
33451450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
33461450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
33471450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33481450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33491450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33501450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33511450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33521450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
33531450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
33541450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
33551450.2010: supR3HardenedDllNotificationCallback: load 00007ffe8fbe0000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
33561450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
33571450.2010: supR3HardenedDllNotificationCallback: load 00007ffe795e0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
33581450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
33591450.2010: supR3HardenedDllNotificationCallback: load 00007ffe90f10000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
33601450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
33611450.2010: supR3HardenedDllNotificationCallback: load 00007ffe84960000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
33621450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
33631450.2010: supR3HardenedDllNotificationCallback: load 00007ffe7ba30000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
33641450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
33651450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7ba30000 'C:\Windows\System32\NetSetupShim.dll'
33661450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33671450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33681450.2010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
33691450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33701450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33711450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33721450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
33731450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
33741450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
33751450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
33761450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
33771450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
33781450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
33791450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33801450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33811450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
33821450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
33831450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
33841450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
33851450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
33861450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
33871450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
33881450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
33891450.2010: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
33901450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
33911450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
33921450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33931450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33941450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
33951450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
33961450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
33971450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33981450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33991450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34001450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34011450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34021450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
34031450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
34041450.2010: supR3HardenedDllNotificationCallback: load 00007ffe91380000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
34051450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
34061450.2010: supR3HardenedDllNotificationCallback: load 00007ffe89310000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
34071450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
34081450.2010: supR3HardenedDllNotificationCallback: load 00007ffe5ff10000 LB 0x000ca000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
34091450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
34101450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe5ff10000 'C:\Windows\System32\NetSetupEngine.dll'
34111450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34121450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
34131450.2010: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
34141450.2bb4: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
34151450.2bb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34161450.2bb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34171450.2bb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
34181450.2bb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
34191450.2bb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
34201450.2bb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
34211450.2bb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
34221450.2bb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.dll
34231450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34241450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34251450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34261450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34271450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
34281450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
34291450.2bb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
34301450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
34311450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
34321450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34331450.2bb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34341450.2bb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34351450.2bb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.dll
34361450.2bb4: supR3HardenedDllNotificationCallback: load 00007ffe83040000 LB 0x00010000 C:\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
34371450.2bb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.dll
34381450.2bb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83040000 'C:\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.DLL'
34391450.2ae0: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
34401450.2ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34411450.2ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34421450.2ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
34431450.2ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
34441450.2ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
34451450.2ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.dll
34461450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34471450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34481450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
34491450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
34501450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34511450.2ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34521450.2ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34531450.2ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.dll
34541450.2ae0: supR3HardenedDllNotificationCallback: load 00007ffe7c210000 LB 0x0000d000 C:\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
34551450.2ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.dll
34561450.2ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7c210000 'C:\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.DLL'
34571450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe90710000 'C:\WINDOWS\system32\Shell32.dll'
34581450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34591450.2010: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
34601450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34611450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34621450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
34631450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
34641450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
34651450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
34661450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
34671450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
34681450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
34691450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
34701450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
34711450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD.dll) WinVerifyTrust
34721450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD.dll
34731450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
34741450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
34751450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34761450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
34771450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
34781450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
34791450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
34801450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
34811450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
34821450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
34831450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
34841450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34851450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34861450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
34871450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34881450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34891450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
34901450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
34911450.2010: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
34921450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
34931450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34941450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34951450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll) WinVerifyTrust
34961450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll
34971450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
34981450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
34991450.2010: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
35001450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35011450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35021450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35031450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35041450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll
35051450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35061450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35071450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
35081450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
35091450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
35101450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
35111450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDDU.dll) WinVerifyTrust
35121450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDDU.dll
35131450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35141450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35151450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
35161450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
35171450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
35181450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35191450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35201450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35211450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35221450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
35231450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
35241450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
35251450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35261450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35271450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35281450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35291450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35301450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35311450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35321450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD.dll
35331450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDDU.dll
35341450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll
35351450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
35361450.2010: supR3HardenedDllNotificationCallback: load 00007ffe7c220000 LB 0x00066000 C:\Program Files\Oracle VM VirtualBox\VBoxDDU.dll [fFlags=0x0]
35371450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDDU.dll
35381450.2010: supR3HardenedDllNotificationCallback: load 00007ffe3d190000 LB 0x0085c000 C:\Program Files\Oracle VM VirtualBox\VBoxDD2.dll [fFlags=0x0]
35391450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll
35401450.2010: supR3HardenedDllNotificationCallback: load 00007ffe8e970000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
35411450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
35421450.2010: supR3HardenedDllNotificationCallback: load 00007ffe3d9f0000 LB 0x00a03000 C:\Program Files\Oracle VM VirtualBox\VBoxDD.DLL [fFlags=0x0]
35431450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD.dll
35441450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe3d9f0000 'C:\Program Files\Oracle VM VirtualBox\VBoxDD.DLL'
35451450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35461450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxC.dll
35471450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35481450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe45150000 'C:\Program Files\Oracle VM VirtualBox\VBoxC.DLL'
35491450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35501450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxDD2.dll
35511450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35521450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe3d190000 'C:\Program Files\Oracle VM VirtualBox\VBoxDD2.DLL'
35531450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35541450.2870: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
35551450.2870: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35561450.2870: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35571450.2870: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
35581450.2870: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
35591450.2870: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
35601450.2870: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.dll
35611450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35621450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35631450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
35641450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
35651450.2870: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
35661450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35671450.2870: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35681450.2870: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35691450.2870: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.dll
35701450.2870: supR3HardenedDllNotificationCallback: load 00007ffe762f0000 LB 0x00014000 C:\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
35711450.2870: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.dll
35721450.2870: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe762f0000 'C:\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.DLL'
35731450.1310: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
35741450.1310: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35751450.1310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35761450.1310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
35771450.1310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
35781450.1310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
35791450.1310: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
35801450.1310: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.dll
35811450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35821450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35831450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
35841450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
35851450.1310: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxVMM.dll
35861450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
35871450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
35881450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35891450.1310: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35901450.1310: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35911450.1310: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.dll
35921450.1310: supR3HardenedDllNotificationCallback: load 00007ffe7c200000 LB 0x0000c000 C:\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
35931450.1310: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.dll
35941450.1310: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7c200000 'C:\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.DLL'
35951450.2730: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
35961450.2730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
35971450.2730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35981450.2730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
35991450.2730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
36001450.2730: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
36011450.2730: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.dll
36021450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
36031450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
36041450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
36051450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
36061450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
36071450.2730: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
36081450.2730: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36091450.2730: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.dll
36101450.2730: supR3HardenedDllNotificationCallback: load 00007ffe7b9e0000 LB 0x0000d000 C:\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
36111450.2730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.dll
36121450.2730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7b9e0000 'C:\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.DLL'
36131450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
36141450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
36151450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
36161450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
36171450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
36181450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
36191450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
36201450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
36211450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
36221450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8e600000 'C:\WINDOWS\system32\rsaenh.dll'
36231450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8fd70000 'C:\WINDOWS\System32\crypt32.dll'
36241450.2010: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
36251450.2010: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
36261450.2010: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
36271450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36281450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36291450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
36301450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
36311450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
36321450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
36331450.2010: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
36341450.2010: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
36351450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36361450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
36371450.2010: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
36381450.2010: supR3HardenedDllNotificationCallback: load 00007ffe8f280000 LB 0x00033000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
36391450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
36401450.2010: supR3HardenedDllNotificationCallback: load 00007ffe86b60000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
36411450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
36421450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86b60000 'C:\WINDOWS\System32\MMDevApi.dll'
36431450.2010: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
36441450.2010: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36451450.2010: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86b60000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
36461450.2730: supR3HardenedDllNotificationCallback: Unload 00007ffe7b9e0000 LB 0x0000d000 C:\Program Files\Oracle VM VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
36471450.1310: supR3HardenedDllNotificationCallback: Unload 00007ffe7c200000 LB 0x0000c000 C:\Program Files\Oracle VM VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
36481450.2870: supR3HardenedDllNotificationCallback: Unload 00007ffe762f0000 LB 0x00014000 C:\Program Files\Oracle VM VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
36491450.2ae0: supR3HardenedDllNotificationCallback: Unload 00007ffe7c210000 LB 0x0000d000 C:\Program Files\Oracle VM VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
36501450.2bb4: supR3HardenedDllNotificationCallback: Unload 00007ffe83040000 LB 0x00010000 C:\Program Files\Oracle VM VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
36511450.2010: supR3HardenedDllNotificationCallback: Unload 00007ffe3d9f0000 LB 0x00a03000 C:\Program Files\Oracle VM VirtualBox\VBoxDD.DLL [flags=0x0]
36521450.2010: supR3HardenedDllNotificationCallback: Unload 00007ffe7c220000 LB 0x00066000 C:\Program Files\Oracle VM VirtualBox\VBoxDDU.dll [flags=0x0]
36531450.2010: supR3HardenedDllNotificationCallback: Unload 00007ffe3d190000 LB 0x0085c000 C:\Program Files\Oracle VM VirtualBox\VBoxDD2.dll [flags=0x0]
36541450.2010: supR3HardenedDllNotificationCallback: Unload 00007ffe8e970000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
36551450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe6aff0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
36561450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe6adf0000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
36571450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
36581450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
36591450.31ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
36601450.31ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll)
36611450.31ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll
36621450.31ec: supR3HardenedDllNotificationCallback: load 00007ffe88aa0000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
36631450.31ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
36641450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8bdc0000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
36651450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8dea0000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
36661450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8b5e0000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
36671450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8b2b0000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
36681450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe7bab0000 LB 0x000ef000 C:\Program Files\Oracle VM VirtualBox\VBoxProxyStub.dll [flags=0x0]
36691450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe6b010000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
36701450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe45150000 LB 0x003c2000 C:\Program Files\Oracle VM VirtualBox\VBoxC.dll [flags=0x0]
36711450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe6b390000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
36721450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe83850000 LB 0x00090000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
36731450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe7ba30000 LB 0x00078000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
36741450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe795e0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
36751450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe90f10000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
36761450.31ec: supR3HardenedDllNotificationCallback: Unload 00007ffe84960000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
36771450.31ec: Terminating the normal way: rcExit=0
36782ab8.1528: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 24381 ms, the end);
367932a8.2850: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 25735 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy