VirtualBox

Ticket #21054: VBoxHardening.log

File VBoxHardening.log, 381.1 KB (added by ecccc3, 2 years ago)
Line 
12bc4.63c: Log file opened: 6.1.36r152435 g_hStartupLog=000000000000009c g_uNtVerCombined=0xa04a6500
22bc4.63c: \SystemRoot\System32\ntdll.dll:
32bc4.63c: CreationTime: 2022-06-26T11:14:47.730422200Z
42bc4.63c: LastWriteTime: 2022-06-26T11:14:47.900966300Z
52bc4.63c: ChangeTime: 2022-07-29T12:25:55.482860200Z
62bc4.63c: FileAttributes: 0x20
72bc4.63c: Size: 0x1ef3a8
82bc4.63c: NT Headers: 0xe8
92bc4.63c: Timestamp: 0x1000a5b9
102bc4.63c: Machine: 0x8664 - amd64
112bc4.63c: Timestamp: 0x1000a5b9
122bc4.63c: Image Version: 10.0
132bc4.63c: SizeOfImage: 0x1f8000 (2064384)
142bc4.63c: Resource Dir: 0x186000 LB 0x700a0
152bc4.63c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162bc4.63c: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172bc4.63c: ProductName: Microsoft® Windows® Operating System
182bc4.63c: ProductVersion: 10.0.19041.1806
192bc4.63c: FileVersion: 10.0.19041.1806 (WinBuild.160101.0800)
202bc4.63c: FileDescription: NT Layer DLL
212bc4.63c: \SystemRoot\System32\kernel32.dll:
222bc4.63c: CreationTime: 2022-07-29T12:21:10.432207200Z
232bc4.63c: LastWriteTime: 2022-07-29T12:21:10.490928200Z
242bc4.63c: ChangeTime: 2022-07-29T12:46:56.683592800Z
252bc4.63c: FileAttributes: 0x20
262bc4.63c: Size: 0xbb248
272bc4.63c: NT Headers: 0xf0
282bc4.63c: Timestamp: 0xc0248d26
292bc4.63c: Machine: 0x8664 - amd64
302bc4.63c: Timestamp: 0xc0248d26
312bc4.63c: Image Version: 10.0
322bc4.63c: SizeOfImage: 0xbd000 (774144)
332bc4.63c: Resource Dir: 0xbb000 LB 0x520
342bc4.63c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352bc4.63c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362bc4.63c: ProductName: Microsoft® Windows® Operating System
372bc4.63c: ProductVersion: 10.0.19041.1865
382bc4.63c: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
392bc4.63c: FileDescription: Windows NT BASE API Client DLL
402bc4.63c: \SystemRoot\System32\KernelBase.dll:
412bc4.63c: CreationTime: 2022-07-29T12:20:51.931410900Z
422bc4.63c: LastWriteTime: 2022-07-29T12:20:52.040185400Z
432bc4.63c: ChangeTime: 2022-07-29T12:46:58.933762500Z
442bc4.63c: FileAttributes: 0x20
452bc4.63c: Size: 0x2d0680
462bc4.63c: NT Headers: 0x100
472bc4.63c: Timestamp: 0xdd841229
482bc4.63c: Machine: 0x8664 - amd64
492bc4.63c: Timestamp: 0xdd841229
502bc4.63c: Image Version: 10.0
512bc4.63c: SizeOfImage: 0x2cf000 (2945024)
522bc4.63c: Resource Dir: 0x2a6000 LB 0x548
532bc4.63c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542bc4.63c: [Raw version resource data: 0x2a60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552bc4.63c: ProductName: Microsoft® Windows® Operating System
562bc4.63c: ProductVersion: 10.0.19041.1865
572bc4.63c: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
582bc4.63c: FileDescription: Windows NT BASE API Client DLL
592bc4.63c: \SystemRoot\System32\apisetschema.dll:
602bc4.63c: CreationTime: 2019-12-07T09:08:13.518339400Z
612bc4.63c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
622bc4.63c: ChangeTime: 2022-07-29T12:25:48.973954800Z
632bc4.63c: FileAttributes: 0x20
642bc4.63c: Size: 0x1f538
652bc4.63c: NT Headers: 0xd0
662bc4.63c: Timestamp: 0x31288ce0
672bc4.63c: Machine: 0x8664 - amd64
682bc4.63c: Timestamp: 0x31288ce0
692bc4.63c: Image Version: 10.0
702bc4.63c: SizeOfImage: 0x20000 (131072)
712bc4.63c: Resource Dir: 0x1f000 LB 0x408
722bc4.63c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732bc4.63c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742bc4.63c: ProductName: Microsoft® Windows® Operating System
752bc4.63c: ProductVersion: 10.0.19041.1
762bc4.63c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
772bc4.63c: FileDescription: ApiSet Schema DLL
782bc4.63c: supR3HardenedWinFindAdversaries: 0x0
792bc4.63c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
802bc4.63c: Calling main()
812bc4.63c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
822bc4.63c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
832bc4.63c: SUPR3HardenedMain: Respawn #1
842bc4.63c: System32: \Device\HarddiskVolume2\Windows\System32
852bc4.63c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
862bc4.63c: KnownDllPath: C:\windows\System32
872bc4.63c: supR3HardenedWinInit: Performing a limited self purification...
882bc4.63c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
892bc4.63c: *0000000000000000-00000000009effff 0x0001/0x0000 0x0000000
902bc4.63c: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
912bc4.63c: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
922bc4.63c: *0000000000a00000-0000000000bfcfff 0x0000/0x0004 0x0020000
932bc4.63c: 0000000000bfd000-0000000000bfffff 0x0004/0x0004 0x0020000
942bc4.63c: *0000000000c00000-0000000000c00fff 0x0002/0x0002 0x0040000
952bc4.63c: 0000000000c01000-0000000000c0ffff 0x0001/0x0000 0x0000000
962bc4.63c: *0000000000c10000-0000000000c10fff 0x0002/0x0002 0x0040000
972bc4.63c: 0000000000c11000-0000000000c1ffff 0x0001/0x0000 0x0000000
982bc4.63c: *0000000000c20000-0000000000c3cfff 0x0002/0x0002 0x0040000
992bc4.63c: 0000000000c3d000-0000000000c3ffff 0x0001/0x0000 0x0000000
1002bc4.63c: *0000000000c40000-0000000000cf8fff 0x0000/0x0004 0x0020000
1012bc4.63c: 0000000000cf9000-0000000000cfbfff 0x0104/0x0004 0x0020000
1022bc4.63c: 0000000000cfc000-0000000000d3ffff 0x0004/0x0004 0x0020000
1032bc4.63c: *0000000000d40000-0000000000d41fff 0x0004/0x0004 0x0020000
1042bc4.63c: 0000000000d42000-0000000000d4ffff 0x0001/0x0000 0x0000000
1052bc4.63c: *0000000000d50000-0000000000d50fff 0x0002/0x0002 0x0040000
1062bc4.63c: 0000000000d51000-0000000000d5ffff 0x0001/0x0000 0x0000000
1072bc4.63c: *0000000000d60000-0000000000d6ffff 0x0004/0x0004 0x0040000
1082bc4.63c: *0000000000d70000-0000000000e38fff 0x0002/0x0002 0x0040000
1092bc4.63c: 0000000000e39000-0000000000e3ffff 0x0001/0x0000 0x0000000
1102bc4.63c: *0000000000e40000-0000000000e4efff 0x0004/0x0004 0x0020000
1112bc4.63c: 0000000000e4f000-0000000000e4ffff 0x0000/0x0004 0x0020000
1122bc4.63c: 0000000000e50000-0000000000e7ffff 0x0001/0x0000 0x0000000
1132bc4.63c: *0000000000e80000-0000000000e8afff 0x0004/0x0004 0x0020000
1142bc4.63c: 0000000000e8b000-0000000000f7ffff 0x0000/0x0004 0x0020000
1152bc4.63c: *0000000000f80000-0000000000f87fff 0x0000/0x0004 0x0020000
1162bc4.63c: 0000000000f88000-0000000001180fff 0x0004/0x0004 0x0020000
1172bc4.63c: 0000000001181000-0000000001181fff 0x0000/0x0004 0x0020000
1182bc4.63c: 0000000001182000-000000000118ffff 0x0001/0x0000 0x0000000
1192bc4.63c: *0000000001190000-0000000001191fff 0x0004/0x0004 0x0020000
1202bc4.63c: 0000000001192000-00000000011c1fff 0x0000/0x0004 0x0020000
1212bc4.63c: 00000000011c2000-00000000011cffff 0x0001/0x0000 0x0000000
1222bc4.63c: *00000000011d0000-00000000011fbfff 0x0004/0x0004 0x0020000
1232bc4.63c: 00000000011fc000-00000000012cffff 0x0000/0x0004 0x0020000
1242bc4.63c: 00000000012d0000-000000007ffdffff 0x0001/0x0000 0x0000000
1252bc4.63c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1262bc4.63c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
1272bc4.63c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
1282bc4.63c: 000000007ffe6000-00007ff47e68ffff 0x0001/0x0000 0x0000000
1292bc4.63c: *00007ff47e690000-00007ff47e694fff 0x0002/0x0002 0x0040000
1302bc4.63c: 00007ff47e695000-00007ff47e78ffff 0x0000/0x0002 0x0040000
1312bc4.63c: *00007ff47e790000-00007ff57e7affff 0x0000/0x0004 0x0020000
1322bc4.63c: *00007ff57e7b0000-00007ff5807affff 0x0000/0x0004 0x0020000
1332bc4.63c: 00007ff5807b0000-00007ff5807b0fff 0x0004/0x0004 0x0020000
1342bc4.63c: 00007ff5807b1000-00007ff5807bffff 0x0001/0x0000 0x0000000
1352bc4.63c: *00007ff5807c0000-00007ff5807c0fff 0x0002/0x0002 0x0040000
1362bc4.63c: 00007ff5807c1000-00007ff5807cffff 0x0001/0x0000 0x0000000
1372bc4.63c: *00007ff5807d0000-00007ff5807f2fff 0x0002/0x0002 0x0040000
1382bc4.63c: 00007ff5807f3000-00007ff7a4cdffff 0x0001/0x0000 0x0000000
1392bc4.63c: *00007ff7a4ce0000-00007ff7a4ce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1402bc4.63c: 00007ff7a4ce1000-00007ff7a4d58fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1412bc4.63c: 00007ff7a4d59000-00007ff7a4d59fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1422bc4.63c: 00007ff7a4d5a000-00007ff7a4da3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1432bc4.63c: 00007ff7a4da4000-00007ff7a4da6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1442bc4.63c: 00007ff7a4da7000-00007ff7a4da9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1452bc4.63c: 00007ff7a4daa000-00007ff7a4dacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1462bc4.63c: 00007ff7a4dad000-00007ff7a4dadfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1472bc4.63c: 00007ff7a4dae000-00007ff7a4daffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1482bc4.63c: 00007ff7a4db0000-00007ff7a4db0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1492bc4.63c: 00007ff7a4db1000-00007ff7a4df9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1502bc4.63c: 00007ff7a4dfa000-00007ffc883affff 0x0001/0x0000 0x0000000
1512bc4.63c: *00007ffc883b0000-00007ffc883b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1522bc4.63c: 00007ffc883b1000-00007ffc883fefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1532bc4.63c: 00007ffc883ff000-00007ffc88420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1542bc4.63c: 00007ffc88421000-00007ffc88423fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1552bc4.63c: 00007ffc88424000-00007ffc8843ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1562bc4.63c: 00007ffc88440000-00007ffc8b1fffff 0x0001/0x0000 0x0000000
1572bc4.63c: *00007ffc8b200000-00007ffc8b200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1582bc4.63c: 00007ffc8b201000-00007ffc8b316fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1592bc4.63c: 00007ffc8b317000-00007ffc8b490fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1602bc4.63c: 00007ffc8b491000-00007ffc8b494fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1612bc4.63c: 00007ffc8b495000-00007ffc8b495fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1622bc4.63c: 00007ffc8b496000-00007ffc8b4cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1632bc4.63c: 00007ffc8b4cf000-00007ffc8cc0ffff 0x0001/0x0000 0x0000000
1642bc4.63c: *00007ffc8cc10000-00007ffc8cc10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1652bc4.63c: 00007ffc8cc11000-00007ffc8cc8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1662bc4.63c: 00007ffc8cc8f000-00007ffc8ccc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1672bc4.63c: 00007ffc8ccc2000-00007ffc8ccc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1682bc4.63c: 00007ffc8ccc3000-00007ffc8ccc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1692bc4.63c: 00007ffc8ccc4000-00007ffc8ccccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1702bc4.63c: 00007ffc8cccd000-00007ffc8d46ffff 0x0001/0x0000 0x0000000
1712bc4.63c: *00007ffc8d470000-00007ffc8d470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1722bc4.63c: 00007ffc8d471000-00007ffc8d58cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1732bc4.63c: 00007ffc8d58d000-00007ffc8d5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1742bc4.63c: 00007ffc8d5d6000-00007ffc8d5d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1752bc4.63c: 00007ffc8d5d7000-00007ffc8d5d8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1762bc4.63c: 00007ffc8d5d9000-00007ffc8d5e1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1772bc4.63c: 00007ffc8d5e2000-00007ffc8d667fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1782bc4.63c: 00007ffc8d668000-00007ffffffeffff 0x0001/0x0000 0x0000000
1792bc4.63c: kernel32.dll: timestamp 0xc0248d26 (rc=VINF_SUCCESS)
1802bc4.63c: kernelbase.dll: timestamp 0xdd841229 (rc=VINF_SUCCESS)
1812bc4.63c: apphelp.dll: timestamp 0x723081cd (rc=VINF_SUCCESS)
1822bc4.63c: VirtualBoxVM.exe: timestamp 0x62d71982 (rc=VINF_SUCCESS)
1832bc4.63c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1842bc4.63c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1852bc4.63c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1862bc4.63c: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
1872bc4.63c: 00007ffc88400e78 / 0x0050e78: 50 != 60
1882bc4.63c: 00007ffc88400e79 / 0x0050e79: cd != 07
1892bc4.63c: 00007ffc88400e7a / 0x0050e7a: 27 != c3
1902bc4.63c: 00007ffc88400e7b / 0x0050e7b: 8b != 8c
1912bc4.63c: 00007ffc88400e81 / 0x0050e81: 23 != 55
1922bc4.63c: 00007ffc88400e82 / 0x0050e82: 24 != c2
1932bc4.63c: 00007ffc88400e83 / 0x0050e83: 8b != 8c
1942bc4.63c: 00007ffc88400e88 / 0x0050e88: e0 != 80
1952bc4.63c: 00007ffc88400e89 / 0x0050e89: b0 != 48
1962bc4.63c: 00007ffc88400e8a / 0x0050e8a: 23 != c3
1972bc4.63c: 00007ffc88400e8b / 0x0050e8b: 8b != 8c
1982bc4.63c: 00007ffc88400e90 / 0x0050e90: 10 != f0
1992bc4.63c: 00007ffc88400e91 / 0x0050e91: 2e != c7
2002bc4.63c: 00007ffc88400e92 / 0x0050e92: 23 != c2
2012bc4.63c: 00007ffc88400e93 / 0x0050e93: 8b != 8c
2022bc4.63c: 00007ffc88400e98 / 0x0050e98: b0 != 90
2032bc4.63c: 00007ffc88400e99 / 0x0050e99: 17 != 48
2042bc4.63c: 00007ffc88400e9a / 0x0050e9a: 26 != c3
2052bc4.63c: 00007ffc88400e9b / 0x0050e9b: 8b != 8c
2062bc4.63c: 00007ffc88400ea0 / 0x0050ea0: 40 != 60
2072bc4.63c: 00007ffc88400ea1 / 0x0050ea1: 71 != cb
2082bc4.63c: 00007ffc88400ea2 / 0x0050ea2: 20 != c2
2092bc4.63c: 00007ffc88400ea3 / 0x0050ea3: 8b != 8c
2102bc4.63c: 00007ffc88400ea8 / 0x0050ea8: 90 != d0
2112bc4.63c: 00007ffc88400ea9 / 0x0050ea9: 4e != aa
2122bc4.63c: 00007ffc88400eaa / 0x0050eaa: 26 != c2
2132bc4.63c: 00007ffc88400eab / 0x0050eab: 8b != 8c
2142bc4.63c: 00007ffc88400eb8 / 0x0050eb8: f0 != e0
2152bc4.63c: 00007ffc88400eb9 / 0x0050eb9: c0 != ad
2162bc4.63c: 00007ffc88400eba / 0x0050eba: 22 != c2
2172bc4.63c: 00007ffc88400ebb / 0x0050ebb: 8b != 8c
2182bc4.63c: Restored 0x2000 bytes of original file content at 00007ffc883ff000
2192bc4.63c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
2202bc4.63c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2212bc4.63c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2222bc4.63c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2232bc4.63c: supR3HardNtEnableThreadCreationEx:
2242bc4.63c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc8d4e4b00 pvNtTerminateThread=00007ffc8d50d990
2252bc4.63c: supR3HardenedWinDoReSpawn(1): New child 750.3634 [kernel32].
2262bc4.63c: supR3HardNtChildGatherData: PebBaseAddress=0000000000f4b000 cbPeb=0x388
2272bc4.63c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc8d470000 uNtDllChildAddr=00007ffc8d470000
2282bc4.63c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc8d4e4b00
2292bc4.63c: supR3HardenedWinSetupChildInit: Initial context:
230 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7a4ce7900 rdx=0000000000f4b000
231 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
232 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
233 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
234 rip=00007ffc8d4c2630 rsp=0000000000daf948 rbp=0000000000000000 ctxflags=0010001b
235 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
236 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
237 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
238 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
239 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2402bc4.63c: supR3HardenedWinSetupChildInit: Start child.
2412bc4.63c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2422bc4.63c: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 17 sleeps
2432bc4.63c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2442bc4.63c: *0000000000000000-0000000000c6ffff 0x0001/0x0000 0x0000000
2452bc4.63c: *0000000000c70000-0000000000c8ffff 0x0004/0x0004 0x0020000
2462bc4.63c: *0000000000c90000-0000000000cacfff 0x0002/0x0002 0x0040000
2472bc4.63c: 0000000000cad000-0000000000caffff 0x0001/0x0000 0x0000000
2482bc4.63c: *0000000000cb0000-0000000000daafff 0x0000/0x0004 0x0020000
2492bc4.63c: 0000000000dab000-0000000000dadfff 0x0104/0x0004 0x0020000
2502bc4.63c: 0000000000dae000-0000000000daffff 0x0004/0x0004 0x0020000
2512bc4.63c: *0000000000db0000-0000000000db3fff 0x0002/0x0002 0x0040000
2522bc4.63c: 0000000000db4000-0000000000dbffff 0x0001/0x0000 0x0000000
2532bc4.63c: *0000000000dc0000-0000000000dc1fff 0x0004/0x0004 0x0020000
2542bc4.63c: 0000000000dc2000-0000000000dfffff 0x0001/0x0000 0x0000000
2552bc4.63c: *0000000000e00000-0000000000f4afff 0x0000/0x0004 0x0020000
2562bc4.63c: 0000000000f4b000-0000000000f4dfff 0x0004/0x0004 0x0020000
2572bc4.63c: 0000000000f4e000-0000000000ffffff 0x0000/0x0004 0x0020000
2582bc4.63c: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
2592bc4.63c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2602bc4.63c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
2612bc4.63c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
2622bc4.63c: 000000007ffe6000-00007ff587d6ffff 0x0001/0x0000 0x0000000
2632bc4.63c: *00007ff587d70000-00007ff587d70fff 0x0002/0x0002 0x0040000
2642bc4.63c: 00007ff587d71000-00007ff587d7ffff 0x0001/0x0000 0x0000000
2652bc4.63c: *00007ff587d80000-00007ff587da2fff 0x0002/0x0002 0x0040000
2662bc4.63c: 00007ff587da3000-00007ff7a4cdffff 0x0001/0x0000 0x0000000
2672bc4.63c: *00007ff7a4ce0000-00007ff7a4ce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2682bc4.63c: 00007ff7a4ce1000-00007ff7a4d58fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2692bc4.63c: 00007ff7a4d59000-00007ff7a4d59fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2702bc4.63c: 00007ff7a4d5a000-00007ff7a4da3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2712bc4.63c: 00007ff7a4da4000-00007ff7a4da4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2722bc4.63c: 00007ff7a4da5000-00007ff7a4da5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2732bc4.63c: 00007ff7a4da6000-00007ff7a4daafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2742bc4.63c: 00007ff7a4dab000-00007ff7a4dabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2752bc4.63c: 00007ff7a4dac000-00007ff7a4dacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2762bc4.63c: 00007ff7a4dad000-00007ff7a4db0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2772bc4.63c: 00007ff7a4db1000-00007ff7a4df9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2782bc4.63c: 00007ff7a4dfa000-00007ffc8d46ffff 0x0001/0x0000 0x0000000
2792bc4.63c: *00007ffc8d470000-00007ffc8d470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2802bc4.63c: 00007ffc8d471000-00007ffc8d58cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2812bc4.63c: 00007ffc8d58d000-00007ffc8d5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2822bc4.63c: 00007ffc8d5d6000-00007ffc8d5e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2832bc4.63c: 00007ffc8d5e2000-00007ffc8d5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2842bc4.63c: 00007ffc8d5f1000-00007ffc8d5f1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2852bc4.63c: 00007ffc8d5f2000-00007ffc8d5f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2862bc4.63c: 00007ffc8d5f5000-00007ffc8d667fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2872bc4.63c: 00007ffc8d668000-00007ffffffeffff 0x0001/0x0000 0x0000000
2882bc4.63c: supR3HardNtChildPurify: Done after 263 ms and 0 fixes (loop #0).
289750.3634: Log file opened: 6.1.36r152435 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6500
290750.3634: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc8d470000 g_uNtVerCombined=0xa04a6500 (stack ~0000000000daf3d8)
291750.3634: ntdll.dll: timestamp 0x1000a5b9 (rc=VINF_SUCCESS)
292750.3634: New simple heap: #1 0000000001100000 LB 0x400000 (for 2064384 allocation)
2932bc4.63c: supR3HardNtEnableThreadCreationEx:
294750.3634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
295750.3634: System32: \Device\HarddiskVolume2\Windows\System32
296750.3634: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
297750.3634: KnownDllPath: C:\windows\System32
298750.3634: supR3HardenedVmProcessInit: Opening vboxdrv stub...
299750.3634: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
300750.3634: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
301750.3634: Registered Dll notification callback with NTDLL.
302750.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
303750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
304750.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
305750.3634: supR3HardenedDllNotificationCallback: load 00007ffc8b200000 LB 0x002cf000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
306750.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
307750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
308750.3634: supR3HardenedDllNotificationCallback: load 00007ffc8cc10000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
309750.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
310750.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\KERNEL32.DLL'
311750.3634: supR3HardenedDllNotificationCallback: load 00007ff7a4ce0000 LB 0x0011a000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
312750.3634: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
313750.3634: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
314750.3634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
315750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
316750.3634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc8d4e4b00 pvNtTerminateThread=00007ffc8d50d990
3172bc4.63c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
318750.3634: \SystemRoot\System32\ntdll.dll:
319750.3634: CreationTime: 2022-06-26T11:14:47.730422200Z
320750.3634: LastWriteTime: 2022-06-26T11:14:47.900966300Z
321750.3634: ChangeTime: 2022-07-29T12:25:55.482860200Z
322750.3634: FileAttributes: 0x20
323750.3634: Size: 0x1ef3a8
324750.3634: NT Headers: 0xe8
325750.3634: Timestamp: 0x1000a5b9
326750.3634: Machine: 0x8664 - amd64
327750.3634: Timestamp: 0x1000a5b9
328750.3634: Image Version: 10.0
329750.3634: SizeOfImage: 0x1f8000 (2064384)
330750.3634: Resource Dir: 0x186000 LB 0x700a0
331750.3634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
332750.3634: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
333750.3634: ProductName: Microsoft® Windows® Operating System
334750.3634: ProductVersion: 10.0.19041.1806
335750.3634: FileVersion: 10.0.19041.1806 (WinBuild.160101.0800)
336750.3634: FileDescription: NT Layer DLL
337750.3634: \SystemRoot\System32\kernel32.dll:
338750.3634: CreationTime: 2022-07-29T12:21:10.432207200Z
339750.3634: LastWriteTime: 2022-07-29T12:21:10.490928200Z
340750.3634: ChangeTime: 2022-07-29T12:46:56.683592800Z
341750.3634: FileAttributes: 0x20
342750.3634: Size: 0xbb248
343750.3634: NT Headers: 0xf0
344750.3634: Timestamp: 0xc0248d26
345750.3634: Machine: 0x8664 - amd64
346750.3634: Timestamp: 0xc0248d26
347750.3634: Image Version: 10.0
348750.3634: SizeOfImage: 0xbd000 (774144)
349750.3634: Resource Dir: 0xbb000 LB 0x520
350750.3634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351750.3634: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
352750.3634: ProductName: Microsoft® Windows® Operating System
353750.3634: ProductVersion: 10.0.19041.1865
354750.3634: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
355750.3634: FileDescription: Windows NT BASE API Client DLL
356750.3634: \SystemRoot\System32\KernelBase.dll:
357750.3634: CreationTime: 2022-07-29T12:20:51.931410900Z
358750.3634: LastWriteTime: 2022-07-29T12:20:52.040185400Z
359750.3634: ChangeTime: 2022-07-29T12:46:58.933762500Z
360750.3634: FileAttributes: 0x20
361750.3634: Size: 0x2d0680
362750.3634: NT Headers: 0x100
363750.3634: Timestamp: 0xdd841229
364750.3634: Machine: 0x8664 - amd64
365750.3634: Timestamp: 0xdd841229
366750.3634: Image Version: 10.0
367750.3634: SizeOfImage: 0x2cf000 (2945024)
368750.3634: Resource Dir: 0x2a6000 LB 0x548
369750.3634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
370750.3634: [Raw version resource data: 0x2a60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
371750.3634: ProductName: Microsoft® Windows® Operating System
372750.3634: ProductVersion: 10.0.19041.1865
373750.3634: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
374750.3634: FileDescription: Windows NT BASE API Client DLL
375750.3634: \SystemRoot\System32\apisetschema.dll:
376750.3634: CreationTime: 2019-12-07T09:08:13.518339400Z
377750.3634: LastWriteTime: 2019-12-07T09:08:13.518339400Z
378750.3634: ChangeTime: 2022-07-29T12:25:48.973954800Z
379750.3634: FileAttributes: 0x20
380750.3634: Size: 0x1f538
381750.3634: NT Headers: 0xd0
382750.3634: Timestamp: 0x31288ce0
383750.3634: Machine: 0x8664 - amd64
384750.3634: Timestamp: 0x31288ce0
385750.3634: Image Version: 10.0
386750.3634: SizeOfImage: 0x20000 (131072)
387750.3634: Resource Dir: 0x1f000 LB 0x408
388750.3634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
389750.3634: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
390750.3634: ProductName: Microsoft® Windows® Operating System
391750.3634: ProductVersion: 10.0.19041.1
392750.3634: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
393750.3634: FileDescription: ApiSet Schema DLL
394750.3634: supR3HardenedWinFindAdversaries: 0x0
395750.3634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
396750.3634: Calling main()
397750.3634: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
398750.3634: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
399750.3634: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
400750.3634: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
401750.3634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
402750.3634: SUPR3HardenedMain: Respawn #2
403750.3634: supR3HardNtEnableThreadCreationEx:
404750.3634: supR3HardenedDllNotificationCallback: load 00007ffc8d2f0000 LB 0x00125000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
405750.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
406750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
407750.3634: supR3HardenedDllNotificationCallback: load 00007ffc8cb70000 LB 0x0009c000 C:\windows\System32\sechost.dll [fFlags=0x0]
408750.3634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
409750.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
410750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
411750.3634: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
412750.3634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
413750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
414750.3634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
415750.3634: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
416750.3634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
417750.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
418750.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d470000 'C:\windows\System32\ntdll.dll'
419750.3634: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
420750.3634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
421750.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
422750.3634: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
423750.3634: supR3HardenedDllNotificationCallback: load 00007ffc883b0000 LB 0x00090000 C:\windows\system32\apphelp.dll [fFlags=0x0]
424750.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
425750.3634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
426750.3634: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
427750.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d470000 'C:\windows\System32\ntdll.dll'
428750.3634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc883b0000 'C:\windows\system32\apphelp.dll'
429750.3634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc8d4e4b00 pvNtTerminateThread=00007ffc8d50d990
430750.3634: supR3HardenedWinDoReSpawn(2): New child 306c.31fc [kernel32].
431750.3634: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
432750.3634: supR3HardNtChildGatherData: PebBaseAddress=0000000000e30000 cbPeb=0x388
433750.3634: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc8d470000 uNtDllChildAddr=00007ffc8d470000
434750.3634: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc8d4e4b00
435750.3634: supR3HardenedWinSetupChildInit: Initial context:
436 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7a4ce7900 rdx=0000000000e30000
437 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
438 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
439 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
440 rip=00007ffc8d4c2630 rsp=00000000010ff8d8 rbp=0000000000000000 ctxflags=0010001b
441 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
442 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
443 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
444 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
445 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
446750.3634: kernel32.dll: timestamp 0xc0248d26 (rc=VINF_SUCCESS)
447750.3634: supR3HardenedWinSetupChildInit: Start child.
448750.3634: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
449750.3634: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 17 sleeps
450750.3634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
451750.3634: *0000000000000000-0000000000d6ffff 0x0001/0x0000 0x0000000
452750.3634: *0000000000d70000-0000000000d8ffff 0x0004/0x0004 0x0020000
453750.3634: *0000000000d90000-0000000000dacfff 0x0002/0x0002 0x0040000
454750.3634: 0000000000dad000-0000000000daffff 0x0001/0x0000 0x0000000
455750.3634: *0000000000db0000-0000000000db3fff 0x0002/0x0002 0x0040000
456750.3634: 0000000000db4000-0000000000dbffff 0x0001/0x0000 0x0000000
457750.3634: *0000000000dc0000-0000000000dc1fff 0x0004/0x0004 0x0020000
458750.3634: 0000000000dc2000-0000000000dfffff 0x0001/0x0000 0x0000000
459750.3634: *0000000000e00000-0000000000e2ffff 0x0000/0x0004 0x0020000
460750.3634: 0000000000e30000-0000000000e32fff 0x0004/0x0004 0x0020000
461750.3634: 0000000000e33000-0000000000ffffff 0x0000/0x0004 0x0020000
462750.3634: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
463750.3634: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
464750.3634: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
465750.3634: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
466750.3634: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
467750.3634: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
468750.3634: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
469750.3634: 000000007ffe6000-00007ff565ccffff 0x0001/0x0000 0x0000000
470750.3634: *00007ff565cd0000-00007ff565cd0fff 0x0002/0x0002 0x0040000
471750.3634: 00007ff565cd1000-00007ff565cdffff 0x0001/0x0000 0x0000000
472750.3634: *00007ff565ce0000-00007ff565d02fff 0x0002/0x0002 0x0040000
473750.3634: 00007ff565d03000-00007ff7a4cdffff 0x0001/0x0000 0x0000000
474750.3634: *00007ff7a4ce0000-00007ff7a4ce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
475750.3634: 00007ff7a4ce1000-00007ff7a4d58fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
476750.3634: 00007ff7a4d59000-00007ff7a4d59fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
477750.3634: 00007ff7a4d5a000-00007ff7a4da3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
478750.3634: 00007ff7a4da4000-00007ff7a4da4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
479750.3634: 00007ff7a4da5000-00007ff7a4da5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
480750.3634: 00007ff7a4da6000-00007ff7a4daafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
481750.3634: 00007ff7a4dab000-00007ff7a4dabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
482750.3634: 00007ff7a4dac000-00007ff7a4dacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
483750.3634: 00007ff7a4dad000-00007ff7a4db0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
484750.3634: 00007ff7a4db1000-00007ff7a4df9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
485750.3634: 00007ff7a4dfa000-00007ffc8d46ffff 0x0001/0x0000 0x0000000
486750.3634: *00007ffc8d470000-00007ffc8d470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
487750.3634: 00007ffc8d471000-00007ffc8d58cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
488750.3634: 00007ffc8d58d000-00007ffc8d5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
489750.3634: 00007ffc8d5d6000-00007ffc8d5e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
490750.3634: 00007ffc8d5e2000-00007ffc8d5f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
491750.3634: 00007ffc8d5f1000-00007ffc8d5f1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
492750.3634: 00007ffc8d5f2000-00007ffc8d5f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
493750.3634: 00007ffc8d5f5000-00007ffc8d667fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
494750.3634: 00007ffc8d668000-00007ffffffeffff 0x0001/0x0000 0x0000000
495750.3634: VirtualBoxVM.exe: timestamp 0x62d71982 (rc=VINF_SUCCESS)
496750.3634: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
497750.3634: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
498750.3634: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
499750.3634: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
500306c.31fc: Log file opened: 6.1.36r152435 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6500
501306c.31fc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc8d470000 g_uNtVerCombined=0xa04a6500 (stack ~00000000010ff368)
502306c.31fc: ntdll.dll: timestamp 0x1000a5b9 (rc=VINF_SUCCESS)
503306c.31fc: New simple heap: #1 0000000001200000 LB 0x400000 (for 2064384 allocation)
504750.3634: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
505750.3634: supR3HardNtEnableThreadCreationEx:
506306c.31fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
507306c.31fc: System32: \Device\HarddiskVolume2\Windows\System32
508306c.31fc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
509306c.31fc: KnownDllPath: C:\windows\System32
510306c.31fc: supR3HardenedVmProcessInit: Opening vboxdrv...
511306c.31fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
512306c.31fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
513306c.31fc: Registered Dll notification callback with NTDLL.
514306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
515306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
516306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
517306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b200000 LB 0x002cf000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
518306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
519306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
520306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8cc10000 LB 0x000bd000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
521306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
522306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\KERNEL32.DLL'
523306c.31fc: supR3HardenedDllNotificationCallback: load 00007ff7a4ce0000 LB 0x0011a000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
524306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
525306c.31fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
526306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
527306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
528306c.31fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc8d4e4b00 pvNtTerminateThread=00007ffc8d50d990
529750.3634: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms.
530306c.31fc: \SystemRoot\System32\ntdll.dll:
531306c.31fc: CreationTime: 2022-06-26T11:14:47.730422200Z
532306c.31fc: LastWriteTime: 2022-06-26T11:14:47.900966300Z
533306c.31fc: ChangeTime: 2022-07-29T12:25:55.482860200Z
534306c.31fc: FileAttributes: 0x20
535306c.31fc: Size: 0x1ef3a8
536306c.31fc: NT Headers: 0xe8
537306c.31fc: Timestamp: 0x1000a5b9
538306c.31fc: Machine: 0x8664 - amd64
539306c.31fc: Timestamp: 0x1000a5b9
540306c.31fc: Image Version: 10.0
541306c.31fc: SizeOfImage: 0x1f8000 (2064384)
542306c.31fc: Resource Dir: 0x186000 LB 0x700a0
543306c.31fc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
544306c.31fc: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
545306c.31fc: ProductName: Microsoft® Windows® Operating System
546306c.31fc: ProductVersion: 10.0.19041.1806
547306c.31fc: FileVersion: 10.0.19041.1806 (WinBuild.160101.0800)
548306c.31fc: FileDescription: NT Layer DLL
549306c.31fc: \SystemRoot\System32\kernel32.dll:
550306c.31fc: CreationTime: 2022-07-29T12:21:10.432207200Z
551306c.31fc: LastWriteTime: 2022-07-29T12:21:10.490928200Z
552306c.31fc: ChangeTime: 2022-07-29T12:46:56.683592800Z
553306c.31fc: FileAttributes: 0x20
554306c.31fc: Size: 0xbb248
555306c.31fc: NT Headers: 0xf0
556306c.31fc: Timestamp: 0xc0248d26
557306c.31fc: Machine: 0x8664 - amd64
558306c.31fc: Timestamp: 0xc0248d26
559306c.31fc: Image Version: 10.0
560306c.31fc: SizeOfImage: 0xbd000 (774144)
561306c.31fc: Resource Dir: 0xbb000 LB 0x520
562306c.31fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
563306c.31fc: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
564306c.31fc: ProductName: Microsoft® Windows® Operating System
565306c.31fc: ProductVersion: 10.0.19041.1865
566306c.31fc: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
567306c.31fc: FileDescription: Windows NT BASE API Client DLL
568306c.31fc: \SystemRoot\System32\KernelBase.dll:
569306c.31fc: CreationTime: 2022-07-29T12:20:51.931410900Z
570306c.31fc: LastWriteTime: 2022-07-29T12:20:52.040185400Z
571306c.31fc: ChangeTime: 2022-07-29T12:46:58.933762500Z
572306c.31fc: FileAttributes: 0x20
573306c.31fc: Size: 0x2d0680
574306c.31fc: NT Headers: 0x100
575306c.31fc: Timestamp: 0xdd841229
576306c.31fc: Machine: 0x8664 - amd64
577306c.31fc: Timestamp: 0xdd841229
578306c.31fc: Image Version: 10.0
579306c.31fc: SizeOfImage: 0x2cf000 (2945024)
580306c.31fc: Resource Dir: 0x2a6000 LB 0x548
581306c.31fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
582306c.31fc: [Raw version resource data: 0x2a60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
583306c.31fc: ProductName: Microsoft® Windows® Operating System
584306c.31fc: ProductVersion: 10.0.19041.1865
585306c.31fc: FileVersion: 10.0.19041.1865 (WinBuild.160101.0800)
586306c.31fc: FileDescription: Windows NT BASE API Client DLL
587306c.31fc: \SystemRoot\System32\apisetschema.dll:
588306c.31fc: CreationTime: 2019-12-07T09:08:13.518339400Z
589306c.31fc: LastWriteTime: 2019-12-07T09:08:13.518339400Z
590306c.31fc: ChangeTime: 2022-07-29T12:25:48.973954800Z
591306c.31fc: FileAttributes: 0x20
592306c.31fc: Size: 0x1f538
593306c.31fc: NT Headers: 0xd0
594306c.31fc: Timestamp: 0x31288ce0
595306c.31fc: Machine: 0x8664 - amd64
596306c.31fc: Timestamp: 0x31288ce0
597306c.31fc: Image Version: 10.0
598306c.31fc: SizeOfImage: 0x20000 (131072)
599306c.31fc: Resource Dir: 0x1f000 LB 0x408
600306c.31fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
601306c.31fc: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
602306c.31fc: ProductName: Microsoft® Windows® Operating System
603306c.31fc: ProductVersion: 10.0.19041.1
604306c.31fc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
605306c.31fc: FileDescription: ApiSet Schema DLL
606306c.31fc: supR3HardenedWinFindAdversaries: 0x0
607306c.31fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
608306c.31fc: Calling main()
609306c.31fc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
610306c.31fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
611306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
612306c.31fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
613306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
614306c.31fc: SUPR3HardenedMain: Final process, opening VBoxDrv...
615306c.31fc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
616306c.31fc: supR3HardNtEnableThreadCreationEx:
617306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
618306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
619306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
620306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
621306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
622306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc87e30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
623306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
624306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
625306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
626306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc87e30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
627306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
628306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
629306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc87e30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
630306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc87e30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
631306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
632306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
633306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
634306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
635306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
636306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
637306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
638306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
639306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
640306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
641306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
642306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
643306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
644306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8c690000 LB 0x0009e000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
645306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
646306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8d2f0000 LB 0x00125000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
647306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
648306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8ab90000 LB 0x00068000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
649306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
650306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b100000 LB 0x00100000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
651306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
652306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
653306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8af00000 LB 0x00156000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
654306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
655306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
656306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
657306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
658306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
659306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
660306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
661306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-fibers-l1-1-1'
662306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
663306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
664306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-fibers-l1-1-1'
665306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
666306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
667306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
668306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
669306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
670306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-l1-2-1'
671306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
672306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
673306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8a6b0000 LB 0x00012000 C:\windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
674306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
675306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ab90000 'C:\windows\system32\Wintrust.dll'
676306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
677306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
678306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
679306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8aea0000 LB 0x00027000 C:\windows\System32\bcrypt.dll [fFlags=0x0]
680306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
681306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8aea0000 'C:\windows\system32\bcrypt.dll'
682306c.31fc: bcrypt.dll loaded at 00007ffc8aea0000, BCryptOpenAlgorithmProvider at 00007ffc8aea51e0, preloading providers:
683306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
684306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
685306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
686306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8adc0000 LB 0x00082000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
687306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
688306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8adc0000 'C:\windows\system32\bcryptprimitives.dll'
689306c.31fc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000017cfaa0)
690306c.31fc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000017d0120)
691306c.31fc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000017d0440)
692306c.31fc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000017d0760)
693306c.31fc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000017d1290)
694306c.31fc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000017d15b0)
695306c.31fc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000017d18d0)
696306c.31fc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000017d1bf0)
697306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
698306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
699306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8a400000 LB 0x00018000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
700306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
701306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
702306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
703306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
704306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
705306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
706306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
707306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
708306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
709306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc89bc0000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
710306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
711306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
712306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
713306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
714306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8a3c0000 LB 0x0000c000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
715306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
716306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
717306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
718306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
719306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
720306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
721306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ab90000 'C:\windows\System32\WINTRUST.DLL'
722306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
723306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
724306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\CRYPT32.dll'
725306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8c3f0000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
726306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
727306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
728306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
729306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
730306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
731306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8cb70000 LB 0x0009c000 C:\windows\System32\sechost.dll [fFlags=0x0]
732306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
733306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
734306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
735306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
736306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
737306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
738306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
739306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc89420000 LB 0x00023000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
740306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
741306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
742306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
743306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8aad0000 LB 0x0001f000 C:\windows\SYSTEM32\profapi.dll [fFlags=0x0]
744306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
745306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
746306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
747306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
748306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
749306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
750306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
751306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
752306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
756306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
757306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
758306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
759306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
760306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
761306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
762306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
763306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
764306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
765306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
766306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc85df0000 LB 0x00031000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
767306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
769306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
770306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
771306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
772306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
773306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
774306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
775306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
776306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
777306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
778306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
779306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
780306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
781306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
782306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
783306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
784306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
785306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
786306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
787306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
788306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
789306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
790306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
792306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
793306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
794306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
795306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
796306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
797306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\Windows\System32\cryptnet.dll'
799306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
800306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
801306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
802306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b4e0000 LB 0x000ae000 C:\windows\System32\advapi32.dll [fFlags=0x0]
803306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
804306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
805306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
806306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
807306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
808306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
809306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
810306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
811306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
812306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
813306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
814306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
815306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
816306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
817306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
818306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
819306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
820306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
821306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
822306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
823306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
824306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001872600
825306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
826306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=354B227DADEAEC20A485E962996E22B5479742B8
827306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
828306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
829306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d2f0000 'C:\windows\System32\rpcrt4.dll'
830306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
831306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
832306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
833306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
834306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
835306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
836306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\SystemRoot\System32\ntdll.dll'
837306c.31fc: g_pfnWinVerifyTrust=00007ffc8ab91ee0
838306c.31fc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
839306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
840306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
841306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
842306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
843306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
844306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
845306c.31fc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
846306c.31fc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
847306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
848306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
849306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
850306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
851306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
852306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
853306c.31fc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
854306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
855306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
856306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
857306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
858306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
859306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
860306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
861306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
862306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
863306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
864306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
865306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
866306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
867306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
868306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
869306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
870306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
871306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
872306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
873306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
874306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
875306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
876306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
877306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
878306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
879306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
880306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
881306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
882306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
883306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
884306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
885306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
886306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
887306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
888306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
889306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
890306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
891306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
892306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
893306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
894306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
895306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
896306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
897306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
898306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
899306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
900306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
901306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
902306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
903306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
904306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
905306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
906306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
907306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
908306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
909306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
910306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
911306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
912306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
913306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
914306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
915306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
916306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
917306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
918306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
919306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
920306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
921306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
922306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
923306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
924306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\system32\crypt32.dll'
925306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
926306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
927306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
928306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
929306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
930306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
931306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x4a0fa9c4c9e024ba CN=NITRO
932306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
933306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
934306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
935306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
936306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
937306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
938306c.31fc: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize city, O=Disc Soft Ltd, CN=Disc Soft Ltd, Email=finpr@disc-soft.com
939306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
940306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
941306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
942306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
943306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
944306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
945306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
946306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
947306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
948306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
949306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
950306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
951306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
952306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
953306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
954306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
955306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
956306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
957306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
958306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
959306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
960306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
961306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
962306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
963306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
964306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
965306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
966306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
967306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
968306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
969306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
970306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
971306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
972306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
973306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
974306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
975306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
976306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
977306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
978306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
979306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
980306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
981306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
982306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
983306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
984306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
985306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
986306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
987306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
988306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
989306c.31fc: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018
990306c.31fc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
991306c.31fc: SUPR3HardenedMain: Load Runtime...
992306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
993306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
994306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
995306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
996306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
997306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
998306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
999306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1000306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1001306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1002306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1003306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1004306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1005306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1006306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1007306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1008306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1009306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1010306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1011306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1012306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1013306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
1014306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1015306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1016306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1017306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1018306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1019306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1020306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1021306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1022306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1023306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1024306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
1025306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1026306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1027306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
1028306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1029306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1030306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1031306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1032306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1033306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1034306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1035306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1036306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1037306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1038306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1039306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1040306c.31fc: supR3HardenedDllNotificationCallback: load 000000006dbb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1041306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1042306c.31fc: supR3HardenedDllNotificationCallback: load 000000006db10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1043306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1044306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8ba30000 LB 0x0006b000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
1045306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1046306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc384b0000 LB 0x005fb000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1047306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1048306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1049306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1050306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1051306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1052306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1053306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1054306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1055306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1056306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1057306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1058306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1059306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1060306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1061306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1062306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1063306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1064306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1065306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1066306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1067306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1068306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1069306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1070306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1071306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1072306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1073306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1074306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1075306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1076306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1077306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1078306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1079306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1080306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1081306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1082306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1083306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1084306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1085306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1086306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1087306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1088306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1089306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1090306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1091306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1092306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1093306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1094306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1095306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1096306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1097306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1098306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1099306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1100306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1101306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1102306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1103306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1104306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1105306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1106306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1107306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1108306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1109306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1110306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1111306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1112306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1113306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1114306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1115306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1116306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1117306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1118306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1119306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1120306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1121306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1122306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1123306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1124306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1125306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1126306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1127306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1128306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1129306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1130306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1131306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1132306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1133306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1134306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1136306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1137306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1138306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1139306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1141306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1142306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1143306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1144306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1145306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1146306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1147306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1148306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1149306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1151306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1152306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1153306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1154306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1156306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1157306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1158306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1159306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1161306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1162306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1163306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1164306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1166306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1167306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1168306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1169306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1171306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1172306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1173306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1174306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1175306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1176306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1177306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1178306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1179306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1181306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1182306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1183306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1184306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1185306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1186306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1187306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1188306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1189306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1190306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1191306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1192306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1193306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1194306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1195306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1196306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1197306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1198306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1199306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1200306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1201306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1202306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1203306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1204306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1205306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1206306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1207306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1208306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1209306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1210306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1211306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1212306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1213306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1214306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1215306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1216306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1217306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1218306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1219306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1220306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1221306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1222306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1223306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1224306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc384b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1225306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1226306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1227306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1228306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1229306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1230306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ab90000 'C:\windows\system32\Wintrust.dll'
1231306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1232306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1233306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1234306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1235306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1236306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1237306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\system32\crypt32.dll'
1238306c.31fc: SUPR3HardenedMain: Load TrustedMain...
1239306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
1240306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1241306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1242306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1243306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1244306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1245306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1246306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1247306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1248306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1249306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1250306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1251306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1252306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1253306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1254306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1255306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1256306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1257306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1259306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1260306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1261306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1262306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1263306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1264306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1265306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1266306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1267306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1268306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1269306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1270306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1271306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1272306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1273306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1274306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1275306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1276306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1277306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1278306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1279306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1280306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1281306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1282306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1283306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1284306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1285306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1286306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1287306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1288306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1289306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1290306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1291306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1292306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1293306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1294306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1295306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1296306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1297306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
1298306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
1299306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
1300306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1301306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1302306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1303306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1304306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1305306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1306306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1307306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1308306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1309306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1310306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1311306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1312306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1313306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1314306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1315306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1316306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1317306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
1318306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1319306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1320306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1321306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1322306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1323306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1324306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1325306c.31fc: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1326306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1327306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1328306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1329306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1330306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1331306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1332306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1333306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1334306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1335306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1336306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1337306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1338306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
1339306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1340306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1341306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
1342306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1343306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1344306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1345306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1346306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1347306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1348306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1349306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1350306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1351306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1352306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1353306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1354306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1355306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1356306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1357306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1358306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1359306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1360306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1361306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1362306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1363306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1364306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
1365306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1366306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1367306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1368306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1369306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1370306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1371306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1372306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1373306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1374306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1375306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1376306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1377306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1378306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
1379306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1380306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1381306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1382306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1383306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1384306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1385306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1386306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1387306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1388306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1389306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1390306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1391306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
1392306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1393306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1394306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1395306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1396306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1397306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1398306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1399306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1400306c.31fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1401306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1402306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1403306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1404306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1405306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1406306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1407306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1408306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1409306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1410306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1411306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1412306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
1413306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
1414306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
1415306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1416306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1417306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1418306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1419306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1420306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1421306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1422306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1423306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1424306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1425306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1426306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1427306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1428306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1429306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1430306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1431306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1432306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1433306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1434306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1435306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1436306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1437306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1438306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1439306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1440306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1441306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1442306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1443306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1444306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1445306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1446306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1447306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1448306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1449306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1450306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
1451306c.31fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1452306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1453306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1454306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1455306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1456306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1457306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1458306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1459306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1460306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1461306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1462306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1463306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1464306c.31fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1465306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1466306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1467306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1468306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1469306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1470306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1471306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1472306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1473306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1474306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1475306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1476306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1477306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1478306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1479306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1480306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1481306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1482306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1483306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1484306c.31fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1485306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1486306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1487306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1488306c.31fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1489306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1490306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1491306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1492306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1493306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1494306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1495306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1496306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1497306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1498306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1499306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1500306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1501306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1502306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1503306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1504306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1505306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1506306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1507306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1508306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1509306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1510306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
1511306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1512306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1513306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1514306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1515306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1516306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1517306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1518306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1519306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1520306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1521306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1522306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1523306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1524306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1525306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1526306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1527306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1528306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1529306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1530306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1531306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1532306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1533306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1534306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1535306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1536306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1537306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1538306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1539306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1540306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1541306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1542306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1543306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1544306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1545306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1546306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1547306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1548306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1549306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1550306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1551306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1552306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1553306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1554306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1555306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1556306c.31fc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1557306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1558306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1559306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1560306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1561306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1562306c.31fc: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1563306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1564306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1565306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1566306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1567306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1568306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1569306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1570306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1571306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1572306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1573306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
1574306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1575306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1576306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1577306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1578306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1579306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1580306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1581306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1582306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1583306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1584306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1585306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1586306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1587306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1588306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1589306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1590306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1591306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1592306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
1593306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
1594306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4171C0BCE32E15678A635F6C1468B16A3DEDB0C
1595306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1596306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1597306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1598306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1599306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1600306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1601306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1602306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1603306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1604306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1605306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1606306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1607306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1608306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1609306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1610306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1611306c.31fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1612306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1613306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1614306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1615306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1616306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1617306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1618306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1619306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1620306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1621306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1622306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1623306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1624306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1625306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1626306c.31fc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1627306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1628306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1629306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1630306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1631306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1632306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1633306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1634306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1635306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1636306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1637306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1638306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8aed0000 LB 0x00022000 C:\windows\System32\win32u.dll [fFlags=0x0]
1639306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1640306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b060000 LB 0x0009d000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
1641306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1642306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8acb0000 LB 0x0010b000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
1643306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1644306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1645306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1646306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1647306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1648306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1649306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8ccd0000 LB 0x0002a000 C:\windows\System32\GDI32.dll [fFlags=0x0]
1650306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1651306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8bb00000 LB 0x001a0000 C:\windows\System32\USER32.dll [fFlags=0x0]
1652306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1653306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8c810000 LB 0x00354000 C:\windows\System32\combase.dll [fFlags=0x0]
1654306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1655306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7d6c0000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1656306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1657306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc53db0000 LB 0x00127000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1658306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1659306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8bca0000 LB 0x00744000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
1660306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1661306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b590000 LB 0x0012a000 C:\windows\System32\ole32.dll [fFlags=0x0]
1662306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1663306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7e070000 LB 0x0001d000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
1664306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1665306c.31fc: supR3HardenedDllNotificationCallback: load 000000006cfd0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1666306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1667306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc34d40000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1668306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1669306c.31fc: supR3HardenedDllNotificationCallback: load 000000006ca60000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1670306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1671306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8c410000 LB 0x000cd000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
1672306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1673306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc2bf60000 LB 0x02320000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1674306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
1675306c.31fc: supR3HardenedDllNotificationCallback: load 000000006dab0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1676306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1677306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7cd10000 LB 0x00027000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1678306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1679306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc420f0000 LB 0x001c9000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1680306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1681306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1682306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1683306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1684306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1685306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1686306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1687306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1688306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1689306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1690306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1691306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1692306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1693306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1694306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1695306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1696306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1697306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1698306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1699306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1700306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1701306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1702306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1703306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1704306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1705306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1706306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1707306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1708306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1709306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1710306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1711306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1712306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1713306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1714306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1715306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1716306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1717306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1718306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1719306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1720306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1721306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1722306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1723306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
1724306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1725306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1726306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1727306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1728306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1729306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1730306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1731306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1732306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1733306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1734306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1735306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1736306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1737306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1738306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1739306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1740306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1741306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1742306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1743306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1744306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1745306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1746306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1747306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1748306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1749306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1750306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1751306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1752306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1753306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1754306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1755306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1756306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1757306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1758306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1759306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1760306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1761306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1762306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1763306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1764306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1765306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1766306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-string-l1-1-0'
1767306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1768306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1769306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1770306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1771306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1772306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1773306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1774306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1775306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1776306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1777306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1778306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1779306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1780306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1781306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1782306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1783306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1784306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1785306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1786306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1787306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1788306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1789306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1790306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1791306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1792306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1793306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1794306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1795306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1796306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1797306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1798306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1799306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1800306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1801306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1802306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1803306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1804306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1805306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1806306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1807306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1808306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1809306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-datetime-l1-1-1'
1810306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1811306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1812306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1813306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1814306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1815306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1816306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1817306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1818306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1819306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1820306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1821306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1822306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1823306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1824306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1825306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1826306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1827306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1828306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1829306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1830306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1831306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1832306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1833306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1834306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1835306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1836306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1837306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1838306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1839306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1840306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1841306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1842306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1843306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1844306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1845306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1846306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1847306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1848306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1849306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1850306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1851306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1852306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-obsolete-l1-2-0'
1853306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1854306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1855306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1856306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1857306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1858306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1859306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1860306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1861306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1862306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1863306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1864306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1865306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1866306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1867306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1868306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1869306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1870306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1871306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1872306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1873306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1874306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1875306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1876306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1877306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1878306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1879306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1880306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1881306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1882306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1883306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1884306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1885306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1886306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1887306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1888306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1889306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1890306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1891306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1892306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1893306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1894306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1895306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1896306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1897306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1898306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1899306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1900306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1901306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1902306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1903306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1904306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1905306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1906306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1907306c.31fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1908306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1909306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b770000 LB 0x00030000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
1910306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1911306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b770000 'C:\windows\system32\IMM32.DLL'
1912306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1913306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1914306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1915306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1916306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1917306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1918306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1919306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1920306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1921306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1922306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1923306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1924306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1925306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1926306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1927306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1928306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1929306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1930306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1931306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1932306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1933306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1934306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1935306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1936306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1937306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1938306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1939306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1940306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1941306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1942306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1943306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1944306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1945306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1946306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1947306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1948306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1949306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1950306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1951306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1952306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1953306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1954306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1955306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1956306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1957306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1958306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b4e0000 'C:\windows\System32\ADVAPI32.DLL'
1959306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1960306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1961306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1962306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1963306c.31fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1964306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1965306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1966306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1967306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1968306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1969306c.31fc: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1970306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1971306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1972306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1973306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1974306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1975306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1976306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1977306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1978306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1979306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1980306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1981306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc420f0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1982306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1983306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1984306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1985306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1986306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1987306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'
1988306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1989306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
1990306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
1991306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8DD21BB0BC55257A0C778F7A2D24BA87D12879DB
1992306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1993306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1994306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1995306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1996306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1997306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
1998306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
1999306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
2000306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2001306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2002306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
2003306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2004306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2005306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
2006306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2007306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2008306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
2009306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2010306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2011306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
2012306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2013306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2014306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
2015306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2016306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2017306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
2018306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2019306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2020306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
2021306c.31fc: SUPR3HardenedMain: Calling TrustedMain (00007ffc420f16c0)...
2022306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'combase.dll'.
2023306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msvcp_win.dll'.
2024306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'wldp.dll'.
2025306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
2026306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
2027306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2028306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wldp.dll)
2029306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wldp.dll
2030306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8a4a0000 LB 0x00030000 C:\windows\SYSTEM32\Wldp.dll [fFlags=0x0]
2031306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
2032306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc88c70000 LB 0x00794000 C:\windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
2033306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
2034306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b6c0000 LB 0x000ad000 C:\windows\System32\SHCORE.dll [fFlags=0x0]
2035306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2036306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
2037306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
2038306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2039306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8d290000 LB 0x00055000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
2040306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2041306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
2042306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2043306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2044306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2045306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2046306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2047306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2048306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2049306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2050306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2051306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2052306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2053306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
2054306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
2055306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll [lacks WinVerifyTrust]
2056306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2057306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2058306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2059306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2060306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2061306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2062306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2063306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2064306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
2065306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2066306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2067306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
2068306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2069306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2070306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wldp.dll'
2071306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2072306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2073306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
2074306c.31fc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
2075306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2076306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2077306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2078306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2079306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2080306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2081306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2082306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2083306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2084306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2085306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2086306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2087306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2088306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2089306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2090306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2091306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2092306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2093306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2094306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2095306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2096306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2097306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2098306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2099306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2100306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2101306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2102306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2103306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2104306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2105306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2106306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2107306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2108306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2109306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2110306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2111306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2112306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2113306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2114306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2115306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2116306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2117306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2118306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2119306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2120306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2121306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2122306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc422c0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2123306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2124306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc422c0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2125306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
2126306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2127306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
2128306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
2129306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc88a70000 LB 0x00012000 C:\windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
2130306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
2131306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2132306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2133306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2134306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2135306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2136306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2137306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2138306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2139306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
2140306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006b8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2141306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2142306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2143306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=701BFCEE1A399A1718E6AD19A8B89B9E45D98837
2144306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2145306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2146306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2147306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2148306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2149306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2150306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2151306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2152306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2153306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2154306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2155306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2156306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2157306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2158306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2159306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2160306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2161306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc88510000 LB 0x0009e000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
2162306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2163306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc88510000 'C:\windows\system32\uxtheme.dll'
2164306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bb00000 'C:\windows\system32\user32.dll'
2165306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2166306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2167306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\shell32.dll'
2168306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2169306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2170306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b6c0000 'C:\windows\system32\SHCore.dll'
2171306c.31fc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
2172306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
2173306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2174306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2175306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7cd10000 'C:\windows\system32\winmm.dll'
2176306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2177306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2178306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7cd10000 'C:\windows\system32\winmm.dll'
2179306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2180306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2181306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\shell32.dll'
2182306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2183306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2184306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc88510000 'C:\windows\system32\uxtheme.dll'
2185306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2186306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2187306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b4e0000 'C:\windows\system32\advapi32.dll'
2188306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2189306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2190306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2191306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
2192306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2193306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2194306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2195306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2196306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2197306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8aa50000 LB 0x0002e000 C:\windows\system32\userenv.dll [fFlags=0x0]
2198306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2199306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8aa50000 'C:\windows\system32\userenv.dll'
2200306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2201306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2202306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
2203306c.37ac: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
2204306c.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2205306c.37ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2206306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2207306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2208306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2209306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2210306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2211306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2212306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2213306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2214306c.37ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2215306c.37ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2216306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2217306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2218306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2219306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2220306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2221306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2222306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2223306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2224306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2225306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2226306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2227306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2228306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2229306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2230306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2231306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2232306c.37ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2233306c.37ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2234306c.37ac: supR3HardenedDllNotificationCallback: load 00007ffc380e0000 LB 0x003c2000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2235306c.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2236306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc380e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2237306c.37ac: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
2238306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2239306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2240306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2241306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2242306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2243306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2244306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2245306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2246306c.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2247306c.37ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2248306c.37ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2249306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2250306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2251306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2252306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2253306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2254306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2255306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2256306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2257306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2258306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2259306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2260306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2261306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2262306c.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2263306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2264306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2265306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2266306c.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2267306c.37ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2268306c.37ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2269306c.37ac: supR3HardenedDllNotificationCallback: load 00007ffc53cc0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2270306c.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2271306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc53cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2272306c.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2273306c.37ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2274306c.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8c410000 'C:\windows\system32\oleaut32.dll'
2275306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ccd0000 'C:\windows\system32\gdi32.dll'
2276306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2277306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2278306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8c410000 'C:\Windows\System32\oleaut32.dll'
2279306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2280306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2281306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\shell32.dll'
2282306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2283306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2284306c.31fc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2285306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
2286306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2287306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2288306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d470000 'C:\windows\System32\ntdll.dll'
2289306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
2290306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2291306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2292306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AEF35A8B6AA63445D80DEFD8B96CAD66AECDEF39
2293306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2294306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2295306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0514~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
2296306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2297306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
2298306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2299306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2300306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2301306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc883b0000 LB 0x00090000 C:\windows\system32\apphelp.dll [fFlags=0x0]
2302306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2303306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2304306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2305306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d470000 'C:\windows\System32\ntdll.dll'
2306306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc883b0000 'C:\windows\system32\apphelp.dll'
2307306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc8b850000 LB 0x00115000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
2308306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2309306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2310306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
2311306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
2312306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
2313306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2314306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2315306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2316306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2317306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2318306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2319306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2320306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2321306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2322306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2323306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2324306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2325306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2326306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2327306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2328306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2329306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2330306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000988 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2331306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2332306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2333306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F602E8855BCD942955FA9DBB13C4E4D44C41A311
2334306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2335306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2336306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2337306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2338306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2339306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
2340306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
2341306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2342306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2343306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2344306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2345306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2346306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2347306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2348306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2349306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2350306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2351306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2352306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2353306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2354306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2355306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2356306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2357306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2358306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2359306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2360306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2361306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2362306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
2363306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
2364306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2365306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2366306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2367306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2368306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2369306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2370306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2371306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2372306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2373306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2374306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2375306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2376306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2377306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll) WinVerifyTrust
2378306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2379306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2380306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2381306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2382306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2383306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll
2384306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2385306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2386306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2387306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2388306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2389306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2390306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2391306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2392306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc89450000 LB 0x000f3000 C:\windows\system32\dxgi.dll [fFlags=0x0]
2393306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2394306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc86f20000 LB 0x00263000 C:\windows\system32\d3d11.dll [fFlags=0x0]
2395306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2396306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc87190000 LB 0x001e4000 C:\windows\system32\dcomp.dll [fFlags=0x0]
2397306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2398306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc716a0000 LB 0x0003e000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
2399306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2400306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ccd0000 'C:\windows\System32\gdi32.dll'
2401306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc716a0000 'C:\windows\system32\dataexchange.dll'
2402306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2403306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
2404306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
2405306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2406306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2407306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7f3a0000 LB 0x00200000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
2408306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2409306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2410306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2411306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2412306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2413306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2414306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2415306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2416306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2417306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2418306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2419306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2420306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2421306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2422306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b6c0000 'C:\windows\system32\Shcore.dll'
2423306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2424306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2425306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2426306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
2427306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
2428306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2429306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2430306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2431306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2432306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
2433306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
2434306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2435306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2436306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2437306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
2438306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2439306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2440306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2441306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2442306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2443306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2444306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2445306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2446306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2447306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc89850000 LB 0x00033000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
2448306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2449306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc882b0000 LB 0x000f2000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
2450306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2451306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc87cc0000 LB 0x00154000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
2452306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2453306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc87f20000 LB 0x0035e000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
2454306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2455306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc86760000 LB 0x000f9000 C:\windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
2456306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2457306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2458306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2459306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2460306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2461306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2462306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2463306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2464306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2465306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2466306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2467306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2468306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2469306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2470306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2471306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2472306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2473306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2474306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2475306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2476306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2477306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2478306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2479306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2480306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2481306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2482306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2483306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2484306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2485306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2486306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2487306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2488306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2489306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2490306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2491306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2492306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2493306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2494306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2495306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2496306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2497306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2498306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2499306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2500306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2501306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2502306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2503306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2504306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2505306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2506306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2507306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2508306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2509306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2510306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bb00000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2511306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2512306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2513306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bb00000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2514306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2515306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2516306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8c810000 'api-ms-win-core-com-l1-1-0.dll'
2517306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2518306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2519306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b850000 'C:\windows\System32\MSCTF.dll'
2520306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2521306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2522306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\shell32.dll'
2523306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\shell32.dll'
2524306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2525306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2526306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b590000 'C:\windows\System32\ole32.dll'
2527306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8c410000 'C:\windows\System32\OLEAUT32.dll'
2528306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000acc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2529306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2530306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2531306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5E9B4B8E891F6D9AAF89D119CB8AAE1934ED673
2532306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2533306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2534306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2535306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2536306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2537306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2538306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2539306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2540306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2541306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2542306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2543306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a80 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2544306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2545306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2546306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B97C1D711C478066C1314800E4F6D26F93811194
2547306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2548306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2549306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2550306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2551306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2552306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2553306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2554306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2555306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2556306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2557306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2558306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2559306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2560306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2561306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2562306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2563306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2564306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc811e0000 LB 0x00090000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2565306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2566306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc85a10000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2567306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2568306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2569306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2570306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2571306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85a10000 'C:\windows\system32\wbem\wbemprox.dll'
2572306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2573306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2574306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2575306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CA332CD27CD01F33F85EB4BED516FAA617B555A
2576306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2577306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2578306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2579306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2580306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2581306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2582306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2583306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2584306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2585306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2586306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2587306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2588306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2589306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2590306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7ec50000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2591306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2592306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7ec50000 'C:\windows\system32\wbem\wbemsvc.dll'
2593306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2594306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2595306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-l1-2-0.dll'
2596306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2597306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2598306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2599306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b40 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2600306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2601306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2602306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
2603306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2604306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2605306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2606306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2607306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2608306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2609306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2610306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2611306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2612306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2613306c.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2614306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2615306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2616306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2617306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2618306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc7ec70000 LB 0x0010b000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
2619306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2620306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7ec70000 'C:\windows\system32\wbem\fastprox.dll'
2621306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
2622306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2623306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2624306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E037358D3BFB2BDA56CED3A1B6A631D12D37E28
2625306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2626306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2627306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
2628306c.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2629306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2630306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2631306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
2632306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
2633306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2634306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2635306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2636306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2637306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2638306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2639306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc69ec0000 LB 0x00020000 C:\windows\System32\amsi.dll [fFlags=0x0]
2640306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2641306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc69ec0000 'C:\windows\System32\amsi.dll'
2642306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2643306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2644306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
2645306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2646306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2647306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOAV.dll) WinVerifyTrust
2648306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOAV.dll
2649306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2650306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2651306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2652306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2653306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2654306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2655306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2656306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOAV.dll
2657306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc68aa0000 LB 0x0007b000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOav.dll [fFlags=0x0]
2658306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOAV.dll
2659306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2660306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2661306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
2662306c.31fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
2663306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2664306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-l1-2-1'
2665306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2666306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2667306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
2668306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
2669306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2670306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
2671306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2672306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2673306c.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2674306c.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2675306c.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
2676306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc85e30000 LB 0x0000a000 C:\windows\system32\version.dll [fFlags=0x0]
2677306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
2678306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85e30000 'C:\windows\system32\version.dll'
2679306c.31fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
2680306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
2681306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68aa0000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpOav.dll'
2682306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2683306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2684306c.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
2685306c.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b4e0000 'C:\windows\System32\ADVAPI32.dll'
2686306c.2650: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
2687306c.2650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2688306c.2650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2689306c.2650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2690306c.2650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2691306c.2650: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2692306c.2650: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2693306c.2650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2694306c.2650: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2695306c.2650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2696306c.2650: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2697306c.2650: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2698306c.2650: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2699306c.2650: supR3HardenedDllNotificationCallback: load 00007ffc35d00000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2700306c.2650: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2701306c.2650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc35d00000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2702306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b590000 'C:\windows\system32\ole32.dll'
2703306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2704306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2705306c.3324: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
2706306c.3324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2707306c.3324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2708306c.3324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2709306c.3324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2710306c.3324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2711306c.3324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2712306c.3324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2713306c.3324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2714306c.3324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2715306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2716306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2717306c.3324: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2718306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2719306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2720306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2721306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2722306c.3324: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2723306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2724306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2725306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2726306c.3324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2727306c.3324: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2728306c.3324: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2729306c.3324: supR3HardenedDllNotificationCallback: load 00007ffc86e10000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2730306c.3324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2731306c.3324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc86e10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2732306c.2030: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
2733306c.2030: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2734306c.2030: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2735306c.2030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2736306c.2030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2737306c.2030: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2738306c.2030: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2739306c.2030: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2740306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2741306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2742306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2743306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2744306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2745306c.2030: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2746306c.2030: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2747306c.2030: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2748306c.2030: supR3HardenedDllNotificationCallback: load 00007ffc86e00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2749306c.2030: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2750306c.2030: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc86e00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2751306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8bca0000 'C:\windows\system32\Shell32.dll'
2752306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed4 pwszName=\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2753306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
2754306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
2755306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFF1A1590C53D6E12EEC0DDBA64D6189D81C99C1
2756306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2757306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2758306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll'
2759306c.3524: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2760306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
2761306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
2762306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2763306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
2764306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume2\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
2765306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2766306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2767306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\vid.dll) WinVerifyTrust
2768306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\vid.dll
2769306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2770306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2771306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2772306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc7c350000 LB 0x0001b000 C:\windows\SYSTEM32\vid.dll [fFlags=0x0]
2773306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2774306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc79fb0000 LB 0x00026000 C:\windows\system32\WinHvPlatform.dll [fFlags=0x0]
2775306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
2776306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc79fb0000 'C:\windows\system32\WinHvPlatform.dll'
2777306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
2778306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2779306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7c350000 'C:\windows\system32\vid.dll'
2780306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2781306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2782306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8d470000 'C:\windows\system32\NTDLL.DLL'
2783306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2784306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2785306c.3524: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
2786306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2787306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2788306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2789306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2790306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2791306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2792306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2793306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2794306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2795306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2796306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2797306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2798306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2799306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2800306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2801306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2802306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2803306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2804306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2805306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2806306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2807306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2808306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2809306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2810306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2811306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2812306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2813306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2814306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2815306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2816306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
2817306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
2818306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
2819306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2820306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2821306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2822306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2823306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2824306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2825306c.3524: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
2826306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2827306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2828306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2829306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2830306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2831306c.3524: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
2832306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
2833306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2834306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2835306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2836306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2837306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2838306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2839306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2840306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2841306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2842306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2843306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2844306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2845306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2846306c.3524: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
2847306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2848306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2849306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2850306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2851306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2852306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2853306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2854306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2855306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2856306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2857306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2858306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2859306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2860306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2861306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2862306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2863306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2864306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2865306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2866306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2867306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2868306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2869306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2870306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2871306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2872306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2873306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2874306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2875306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2876306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2877306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2878306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2879306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2880306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2881306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2882306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2883306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2884306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc8ae50000 LB 0x0004e000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
2885306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
2886306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc8cda0000 LB 0x0046f000 C:\windows\System32\SETUPAPI.dll [fFlags=0x0]
2887306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2888306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc52fa0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2889306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2890306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc23fc0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2891306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2892306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc89f30000 LB 0x0003b000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2893306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2894306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc34330000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2895306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2896306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34330000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2897306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2898306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2899306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2900306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2901306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2902306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2903306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2904306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc380e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2905306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2906306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2907306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2908306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2909306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc23fc0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2910306c.898: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
2911306c.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2912306c.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2913306c.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2914306c.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2915306c.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2916306c.898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2917306c.898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2918306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2919306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2920306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2921306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2922306c.898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2923306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2924306c.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2925306c.898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2926306c.898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2927306c.898: supR3HardenedDllNotificationCallback: load 00007ffc79f90000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2928306c.898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2929306c.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc79f90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2930306c.2eb8: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
2931306c.2eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2932306c.2eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2933306c.2eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2934306c.2eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2935306c.2eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2936306c.2eb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2937306c.2eb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2938306c.2eb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2939306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2940306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2941306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2942306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2943306c.2eb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2944306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2945306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2946306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2947306c.2eb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2948306c.2eb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2949306c.2eb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2950306c.2eb8: supR3HardenedDllNotificationCallback: load 00007ffc856f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2951306c.2eb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2952306c.2eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc856f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2953306c.38c4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
2954306c.38c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
2955306c.38c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
2956306c.38c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2957306c.38c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2958306c.38c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2959306c.38c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2960306c.38c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2961306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2962306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2963306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2964306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2965306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2966306c.38c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2967306c.38c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2968306c.38c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2969306c.38c4: supR3HardenedDllNotificationCallback: load 00007ffc7d710000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2970306c.38c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2971306c.38c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7d710000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2972306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2973306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2974306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89f30000 'C:\windows\system32\Iphlpapi.dll'
2975306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2976306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2977306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
2978306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2979306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc8b4d0000 LB 0x00008000 C:\windows\System32\NSI.dll [fFlags=0x0]
2980306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2981306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2982306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc82920000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2983306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2984306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2985306c.3524: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
2986306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2987306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc827c0000 LB 0x00017000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2988306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2989306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2990306c.3524: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
2991306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2992306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc82890000 LB 0x0001d000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2993306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2994306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll)
2995306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
2996306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc89f70000 LB 0x000ca000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
2997306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
2998306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2999306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3000306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3001306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3002306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3003306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3004306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3005306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3006306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3007306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3008306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3009306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
3010306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3011306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
3012306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
3013306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4
3014306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3015306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3016306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3017306c.3524: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3018306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3019306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3020306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001872600
3021306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001872600
3022306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496
3023306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3024306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3025306c.3524: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1865.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3026306c.3524: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3027306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3028306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3029306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3030306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
3031306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3032306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3033306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
3034306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3035306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3036306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3037306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3038306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3039306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3040306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3041306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3042306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3043306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3044306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3045306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3046306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
3047306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
3048306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3049306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3050306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3051306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3052306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
3053306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3054306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3055306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
3056306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3057306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3058306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3059306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc8a890000 LB 0x0002c000 C:\windows\System32\DEVOBJ.dll [fFlags=0x0]
3060306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3061306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc826b0000 LB 0x00085000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
3062306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3063306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc826b0000 'C:\windows\System32\MMDevApi.dll'
3064306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3065306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3066306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc826b0000 'C:\windows\System32\MMDEVAPI.DLL'
3067306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3068306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3069306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3070306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3071306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
3072306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
3073306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
3074306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d9.dll) WinVerifyTrust
3075306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3076306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
3077306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
3078306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3079306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3080306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3081306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
3082306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
3083306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
3084306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
3085306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3086306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3087306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3088306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3089306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3090306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3091306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3092306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3093306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3094306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3095306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3096306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
3097306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3098306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3099306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3100306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3101306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3102306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3103306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3104306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3105306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3106306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc88780000 LB 0x0002f000 C:\windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
3107306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3108306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc7c410000 LB 0x001cf000 C:\windows\system32\d3d9.dll [fFlags=0x0]
3109306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d9.dll
3110306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7c410000 'C:\windows\system32\d3d9.dll'
3111306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll: Owner is administrators group.
3112306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x62b4e8bb; retrying against current time: 0x62eff1ce.
3113306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x62eff1ce/now.
3114306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3115306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3116306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'version.dll'.
3117306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
3118306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll) WinVerifyTrust
3119306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll
3120306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3121306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3122306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3123306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3124306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3125306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3126306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll
3127306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc7e790000 LB 0x00117000 C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll [fFlags=0x0]
3128306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll
3129306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3130306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3131306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
3132306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3133306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3134306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-fibers-l1-1-1'
3135306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3136306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3137306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
3138306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
3139306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3140306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-l1-2-1'
3141306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3142306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3143306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
3144306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7e790000 'C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll'
3145306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll
3146306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\msasn1.dll (Input=msasn1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3147306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8a6b0000 'C:\windows\System32\msasn1.dll'
3148306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85df0000 'C:\windows\System32\cryptnet.dll'
3149306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3150306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3151306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3152306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drvstore.dll) WinVerifyTrust
3153306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drvstore.dll
3154306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3155306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3156306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\drvstore.dll (Input=drvstore.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3157306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drvstore.dll
3158306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc85ca0000 LB 0x00148000 C:\windows\System32\drvstore.dll [fFlags=0x0]
3159306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drvstore.dll
3160306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc85ca0000 'C:\windows\System32\drvstore.dll'
3161306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3162306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\devobj.dll (Input=devobj.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3163306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8a890000 'C:\windows\System32\devobj.dll'
3164306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wldp.dll
3165306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wldp.dll (Input=wldp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3166306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8a4a0000 'C:\windows\System32\wldp.dll'
3167306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
3168306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3169306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8a3c0000 'C:\windows\System32\cryptbase.dll'
3170306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3171306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
3172306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wintrust.dll (Input=wintrust.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3173306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ab90000 'C:\windows\System32\wintrust.dll'
3174306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll: Owner is administrators group.
3175306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x62b4e9c1; retrying against current time: 0x62eff1d0.
3176306c.3524: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x62eff1d0/now.
3177306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3178306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3179306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
3180306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3181306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3182306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
3183306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3184306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll) WinVerifyTrust
3185306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll
3186306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3187306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3188306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3189306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3190306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3191306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3192306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3193306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3194306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3195306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3196306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3197306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3198306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3199306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll
3200306c.3524: supR3HardenedDllNotificationCallback: load 00007ffc227b0000 LB 0x0180a000 C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll [fFlags=0x0]
3201306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll
3202306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3203306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3204306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
3205306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3206306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3207306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-fibers-l1-1-1'
3208306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3209306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3210306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-synch-l1-2-0'
3211306c.3524: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
3212306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3213306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8b200000 'api-ms-win-core-localization-l1-2-1'
3214306c.3524: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3215306c.3524: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3216306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8cc10000 'C:\windows\System32\kernel32.dll'
3217306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc227b0000 'C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll'
3218306c.3524: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3219306c.3524: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\D3D12.dll)
3220306c.3524: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\D3D12.dll
3221306c.3524: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000904 (hFile=0000000000001364) with 0xc0000022 -> STATUS_TRUST_FAILURE
3222306c.3524: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\D3D12.dll [avoiding WinVerifyTrust]
3223306c.3524: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001364 (hFile=0000000000000904) with 0xc0000022 -> STATUS_TRUST_FAILURE
3224306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3225306c.3524: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3226306c.3524: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
3227306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc89bc0000 'C:\windows\system32\rsaenh.dll'
3228306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8af00000 'C:\windows\System32\crypt32.dll'
3229306c.3524: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\D3D12.dll'
3230306c.3524: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc8ccd0000 'C:\windows\System32\gdi32.dll'
3231306c.353c: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
3232306c.353c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
3233306c.353c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
3234306c.353c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000109c (hFile=0000000000001130) with 0xc0000022 -> STATUS_TRUST_FAILURE
3235306c.353c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3236306c.353c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001130 (hFile=000000000000109c) with 0xc0000022 -> STATUS_TRUST_FAILURE
3237306c.38c4: supR3HardenedDllNotificationCallback: Unload 00007ffc7d710000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3238306c.2eb8: supR3HardenedDllNotificationCallback: Unload 00007ffc856f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3239306c.898: supR3HardenedDllNotificationCallback: Unload 00007ffc79f90000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3240306c.2030: supR3HardenedDllNotificationCallback: Unload 00007ffc86e00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3241306c.3324: supR3HardenedDllNotificationCallback: Unload 00007ffc86e10000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3242306c.1a64: supR3HardenedDllNotificationCallback: Unload 00007ffc227b0000 LB 0x0180a000 C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvd3dumx.dll [flags=0x0]
3243306c.1a64: supR3HardenedDllNotificationCallback: Unload 00007ffc85ca0000 LB 0x00148000 C:\windows\System32\drvstore.dll [flags=0x0]
3244306c.1a64: supR3HardenedDllNotificationCallback: Unload 00007ffc7e790000 LB 0x00117000 C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_cdf35e901007edb8\nvldumdx.dll [flags=0x0]
3245306c.3524: supR3HardenedDllNotificationCallback: Unload 00007ffc34330000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3246306c.3524: supR3HardenedDllNotificationCallback: Unload 00007ffc52fa0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3247306c.3524: supR3HardenedDllNotificationCallback: Unload 00007ffc23fc0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3248306c.3524: supR3HardenedDllNotificationCallback: Unload 00007ffc8cda0000 LB 0x0046f000 C:\windows\System32\SETUPAPI.dll [flags=0x0]
3249306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc7ec50000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [flags=0x0]
3250306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc716a0000 LB 0x0003e000 C:\windows\system32\dataexchange.dll [flags=0x0]
3251306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3252306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
3253306c.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
3254306c.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll)
3255306c.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll
3256306c.31fc: supR3HardenedDllNotificationCallback: load 00007ffc869e0000 LB 0x0003b000 C:\windows\SYSTEM32\dxcore.dll [fFlags=0x0]
3257306c.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
3258306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc86f20000 LB 0x00263000 C:\windows\system32\d3d11.dll [flags=0x0]
3259306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc89450000 LB 0x000f3000 C:\windows\system32\dxgi.dll [flags=0x0]
3260306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc87190000 LB 0x001e4000 C:\windows\system32\dcomp.dll [flags=0x0]
3261306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc7f3a0000 LB 0x00200000 C:\windows\system32\twinapi.appcore.dll [flags=0x0]
3262306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc85a10000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [flags=0x0]
3263306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc53cc0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3264306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc7ec70000 LB 0x0010b000 C:\windows\system32\wbem\fastprox.dll [flags=0x0]
3265306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc811e0000 LB 0x00090000 C:\windows\SYSTEM32\wbemcomn.dll [flags=0x0]
3266306c.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc380e0000 LB 0x003c2000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3267306c.31fc: Terminating the normal way: rcExit=0
3268750.3634: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 56832 ms, the end);
32692bc4.63c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 57322 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy