VirtualBox

Ticket #21107: VBoxHardening.log

File VBoxHardening.log, 372.2 KB (added by ArtZ, 2 years ago)
Line 
13e0.2318: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa055f000
23e0.2318: \SystemRoot\System32\ntdll.dll:
33e0.2318: CreationTime: 2022-08-26T02:41:58.621025600Z
43e0.2318: LastWriteTime: 2022-08-26T02:41:58.671396900Z
53e0.2318: ChangeTime: 2022-09-15T00:45:04.691340100Z
63e0.2318: FileAttributes: 0x20
73e0.2318: Size: 0x207df8
83e0.2318: NT Headers: 0xe0
93e0.2318: Timestamp: 0x57b668f2
103e0.2318: Machine: 0x8664 - amd64
113e0.2318: Timestamp: 0x57b668f2
123e0.2318: Image Version: 10.0
133e0.2318: SizeOfImage: 0x209000 (2134016)
143e0.2318: Resource Dir: 0x194000 LB 0x73528
153e0.2318: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163e0.2318: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173e0.2318: ProductName: Microsoft® Windows® Operating System
183e0.2318: ProductVersion: 10.0.22000.918
193e0.2318: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
203e0.2318: FileDescription: NT Layer DLL
213e0.2318: \SystemRoot\System32\kernel32.dll:
223e0.2318: CreationTime: 2022-05-27T21:24:31.704048900Z
233e0.2318: LastWriteTime: 2022-05-27T21:24:31.719235300Z
243e0.2318: ChangeTime: 2022-09-15T00:45:04.210568900Z
253e0.2318: FileAttributes: 0x20
263e0.2318: Size: 0xc0058
273e0.2318: NT Headers: 0xf8
283e0.2318: Timestamp: 0xafec8296
293e0.2318: Machine: 0x8664 - amd64
303e0.2318: Timestamp: 0xafec8296
313e0.2318: Image Version: 10.0
323e0.2318: SizeOfImage: 0xbd000 (774144)
333e0.2318: Resource Dir: 0xbb000 LB 0x520
343e0.2318: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353e0.2318: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363e0.2318: ProductName: Microsoft® Windows® Operating System
373e0.2318: ProductVersion: 10.0.22000.708
383e0.2318: FileVersion: 10.0.22000.708 (WinBuild.160101.0800)
393e0.2318: FileDescription: Windows NT BASE API Client DLL
403e0.2318: \SystemRoot\System32\KernelBase.dll:
413e0.2318: CreationTime: 2022-08-26T02:41:59.372803100Z
423e0.2318: LastWriteTime: 2022-08-26T02:41:59.533382900Z
433e0.2318: ChangeTime: 2022-09-15T00:45:04.696199800Z
443e0.2318: FileAttributes: 0x20
453e0.2318: Size: 0x3832e8
463e0.2318: NT Headers: 0xf8
473e0.2318: Timestamp: 0xb42fa627
483e0.2318: Machine: 0x8664 - amd64
493e0.2318: Timestamp: 0xb42fa627
503e0.2318: Image Version: 10.0
513e0.2318: SizeOfImage: 0x37c000 (3653632)
523e0.2318: Resource Dir: 0x34c000 LB 0x548
533e0.2318: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543e0.2318: [Raw version resource data: 0x34c0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553e0.2318: ProductName: Microsoft® Windows® Operating System
563e0.2318: ProductVersion: 10.0.22000.918
573e0.2318: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
583e0.2318: FileDescription: Windows NT BASE API Client DLL
593e0.2318: \SystemRoot\System32\apisetschema.dll:
603e0.2318: CreationTime: 2021-06-05T12:04:59.928787900Z
613e0.2318: LastWriteTime: 2021-06-05T12:04:59.928787900Z
623e0.2318: ChangeTime: 2022-09-15T00:45:04.158785500Z
633e0.2318: FileAttributes: 0x20
643e0.2318: Size: 0x24150
653e0.2318: NT Headers: 0xc8
663e0.2318: Timestamp: 0x68d1dbaf
673e0.2318: Machine: 0x8664 - amd64
683e0.2318: Timestamp: 0x68d1dbaf
693e0.2318: Image Version: 10.0
703e0.2318: SizeOfImage: 0x23000 (143360)
713e0.2318: Resource Dir: 0x22000 LB 0x408
723e0.2318: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733e0.2318: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743e0.2318: ProductName: Microsoft® Windows® Operating System
753e0.2318: ProductVersion: 10.0.22000.1
763e0.2318: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
773e0.2318: FileDescription: ApiSet Schema DLL
783e0.2318: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793e0.2318: supR3HardenedWinFindAdversaries: 0x0
803e0.2318: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
813e0.2318: Calling main()
823e0.2318: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
833e0.2318: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
843e0.2318: SUPR3HardenedMain: Respawn #1
853e0.2318: System32: \Device\HarddiskVolume2\Windows\System32
863e0.2318: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
873e0.2318: KnownDllPath: C:\WINDOWS\System32
883e0.2318: supR3HardenedWinInit: Performing a limited self purification...
893e0.2318: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
903e0.2318: *0000000000000000-000000000010ffff 0x0001/0x0000 0x0000000
913e0.2318: *0000000000110000-0000000000110fff 0x0002/0x0002 0x0040000
923e0.2318: 0000000000111000-000000000011ffff 0x0001/0x0000 0x0000000
933e0.2318: *0000000000120000-0000000000120fff 0x0002/0x0002 0x0040000
943e0.2318: 0000000000121000-000000000012ffff 0x0001/0x0000 0x0000000
953e0.2318: *0000000000130000-000000000014efff 0x0002/0x0002 0x0040000
963e0.2318: 000000000014f000-000000000014ffff 0x0001/0x0000 0x0000000
973e0.2318: *0000000000150000-0000000000153fff 0x0002/0x0002 0x0040000
983e0.2318: 0000000000154000-000000000015ffff 0x0001/0x0000 0x0000000
993e0.2318: *0000000000160000-0000000000161fff 0x0004/0x0004 0x0020000
1003e0.2318: 0000000000162000-000000000016ffff 0x0001/0x0000 0x0000000
1013e0.2318: *0000000000170000-0000000000180fff 0x0002/0x0002 0x0040000
1023e0.2318: 0000000000181000-000000000018ffff 0x0001/0x0000 0x0000000
1033e0.2318: *0000000000190000-00000000001a0fff 0x0002/0x0002 0x0040000
1043e0.2318: 00000000001a1000-00000000001affff 0x0001/0x0000 0x0000000
1053e0.2318: *00000000001b0000-00000000001b2fff 0x0002/0x0002 0x0040000
1063e0.2318: 00000000001b3000-00000000001bffff 0x0001/0x0000 0x0000000
1073e0.2318: *00000000001c0000-00000000001c0fff 0x0004/0x0004 0x0020000
1083e0.2318: 00000000001c1000-00000000001f1fff 0x0000/0x0004 0x0020000
1093e0.2318: 00000000001f2000-00000000001fffff 0x0001/0x0000 0x0000000
1103e0.2318: *0000000000200000-0000000000278fff 0x0000/0x0004 0x0020000
1113e0.2318: 0000000000279000-000000000027bfff 0x0004/0x0004 0x0020000
1123e0.2318: 000000000027c000-00000000003fffff 0x0000/0x0004 0x0020000
1133e0.2318: *0000000000400000-00000000004b8fff 0x0000/0x0004 0x0020000
1143e0.2318: 00000000004b9000-00000000004bbfff 0x0104/0x0004 0x0020000
1153e0.2318: 00000000004bc000-00000000004fffff 0x0004/0x0004 0x0020000
1163e0.2318: *0000000000500000-0000000000500fff 0x0002/0x0002 0x0040000
1173e0.2318: 0000000000501000-000000000050ffff 0x0001/0x0000 0x0000000
1183e0.2318: *0000000000510000-000000000051ffff 0x0004/0x0004 0x0040000
1193e0.2318: *0000000000520000-0000000000522fff 0x0002/0x0002 0x0040000
1203e0.2318: 0000000000523000-000000000052ffff 0x0001/0x0000 0x0000000
1213e0.2318: *0000000000530000-00000000005fdfff 0x0002/0x0002 0x0040000
1223e0.2318: 00000000005fe000-00000000005fffff 0x0001/0x0000 0x0000000
1233e0.2318: *0000000000600000-0000000000610fff 0x0002/0x0002 0x0040000
1243e0.2318: 0000000000611000-000000000061ffff 0x0001/0x0000 0x0000000
1253e0.2318: *0000000000620000-0000000000629fff 0x0004/0x0004 0x0020000
1263e0.2318: 000000000062a000-000000000071ffff 0x0000/0x0004 0x0020000
1273e0.2318: *0000000000720000-0000000000730fff 0x0002/0x0002 0x0040000
1283e0.2318: 0000000000731000-000000000076ffff 0x0001/0x0000 0x0000000
1293e0.2318: *0000000000770000-000000000077efff 0x0004/0x0004 0x0020000
1303e0.2318: 000000000077f000-000000000077ffff 0x0000/0x0004 0x0020000
1313e0.2318: *0000000000780000-0000000000784fff 0x0000/0x0004 0x0020000
1323e0.2318: 0000000000785000-000000000098efff 0x0004/0x0004 0x0020000
1333e0.2318: 000000000098f000-000000000098ffff 0x0000/0x0004 0x0020000
1343e0.2318: *0000000000990000-0000000000991fff 0x0004/0x0004 0x0020000
1353e0.2318: 0000000000992000-00000000009c1fff 0x0000/0x0004 0x0020000
1363e0.2318: 00000000009c2000-00000000009cffff 0x0001/0x0000 0x0000000
1373e0.2318: *00000000009d0000-00000000009fbfff 0x0004/0x0004 0x0020000
1383e0.2318: 00000000009fc000-0000000000acffff 0x0000/0x0004 0x0020000
1393e0.2318: 0000000000ad0000-000000007ffdffff 0x0001/0x0000 0x0000000
1403e0.2318: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1413e0.2318: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
1423e0.2318: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
1433e0.2318: 000000007ffe4000-00007ff467feffff 0x0001/0x0000 0x0000000
1443e0.2318: *00007ff467ff0000-00007ff467ff4fff 0x0002/0x0002 0x0040000
1453e0.2318: 00007ff467ff5000-00007ff4680effff 0x0000/0x0002 0x0040000
1463e0.2318: *00007ff4680f0000-00007ff56810ffff 0x0000/0x0004 0x0020000
1473e0.2318: *00007ff568110000-00007ff56a10ffff 0x0000/0x0004 0x0020000
1483e0.2318: 00007ff56a110000-00007ff56a110fff 0x0004/0x0004 0x0020000
1493e0.2318: 00007ff56a111000-00007ff56a11ffff 0x0001/0x0000 0x0000000
1503e0.2318: *00007ff56a120000-00007ff56a120fff 0x0002/0x0002 0x0040000
1513e0.2318: 00007ff56a121000-00007ff68b19ffff 0x0001/0x0000 0x0000000
1523e0.2318: *00007ff68b1a0000-00007ff68b1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1533e0.2318: 00007ff68b1a1000-00007ff68b218fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1543e0.2318: 00007ff68b219000-00007ff68b219fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1553e0.2318: 00007ff68b21a000-00007ff68b263fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1563e0.2318: 00007ff68b264000-00007ff68b266fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1573e0.2318: 00007ff68b267000-00007ff68b269fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1583e0.2318: 00007ff68b26a000-00007ff68b26cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1593e0.2318: 00007ff68b26d000-00007ff68b26dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1603e0.2318: 00007ff68b26e000-00007ff68b26ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1613e0.2318: 00007ff68b270000-00007ff68b270fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1623e0.2318: 00007ff68b271000-00007ff68b2b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1633e0.2318: 00007ff68b2ba000-00007ffebd83ffff 0x0001/0x0000 0x0000000
1643e0.2318: *00007ffebd840000-00007ffebd840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1653e0.2318: 00007ffebd841000-00007ffebd9b8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1663e0.2318: 00007ffebd9b9000-00007ffebdb6dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1673e0.2318: 00007ffebdb6e000-00007ffebdb72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1683e0.2318: 00007ffebdb73000-00007ffebdbbbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1693e0.2318: 00007ffebdbbc000-00007ffebef4ffff 0x0001/0x0000 0x0000000
1703e0.2318: *00007ffebef50000-00007ffebef50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1713e0.2318: 00007ffebef51000-00007ffebefcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1723e0.2318: 00007ffebefce000-00007ffebf001fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1733e0.2318: 00007ffebf002000-00007ffebf002fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1743e0.2318: 00007ffebf003000-00007ffebf003fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1753e0.2318: 00007ffebf004000-00007ffebf00cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1763e0.2318: 00007ffebf00d000-00007ffebfd9ffff 0x0001/0x0000 0x0000000
1773e0.2318: *00007ffebfda0000-00007ffebfda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1783e0.2318: 00007ffebfda1000-00007ffebfecbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1793e0.2318: 00007ffebfecc000-00007ffebff13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1803e0.2318: 00007ffebff14000-00007ffebff14fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1813e0.2318: 00007ffebff15000-00007ffebff16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1823e0.2318: 00007ffebff17000-00007ffebff1ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1833e0.2318: 00007ffebff20000-00007ffebffa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1843e0.2318: 00007ffebffa9000-00007ffffffeffff 0x0001/0x0000 0x0000000
1853e0.2318: kernel32.dll: timestamp 0xafec8296 (rc=VINF_SUCCESS)
1863e0.2318: kernelbase.dll: timestamp 0xb42fa627 (rc=VINF_SUCCESS)
1873e0.2318: VirtualBoxVM.exe: timestamp 0x6310b1ca (rc=VINF_SUCCESS)
1883e0.2318: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1893e0.2318: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1903e0.2318: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1913e0.2318: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1923e0.2318: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1933e0.2318: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1943e0.2318: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1953e0.2318: supR3HardNtEnableThreadCreationEx:
1963e0.2318: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffebfe1ac10 pvNtTerminateThread=00007ffebfe445d0
1973e0.2318: supR3HardenedWinDoReSpawn(1): New child 1d5c.12f0 [kernel32].
1983e0.2318: supR3HardNtChildGatherData: PebBaseAddress=0000000000db9000 cbPeb=0x388
1993e0.2318: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffebfda0000 uNtDllChildAddr=00007ffebfda0000
2003e0.2318: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffebfe1ac10
2013e0.2318: supR3HardenedWinSetupChildInit: Initial context:
202 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff68b1a7900 rdx=0000000000db9000
203 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
204 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
205 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
206 rip=00007ffebfda4830 rsp=0000000000effc28 rbp=0000000000000000 ctxflags=0010001b
207 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
208 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
209 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
210 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
211 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2123e0.2318: supR3HardenedWinSetupChildInit: Start child.
2133e0.2318: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2143e0.2318: supR3HardNtChildPurify: Startup delay kludge #1/0: 272 ms, 18 sleeps
2153e0.2318: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2163e0.2318: *0000000000000000-0000000000bbffff 0x0001/0x0000 0x0000000
2173e0.2318: *0000000000bc0000-0000000000bdffff 0x0004/0x0004 0x0020000
2183e0.2318: *0000000000be0000-0000000000bfefff 0x0002/0x0002 0x0040000
2193e0.2318: 0000000000bff000-0000000000bfffff 0x0001/0x0000 0x0000000
2203e0.2318: *0000000000c00000-0000000000db8fff 0x0000/0x0004 0x0020000
2213e0.2318: 0000000000db9000-0000000000dbbfff 0x0004/0x0004 0x0020000
2223e0.2318: 0000000000dbc000-0000000000dfffff 0x0000/0x0004 0x0020000
2233e0.2318: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
2243e0.2318: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
2253e0.2318: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
2263e0.2318: *0000000000f00000-0000000000f03fff 0x0002/0x0002 0x0040000
2273e0.2318: 0000000000f04000-0000000000f0ffff 0x0001/0x0000 0x0000000
2283e0.2318: *0000000000f10000-0000000000f11fff 0x0004/0x0004 0x0020000
2293e0.2318: 0000000000f12000-000000007ffdffff 0x0001/0x0000 0x0000000
2303e0.2318: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2313e0.2318: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
2323e0.2318: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
2333e0.2318: 000000007ffe4000-00007ff56dbfffff 0x0001/0x0000 0x0000000
2343e0.2318: *00007ff56dc00000-00007ff56dc00fff 0x0002/0x0002 0x0040000
2353e0.2318: 00007ff56dc01000-00007ff68b19ffff 0x0001/0x0000 0x0000000
2363e0.2318: *00007ff68b1a0000-00007ff68b1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2373e0.2318: 00007ff68b1a1000-00007ff68b218fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2383e0.2318: 00007ff68b219000-00007ff68b219fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2393e0.2318: 00007ff68b21a000-00007ff68b263fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2403e0.2318: 00007ff68b264000-00007ff68b264fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2413e0.2318: 00007ff68b265000-00007ff68b265fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2423e0.2318: 00007ff68b266000-00007ff68b26afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2433e0.2318: 00007ff68b26b000-00007ff68b26bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2443e0.2318: 00007ff68b26c000-00007ff68b26cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2453e0.2318: 00007ff68b26d000-00007ff68b270fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2463e0.2318: 00007ff68b271000-00007ff68b2b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2473e0.2318: 00007ff68b2ba000-00007ffebfd9ffff 0x0001/0x0000 0x0000000
2483e0.2318: *00007ffebfda0000-00007ffebfda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2493e0.2318: 00007ffebfda1000-00007ffebfecbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2503e0.2318: 00007ffebfecc000-00007ffebff13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2513e0.2318: 00007ffebff14000-00007ffebff1ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2523e0.2318: 00007ffebff20000-00007ffebff2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2533e0.2318: 00007ffebff2f000-00007ffebff2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2543e0.2318: 00007ffebff30000-00007ffebff32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2553e0.2318: 00007ffebff33000-00007ffebffa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2563e0.2318: 00007ffebffa9000-00007ffffffeffff 0x0001/0x0000 0x0000000
2573e0.2318: supR3HardNtChildPurify: Done after 279 ms and 0 fixes (loop #0).
2581d5c.12f0: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa055f000
2591d5c.12f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffebfda0000 g_uNtVerCombined=0xa055f000 (stack ~0000000000eff6a8)
2601d5c.12f0: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS)
2611d5c.12f0: New simple heap: #1 0000000001020000 LB 0x800000 (for 2134016 allocation)
2623e0.2318: supR3HardNtEnableThreadCreationEx:
2631d5c.12f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
2641d5c.12f0: System32: \Device\HarddiskVolume2\Windows\System32
2651d5c.12f0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2661d5c.12f0: KnownDllPath: C:\WINDOWS\System32
2671d5c.12f0: supR3HardenedVmProcessInit: Opening vboxsup stub...
2681d5c.12f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2691d5c.12f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2701d5c.12f0: Registered Dll notification callback with NTDLL.
2711d5c.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2721d5c.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2731d5c.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2741d5c.12f0: supR3HardenedDllNotificationCallback: load 00007ffebd840000 LB 0x0037c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2751d5c.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2761d5c.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2771d5c.12f0: supR3HardenedDllNotificationCallback: load 00007ffebef50000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2781d5c.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2791d5c.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\KERNEL32.DLL'
2801d5c.12f0: supR3HardenedDllNotificationCallback: load 00007ff68b1a0000 LB 0x0011a000 z:\program files\Oracle\virtualbox\VirtualBoxVM.exe [fFlags=0x0]
2811d5c.12f0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2821d5c.12f0: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2831d5c.12f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2841d5c.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2851d5c.12f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffebfe1ac10 pvNtTerminateThread=00007ffebfe445d0
2863e0.2318: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 104 ms.
2871d5c.12f0: \SystemRoot\System32\ntdll.dll:
2881d5c.12f0: CreationTime: 2022-08-26T02:41:58.621025600Z
2891d5c.12f0: LastWriteTime: 2022-08-26T02:41:58.671396900Z
2901d5c.12f0: ChangeTime: 2022-09-15T00:45:04.691340100Z
2911d5c.12f0: FileAttributes: 0x20
2921d5c.12f0: Size: 0x207df8
2931d5c.12f0: NT Headers: 0xe0
2941d5c.12f0: Timestamp: 0x57b668f2
2951d5c.12f0: Machine: 0x8664 - amd64
2961d5c.12f0: Timestamp: 0x57b668f2
2971d5c.12f0: Image Version: 10.0
2981d5c.12f0: SizeOfImage: 0x209000 (2134016)
2991d5c.12f0: Resource Dir: 0x194000 LB 0x73528
3001d5c.12f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3011d5c.12f0: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3021d5c.12f0: ProductName: Microsoft® Windows® Operating System
3031d5c.12f0: ProductVersion: 10.0.22000.918
3041d5c.12f0: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
3051d5c.12f0: FileDescription: NT Layer DLL
3061d5c.12f0: \SystemRoot\System32\kernel32.dll:
3071d5c.12f0: CreationTime: 2022-05-27T21:24:31.704048900Z
3081d5c.12f0: LastWriteTime: 2022-05-27T21:24:31.719235300Z
3091d5c.12f0: ChangeTime: 2022-09-15T00:45:04.210568900Z
3101d5c.12f0: FileAttributes: 0x20
3111d5c.12f0: Size: 0xc0058
3121d5c.12f0: NT Headers: 0xf8
3131d5c.12f0: Timestamp: 0xafec8296
3141d5c.12f0: Machine: 0x8664 - amd64
3151d5c.12f0: Timestamp: 0xafec8296
3161d5c.12f0: Image Version: 10.0
3171d5c.12f0: SizeOfImage: 0xbd000 (774144)
3181d5c.12f0: Resource Dir: 0xbb000 LB 0x520
3191d5c.12f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3201d5c.12f0: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3211d5c.12f0: ProductName: Microsoft® Windows® Operating System
3221d5c.12f0: ProductVersion: 10.0.22000.708
3231d5c.12f0: FileVersion: 10.0.22000.708 (WinBuild.160101.0800)
3241d5c.12f0: FileDescription: Windows NT BASE API Client DLL
3251d5c.12f0: \SystemRoot\System32\KernelBase.dll:
3261d5c.12f0: CreationTime: 2022-08-26T02:41:59.372803100Z
3271d5c.12f0: LastWriteTime: 2022-08-26T02:41:59.533382900Z
3281d5c.12f0: ChangeTime: 2022-09-15T00:45:04.696199800Z
3291d5c.12f0: FileAttributes: 0x20
3301d5c.12f0: Size: 0x3832e8
3311d5c.12f0: NT Headers: 0xf8
3321d5c.12f0: Timestamp: 0xb42fa627
3331d5c.12f0: Machine: 0x8664 - amd64
3341d5c.12f0: Timestamp: 0xb42fa627
3351d5c.12f0: Image Version: 10.0
3361d5c.12f0: SizeOfImage: 0x37c000 (3653632)
3371d5c.12f0: Resource Dir: 0x34c000 LB 0x548
3381d5c.12f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3391d5c.12f0: [Raw version resource data: 0x34c0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3401d5c.12f0: ProductName: Microsoft® Windows® Operating System
3411d5c.12f0: ProductVersion: 10.0.22000.918
3421d5c.12f0: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
3431d5c.12f0: FileDescription: Windows NT BASE API Client DLL
3441d5c.12f0: \SystemRoot\System32\apisetschema.dll:
3451d5c.12f0: CreationTime: 2021-06-05T12:04:59.928787900Z
3461d5c.12f0: LastWriteTime: 2021-06-05T12:04:59.928787900Z
3471d5c.12f0: ChangeTime: 2022-09-15T00:45:04.158785500Z
3481d5c.12f0: FileAttributes: 0x20
3491d5c.12f0: Size: 0x24150
3501d5c.12f0: NT Headers: 0xc8
3511d5c.12f0: Timestamp: 0x68d1dbaf
3521d5c.12f0: Machine: 0x8664 - amd64
3531d5c.12f0: Timestamp: 0x68d1dbaf
3541d5c.12f0: Image Version: 10.0
3551d5c.12f0: SizeOfImage: 0x23000 (143360)
3561d5c.12f0: Resource Dir: 0x22000 LB 0x408
3571d5c.12f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3581d5c.12f0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3591d5c.12f0: ProductName: Microsoft® Windows® Operating System
3601d5c.12f0: ProductVersion: 10.0.22000.1
3611d5c.12f0: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
3621d5c.12f0: FileDescription: ApiSet Schema DLL
3631d5c.12f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3641d5c.12f0: supR3HardenedWinFindAdversaries: 0x0
3651d5c.12f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
3661d5c.12f0: Calling main()
3671d5c.12f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3681d5c.12f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
3691d5c.12f0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3701d5c.12f0: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3711d5c.12f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3721d5c.12f0: SUPR3HardenedMain: Respawn #2
3731d5c.12f0: supR3HardNtEnableThreadCreationEx:
3741d5c.12f0: supR3HardenedDllNotificationCallback: load 00007ffebf010000 LB 0x0009e000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3751d5c.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
3761d5c.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
3771d5c.12f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3781d5c.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
3791d5c.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3801d5c.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3811d5c.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebfda0000 'C:\WINDOWS\System32\ntdll.dll'
3821d5c.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
3831d5c.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3841d5c.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'C:\WINDOWS\System32\KernelBase.dll'
3851d5c.12f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffebfe1ac10 pvNtTerminateThread=00007ffebfe445d0
3861d5c.12f0: supR3HardenedWinDoReSpawn(2): New child 7ec.3a88 [kernel32].
3871d5c.12f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3881d5c.12f0: supR3HardNtChildGatherData: PebBaseAddress=000000000101b000 cbPeb=0x388
3891d5c.12f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffebfda0000 uNtDllChildAddr=00007ffebfda0000
3901d5c.12f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffebfe1ac10
3911d5c.12f0: supR3HardenedWinSetupChildInit: Initial context:
392 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff68b1a7900 rdx=000000000101b000
393 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
394 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
395 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
396 rip=00007ffebfda4830 rsp=00000000012ff8a8 rbp=0000000000000000 ctxflags=0010001b
397 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
398 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
399 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
400 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
401 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4021d5c.12f0: kernel32.dll: timestamp 0xafec8296 (rc=VINF_SUCCESS)
4031d5c.12f0: supR3HardenedWinSetupChildInit: Start child.
4041d5c.12f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4051d5c.12f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 17 sleeps
4061d5c.12f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4071d5c.12f0: *0000000000000000-0000000000f5ffff 0x0001/0x0000 0x0000000
4081d5c.12f0: *0000000000f60000-0000000000f7ffff 0x0004/0x0004 0x0020000
4091d5c.12f0: *0000000000f80000-0000000000f9efff 0x0002/0x0002 0x0040000
4101d5c.12f0: 0000000000f9f000-0000000000f9ffff 0x0001/0x0000 0x0000000
4111d5c.12f0: *0000000000fa0000-0000000000fa3fff 0x0002/0x0002 0x0040000
4121d5c.12f0: 0000000000fa4000-0000000000faffff 0x0001/0x0000 0x0000000
4131d5c.12f0: *0000000000fb0000-0000000000fb1fff 0x0004/0x0004 0x0020000
4141d5c.12f0: 0000000000fb2000-0000000000ffffff 0x0001/0x0000 0x0000000
4151d5c.12f0: *0000000001000000-000000000101afff 0x0000/0x0004 0x0020000
4161d5c.12f0: 000000000101b000-000000000101dfff 0x0004/0x0004 0x0020000
4171d5c.12f0: 000000000101e000-00000000011fffff 0x0000/0x0004 0x0020000
4181d5c.12f0: *0000000001200000-00000000012fafff 0x0000/0x0004 0x0020000
4191d5c.12f0: 00000000012fb000-00000000012fdfff 0x0104/0x0004 0x0020000
4201d5c.12f0: 00000000012fe000-00000000012fffff 0x0004/0x0004 0x0020000
4211d5c.12f0: 0000000001300000-000000007ffdffff 0x0001/0x0000 0x0000000
4221d5c.12f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4231d5c.12f0: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
4241d5c.12f0: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
4251d5c.12f0: 000000007ffe4000-00007ff53601ffff 0x0001/0x0000 0x0000000
4261d5c.12f0: *00007ff536020000-00007ff536020fff 0x0002/0x0002 0x0040000
4271d5c.12f0: 00007ff536021000-00007ff68b19ffff 0x0001/0x0000 0x0000000
4281d5c.12f0: *00007ff68b1a0000-00007ff68b1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4291d5c.12f0: 00007ff68b1a1000-00007ff68b218fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4301d5c.12f0: 00007ff68b219000-00007ff68b219fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4311d5c.12f0: 00007ff68b21a000-00007ff68b263fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4321d5c.12f0: 00007ff68b264000-00007ff68b264fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4331d5c.12f0: 00007ff68b265000-00007ff68b265fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4341d5c.12f0: 00007ff68b266000-00007ff68b26afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4351d5c.12f0: 00007ff68b26b000-00007ff68b26bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4361d5c.12f0: 00007ff68b26c000-00007ff68b26cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4371d5c.12f0: 00007ff68b26d000-00007ff68b270fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4381d5c.12f0: 00007ff68b271000-00007ff68b2b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4391d5c.12f0: 00007ff68b2ba000-00007ffebfd9ffff 0x0001/0x0000 0x0000000
4401d5c.12f0: *00007ffebfda0000-00007ffebfda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4411d5c.12f0: 00007ffebfda1000-00007ffebfecbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4421d5c.12f0: 00007ffebfecc000-00007ffebff13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4431d5c.12f0: 00007ffebff14000-00007ffebff1ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4441d5c.12f0: 00007ffebff20000-00007ffebff2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4451d5c.12f0: 00007ffebff2f000-00007ffebff2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4461d5c.12f0: 00007ffebff30000-00007ffebff32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4471d5c.12f0: 00007ffebff33000-00007ffebffa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4481d5c.12f0: 00007ffebffa9000-00007ffffffeffff 0x0001/0x0000 0x0000000
4491d5c.12f0: VirtualBoxVM.exe: timestamp 0x6310b1ca (rc=VINF_SUCCESS)
4501d5c.12f0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4511d5c.12f0: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4521d5c.12f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4531d5c.12f0: supR3HardNtChildPurify: Done after 357 ms and 0 fixes (loop #0).
4547ec.3a88: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa055f000
4557ec.3a88: supR3HardenedVmProcessInit: uNtDllAddr=00007ffebfda0000 g_uNtVerCombined=0xa055f000 (stack ~00000000012ff328)
4561d5c.12f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001020000 LB 0x800000)
4577ec.3a88: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS)
4581d5c.12f0: supR3HardNtEnableThreadCreationEx:
4597ec.3a88: New simple heap: #1 0000000001400000 LB 0x800000 (for 2134016 allocation)
4607ec.3a88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
4617ec.3a88: System32: \Device\HarddiskVolume2\Windows\System32
4627ec.3a88: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
4637ec.3a88: KnownDllPath: C:\WINDOWS\System32
4647ec.3a88: supR3HardenedVmProcessInit: Opening vboxsup...
4657ec.3a88: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4667ec.3a88: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4677ec.3a88: Registered Dll notification callback with NTDLL.
4687ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4697ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4707ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4717ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd840000 LB 0x0037c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
4727ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4737ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4747ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebef50000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
4757ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4767ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\KERNEL32.DLL'
4777ec.3a88: supR3HardenedDllNotificationCallback: load 00007ff68b1a0000 LB 0x0011a000 z:\program files\Oracle\virtualbox\VirtualBoxVM.exe [fFlags=0x0]
4787ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4797ec.3a88: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4807ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4817ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4827ec.3a88: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffebfe1ac10 pvNtTerminateThread=00007ffebfe445d0
4831d5c.12f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 100 ms.
4847ec.3a88: \SystemRoot\System32\ntdll.dll:
4857ec.3a88: CreationTime: 2022-08-26T02:41:58.621025600Z
4867ec.3a88: LastWriteTime: 2022-08-26T02:41:58.671396900Z
4877ec.3a88: ChangeTime: 2022-09-15T00:45:04.691340100Z
4887ec.3a88: FileAttributes: 0x20
4897ec.3a88: Size: 0x207df8
4907ec.3a88: NT Headers: 0xe0
4917ec.3a88: Timestamp: 0x57b668f2
4927ec.3a88: Machine: 0x8664 - amd64
4937ec.3a88: Timestamp: 0x57b668f2
4947ec.3a88: Image Version: 10.0
4957ec.3a88: SizeOfImage: 0x209000 (2134016)
4967ec.3a88: Resource Dir: 0x194000 LB 0x73528
4977ec.3a88: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4987ec.3a88: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4997ec.3a88: ProductName: Microsoft® Windows® Operating System
5007ec.3a88: ProductVersion: 10.0.22000.918
5017ec.3a88: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
5027ec.3a88: FileDescription: NT Layer DLL
5037ec.3a88: \SystemRoot\System32\kernel32.dll:
5047ec.3a88: CreationTime: 2022-05-27T21:24:31.704048900Z
5057ec.3a88: LastWriteTime: 2022-05-27T21:24:31.719235300Z
5067ec.3a88: ChangeTime: 2022-09-15T00:45:04.210568900Z
5077ec.3a88: FileAttributes: 0x20
5087ec.3a88: Size: 0xc0058
5097ec.3a88: NT Headers: 0xf8
5107ec.3a88: Timestamp: 0xafec8296
5117ec.3a88: Machine: 0x8664 - amd64
5127ec.3a88: Timestamp: 0xafec8296
5137ec.3a88: Image Version: 10.0
5147ec.3a88: SizeOfImage: 0xbd000 (774144)
5157ec.3a88: Resource Dir: 0xbb000 LB 0x520
5167ec.3a88: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5177ec.3a88: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5187ec.3a88: ProductName: Microsoft® Windows® Operating System
5197ec.3a88: ProductVersion: 10.0.22000.708
5207ec.3a88: FileVersion: 10.0.22000.708 (WinBuild.160101.0800)
5217ec.3a88: FileDescription: Windows NT BASE API Client DLL
5227ec.3a88: \SystemRoot\System32\KernelBase.dll:
5237ec.3a88: CreationTime: 2022-08-26T02:41:59.372803100Z
5247ec.3a88: LastWriteTime: 2022-08-26T02:41:59.533382900Z
5257ec.3a88: ChangeTime: 2022-09-15T00:45:04.696199800Z
5267ec.3a88: FileAttributes: 0x20
5277ec.3a88: Size: 0x3832e8
5287ec.3a88: NT Headers: 0xf8
5297ec.3a88: Timestamp: 0xb42fa627
5307ec.3a88: Machine: 0x8664 - amd64
5317ec.3a88: Timestamp: 0xb42fa627
5327ec.3a88: Image Version: 10.0
5337ec.3a88: SizeOfImage: 0x37c000 (3653632)
5347ec.3a88: Resource Dir: 0x34c000 LB 0x548
5357ec.3a88: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5367ec.3a88: [Raw version resource data: 0x34c0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5377ec.3a88: ProductName: Microsoft® Windows® Operating System
5387ec.3a88: ProductVersion: 10.0.22000.918
5397ec.3a88: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
5407ec.3a88: FileDescription: Windows NT BASE API Client DLL
5417ec.3a88: \SystemRoot\System32\apisetschema.dll:
5427ec.3a88: CreationTime: 2021-06-05T12:04:59.928787900Z
5437ec.3a88: LastWriteTime: 2021-06-05T12:04:59.928787900Z
5447ec.3a88: ChangeTime: 2022-09-15T00:45:04.158785500Z
5457ec.3a88: FileAttributes: 0x20
5467ec.3a88: Size: 0x24150
5477ec.3a88: NT Headers: 0xc8
5487ec.3a88: Timestamp: 0x68d1dbaf
5497ec.3a88: Machine: 0x8664 - amd64
5507ec.3a88: Timestamp: 0x68d1dbaf
5517ec.3a88: Image Version: 10.0
5527ec.3a88: SizeOfImage: 0x23000 (143360)
5537ec.3a88: Resource Dir: 0x22000 LB 0x408
5547ec.3a88: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5557ec.3a88: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5567ec.3a88: ProductName: Microsoft® Windows® Operating System
5577ec.3a88: ProductVersion: 10.0.22000.1
5587ec.3a88: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
5597ec.3a88: FileDescription: ApiSet Schema DLL
5607ec.3a88: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5617ec.3a88: supR3HardenedWinFindAdversaries: 0x0
5627ec.3a88: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
5637ec.3a88: Calling main()
5647ec.3a88: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
5657ec.3a88: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
5667ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5677ec.3a88: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5687ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5697ec.3a88: SUPR3HardenedMain: Final process, opening VBoxDrv...
5707ec.3a88: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x800000)
5717ec.3a88: supR3HardNtEnableThreadCreationEx:
5727ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
5737ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5747ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5757ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5767ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5777ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeaa520000 LB 0x00005000 z:\program files\Oracle\virtualbox\VBoxSupLib.DLL [fFlags=0x0]
5787ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5797ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5807ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5817ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa520000 'z:\program files\Oracle\virtualbox\VBoxSupLib.DLL'
5827ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5837ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5847ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa520000 'z:\program files\Oracle\virtualbox\VBoxSupLib.DLL'
5857ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa520000 'z:\program files\Oracle\virtualbox\VBoxSupLib.DLL'
5867ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5877ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
5887ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
5897ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
5907ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5917ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5927ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
5937ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
5947ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5967ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
5977ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
5987ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5997ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf140000 LB 0x000a3000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
6007ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6017ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebdde0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
6027ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6037ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebdbc0000 LB 0x00068000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
6047ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6057ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd580000 LB 0x00111000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
6067ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
6077ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
6087ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd6d0000 LB 0x00162000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
6097ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6107ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6117ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6127ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6137ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-synch-l1-2-0'
6147ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6157ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6167ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-fibers-l1-1-1'
6177ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6187ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6197ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-synch-l1-2-0'
6207ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6217ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6227ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-localization-l1-2-1'
6237ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6247ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6257ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebcaf0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
6267ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6277ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdbc0000 'C:\WINDOWS\system32\Wintrust.dll'
6287ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6297ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6307ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6317ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6327ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebcc10000 LB 0x00027000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
6337ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6347ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebcc10000 'C:\WINDOWS\system32\bcrypt.dll'
6357ec.3a88: bcrypt.dll loaded at 00007ffebcc10000, BCryptOpenAlgorithmProvider at 00007ffebcc15a30, preloading providers:
6367ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
6377ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
6387ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6397ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd460000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
6407ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6417ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd460000 'C:\WINDOWS\system32\bcryptprimitives.dll'
6427ec.3a88: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001c31fc0)
6437ec.3a88: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001c32580)
6447ec.3a88: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001c328d0)
6457ec.3a88: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001c32c20)
6467ec.3a88: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001c32f70)
6477ec.3a88: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001c332c0)
6487ec.3a88: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001c33610)
6497ec.3a88: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001c33960)
6507ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
6517ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
6527ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebcaa0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6537ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6547ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
6557ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
6567ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6577ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6587ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebc290000 LB 0x00035000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
6597ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6607ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
6617ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
6627ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
6637ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebc940000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6647ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6657ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6667ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\kernel32.dll'
6687ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6697ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6707ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdbc0000 'C:\WINDOWS\System32\WINTRUST.DLL'
6717ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6727ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6737ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\CRYPT32.dll'
6747ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf640000 LB 0x0001f000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6757ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6767ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6777ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6787ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6797ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
6807ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf010000 LB 0x0009e000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
6817ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6827ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6837ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6847ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6857ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
6867ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
6877ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebc7c0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6887ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6897ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
6907ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
6917ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd1b0000 LB 0x00021000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
6927ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
6937ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6947ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6957ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
6967ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6977ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6987ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6997ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7007ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7017ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7027ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7037ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7047ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7057ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7067ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7077ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7087ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7097ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7107ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7117ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb5970000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
7127ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7137ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7147ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7157ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7167ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7177ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7187ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7197ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7207ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7217ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7227ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7237ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7247ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7257ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7267ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7277ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7287ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7297ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7307ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7317ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7327ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7337ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7347ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7357ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7367ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7377ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7387ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7397ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7407ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7417ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\WINDOWS\System32\cryptnet.dll'
7427ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7437ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5970000 'C:\Windows\System32\cryptnet.dll'
7447ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7457ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7467ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
7477ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebee90000 LB 0x000ae000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
7487ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7497ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
7507ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
7517ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
7527ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
7537ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7547ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7557ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7567ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7577ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7587ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7597ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7607ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7617ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7627ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7637ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7647ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
7657ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7667ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
7687ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7697ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001d09ad0
7707ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
7717ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3EE57CCA65BA0083DDAF4B9E4A6F94689A5B2F
7727ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7737ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdde0000 'C:\WINDOWS\System32\rpcrt4.dll'
7757ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7767ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7777ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
7787ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7797ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7807ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
7817ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\SystemRoot\System32\ntdll.dll'
7827ec.3a88: g_pfnWinVerifyTrust=00007ffebdbd04d0
7837ec.3a88: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7847ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7857ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7867ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
7877ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7887ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7897ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
7907ec.3a88: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
7917ec.3a88: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7927ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7937ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7947ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
7957ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7967ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7977ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
7987ec.3a88: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
7997ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8007ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8017ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8027ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8037ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
8047ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8057ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8067ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8077ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
8087ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8097ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8107ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8117ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
8127ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8137ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8147ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8157ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
8167ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8177ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8187ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8197ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
8207ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8217ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8227ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8237ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
8247ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8257ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8267ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8277ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
8287ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8297ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8307ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8317ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8327ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8337ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
8347ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
8357ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8367ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8377ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8387ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
8397ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8407ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8417ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
8427ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8437ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8447ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
8457ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8467ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8477ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
8487ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8497ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8507ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
8517ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8527ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8537ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
8547ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8557ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8567ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
8577ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8587ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8597ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8607ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8617ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8627ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
8637ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8647ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8657ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
8667ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
8677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
8687ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
8697ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\system32\crypt32.dll'
8707ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x38d88b7dad63e500 CN=Pluto
8717ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8727ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8737ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8747ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8757ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8767ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8777ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8787ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
8797ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8807ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8817ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
8827ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
8837ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8847ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
8857ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
8867ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8877ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8887ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
8897ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8907ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8917ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8927ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
8937ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
8947ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
8957ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x5c3e4a16f34a09ec C=US, O=Internet Security Research Group, CN=ISRG Root X2
8967ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
8977ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8987ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8997ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9007ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9017ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9027ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
9037ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9047ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9057ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
9067ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9077ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9087ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9097ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9107ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9117ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
9127ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
9137ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9147ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
9157ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9167ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9177ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9187ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9197ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
9207ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9217ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
9227ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
9237ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9247ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9257ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9267ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
9277ec.3a88: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018
9287ec.3a88: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=58
9297ec.3a88: SUPR3HardenedMain: Load Runtime...
9307ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
9317ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
9327ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
9337ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9347ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9357ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9367ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
9377ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9387ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
9397ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9407ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9417ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
9427ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
9437ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9447ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
9457ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
9467ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9477ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9487ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9497ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9507ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9517ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
9527ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9537ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9547ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9557ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
9567ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
9577ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9587ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9597ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
9607ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9617ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9627ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
9637ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9647ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9657ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
9667ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9677ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll)
9687ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
9697ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
9707ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9717ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9727ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
9737ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9747ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9757ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
9767ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9777ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
9787ec.3a88: supR3HardenedDllNotificationCallback: load 0000000067980000 LB 0x000d2000 z:\program files\Oracle\virtualbox\MSVCR100.dll [fFlags=0x0]
9797ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9807ec.3a88: supR3HardenedDllNotificationCallback: load 00000000678e0000 LB 0x00098000 z:\program files\Oracle\virtualbox\MSVCP100.dll [fFlags=0x0]
9817ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
9827ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf0d0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
9837ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
9847ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe492b0000 LB 0x005fb000 z:\program files\Oracle\virtualbox\VBoxRT.dll [fFlags=0x0]
9857ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
9867ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9877ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9887ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
9897ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9907ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
9917ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9927ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9937ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9947ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9957ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
9967ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9977ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
9987ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9997ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10007ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10017ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10027ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
10037ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10047ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10057ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10067ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10077ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10087ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10097ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
10107ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10117ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10127ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10137ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10147ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10157ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10167ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
10177ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10187ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10197ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10207ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10217ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10227ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10237ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
10247ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10257ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10267ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10277ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10287ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10307ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10317ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10327ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10337ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10347ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10357ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10367ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10377ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10387ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10407ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10417ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10427ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10437ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10447ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10457ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10467ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10477ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10487ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10497ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10507ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10517ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10527ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10537ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10547ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10557ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10567ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10577ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10587ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10597ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10607ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10617ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10627ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10637ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10647ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10657ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
10667ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10687ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10697ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10707ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10717ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10727ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10737ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10747ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10757ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10767ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10777ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10787ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10797ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10807ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10817ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10827ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10837ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10847ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10857ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10867ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10877ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10887ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10897ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10907ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10917ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10927ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10937ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10947ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10957ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10967ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10977ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
10987ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10997ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11007ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11017ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11027ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11037ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11047ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11057ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11067ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11077ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11087ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11097ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11107ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11117ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11127ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11137ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11147ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11157ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11167ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11177ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11187ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11197ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11207ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11217ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11227ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11237ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11247ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11257ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11267ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11277ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11287ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11307ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11317ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11327ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11337ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11347ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11357ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11367ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11377ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11387ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11407ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11417ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11427ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11437ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11447ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11457ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11467ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11477ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxRT.dll
11487ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11497ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11507ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11517ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11527ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11537ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11547ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11557ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11567ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11577ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11587ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11597ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11607ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11617ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11627ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe492b0000 'z:\program files\Oracle\virtualbox\VBoxRT.dll'
11637ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
11647ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
11657ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll'
11667ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
11677ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11687ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdbc0000 'C:\WINDOWS\system32\Wintrust.dll'
11697ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
11707ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11717ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
11727ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
11737ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
11747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
11757ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\system32\crypt32.dll'
11767ec.3a88: SUPR3HardenedMain: Load TrustedMain...
11777ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
11787ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
11797ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
11807ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11817ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
11827ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
11837ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
11847ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
11857ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
11867ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
11877ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
11887ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
11897ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
11907ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
11917ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
11927ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
11937ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
11947ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
11957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
11967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
11977ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
11987ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
11997ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12007ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
12017ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
12027ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12037ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12047ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12057ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12067ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12077ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
12087ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
12097ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12107ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12117ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
12127ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
12137ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12147ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12157ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12167ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12177ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12187ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12197ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12207ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12217ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
12227ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12237ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
12247ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
12257ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12267ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12277ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
12287ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
12297ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
12307ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12317ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12327ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12337ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
12347ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
12357ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12367ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
12377ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
12387ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
12397ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
12407ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
12417ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12437ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12447ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12457ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
12467ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12477ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12487ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
12497ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12507ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
12517ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
12527ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
12537ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12547ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12557ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
12567ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
12577ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
12587ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12597ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12607ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12617ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
12627ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12637ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12647ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
12657ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
12667ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
12677ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12687ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12697ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12717ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12727ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12737ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
12747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
12757ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12767ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
12777ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
12787ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
12797ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
12807ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
12817ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12827ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12837ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12847ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12857ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12867ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12877ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
12887ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
12897ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
12907ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
12917ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12927ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12937ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
12947ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
12957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12977ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
12987ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12997ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13007ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
13017ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13027ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13037ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
13047ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13057ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13067ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13077ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13087ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13097ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13107ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13117ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13127ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13137ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13147ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13157ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13167ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13177ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
13187ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13197ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13207ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13217ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13227ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13237ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13247ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13257ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13267ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13277ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13287ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13297ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13307ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
13317ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
13327ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13337ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13347ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13357ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13367ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13377ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13387ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13397ec.3a88: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
13407ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13417ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13437ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
13447ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13457ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13467ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
13477ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13487ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13497ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
13507ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13517ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #71 'user32.dll'.
13527ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'gdi32.dll'.
13537ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
13547ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
13557ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13567ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13577ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13587ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13597ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13607ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13617ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13627ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13637ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13647ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13657ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13667ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13677ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13687ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13697ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
13707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13717ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13727ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
13737ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13747ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13757ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13767ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13777ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13787ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13797ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13807ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13817ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13827ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13837ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13847ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
13857ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13867ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
13877ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13887ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
13897ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
13907ec.3a88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
13917ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13927ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13937ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13947ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13977ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
13987ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13997ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14007ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
14017ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14027ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14037ec.3a88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
14047ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
14057ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
14067ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14077ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14087ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14097ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14107ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14117ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14127ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14137ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14147ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14157ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14167ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14177ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14187ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14197ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14207ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14217ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14227ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14237ec.3a88: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
14247ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14257ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14267ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14277ec.3a88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
14287ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
14297ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14307ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14317ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14327ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14337ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14347ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14357ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14367ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14377ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14387ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14397ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14407ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14417ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14437ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14447ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14457ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14467ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14477ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14487ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14497ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
14507ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14517ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14527ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14537ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14547ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14557ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14567ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14577ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14587ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14597ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
14607ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
14617ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14627ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14637ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14647ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14657ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14667ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14677ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14687ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14697ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14717ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
14727ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14737ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14747ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
14757ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14767ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14777ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
14787ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14797ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14807ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14817ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14827ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14837ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14847ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14857ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14867ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14877ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14887ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14897ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14907ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14917ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14927ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14937ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
14947ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
14957ec.3a88: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
14967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14977ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14987ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
14997ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
15007ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
15017ec.3a88: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15027ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15037ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15047ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
15057ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15067ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15077ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
15087ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15097ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15107ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
15117ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
15127ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
15137ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
15147ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
15157ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15167ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15177ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15187ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15197ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15207ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15217ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15227ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15237ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15247ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15257ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
15267ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\UICommon.dll
15277ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15287ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15297ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15307ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
15317ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
15327ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
15337ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D524BD25A743CA0A9032840CDC536A92793110A
15347ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15357ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15367ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15377ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15387ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15397ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15407ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15417ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15437ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15447ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15457ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15467ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15477ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15487ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15497ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15507ec.3a88: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
15517ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15527ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15537ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15547ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15557ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15567ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15577ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15587ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15597ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15607ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15617ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
15627ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
15637ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.708.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15647ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15657ec.3a88: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15667ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15677ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
15687ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15697ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\UICommon.dll
15707ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15717ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15727ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
15737ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15747ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15757ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15767ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
15777ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15787ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
15797ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll)
15807ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll
15817ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd6a0000 LB 0x00026000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
15827ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
15837ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd4e0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
15847ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15857ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebd340000 LB 0x00119000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
15867ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15877ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
15887ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
15897ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'win32u.dll'.
15907ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
15917ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
15927ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf270000 LB 0x00029000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
15937ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
15947ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf490000 LB 0x001ad000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
15957ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
15967ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebe020000 LB 0x00379000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
15977ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15987ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebaa80000 LB 0x00038000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
15997ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
16007ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe9f5a0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16017ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16027ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe6b9b0000 LB 0x00101000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16037ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16047ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebe620000 LB 0x007b8000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
16057ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16067ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebdc30000 LB 0x0019a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
16077ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16087ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe9d670000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
16097ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16107ec.3a88: supR3HardenedDllNotificationCallback: load 0000000066e50000 LB 0x00565000 z:\program files\Oracle\virtualbox\Qt5CoreVBox.dll [fFlags=0x0]
16117ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16127ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe48cb0000 LB 0x005f7000 z:\program files\Oracle\virtualbox\Qt5GuiVBox.dll [fFlags=0x0]
16137ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16147ec.3a88: supR3HardenedDllNotificationCallback: load 00000000668e0000 LB 0x00561000 z:\program files\Oracle\virtualbox\Qt5WidgetsVBox.dll [fFlags=0x0]
16157ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16167ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf3a0000 LB 0x000d6000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
16177ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16187ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe367d0000 LB 0x02320000 z:\program files\Oracle\virtualbox\UICommon.dll [fFlags=0x0]
16197ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\UICommon.dll
16207ec.3a88: supR3HardenedDllNotificationCallback: load 0000000067880000 LB 0x00054000 z:\program files\Oracle\virtualbox\Qt5OpenGLVBox.dll [fFlags=0x0]
16217ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16227ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb72e0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16237ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16247ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe51580000 LB 0x001c9000 z:\program files\Oracle\virtualbox\VirtualBoxVM.dll [fFlags=0x0]
16257ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16267ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
16277ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
16287ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
16297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
16307ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
16317ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
16327ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
16337ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
16347ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
16357ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
16367ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16377ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16387ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
16397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
16407ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
16417ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
16427ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
16437ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
16447ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
16457ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
16467ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
16477ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
16487ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16497ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16507ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16517ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16527ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
16537ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
16547ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16557ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16567ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
16577ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
16587ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
16597ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16607ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16617ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16627ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
16637ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16647ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16657ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16667ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
16677ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
16687ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
16697ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16717ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16727ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
16737ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
16747ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16757ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16767ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
16777ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
16787ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
16797ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16807ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\kernel32.dll'
16817ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
16827ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
16837ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
16847ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
16857ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
16867ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
16877ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
16887ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
16897ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
16907ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
16917ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16927ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16937ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
16947ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
16957ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
16967ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
16977ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
16987ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
16997ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
17007ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
17017ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
17027ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
17037ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17047ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17057ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
17067ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
17077ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
17087ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
17097ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
17107ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
17117ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
17127ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
17137ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17147ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17157ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
17167ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
17177ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
17187ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
17197ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
17207ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
17217ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
17227ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
17237ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
17247ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
17257ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17267ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17277ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-string-l1-1-0'
17287ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17307ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
17317ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
17327ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
17337ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
17347ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
17357ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
17367ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
17377ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
17387ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17407ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
17417ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
17427ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
17437ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
17447ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
17457ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
17467ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
17477ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
17487ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
17497ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
17507ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17517ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17527ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
17537ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
17547ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
17557ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
17567ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
17577ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
17587ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
17597ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
17607ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17617ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17627ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
17637ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
17647ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
17657ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
17667ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
17677ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
17687ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
17697ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
17707ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
17717ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
17727ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
17737ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-datetime-l1-1-1'
17757ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17767ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17777ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
17787ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
17797ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
17807ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
17817ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
17827ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
17837ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
17847ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
17857ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17867ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17877ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
17887ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
17897ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
17907ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
17917ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
17927ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
17937ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
17947ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
17957ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
17967ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
17977ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
17987ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
17997ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
18007ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
18017ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18027ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
18037ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
18047ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
18057ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
18067ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
18077ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18087ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18097ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18107ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
18117ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18127ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
18137ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18147ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
18157ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18167ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
18177ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18187ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
18197ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18207ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18217ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-localization-obsolete-l1-2-0'
18227ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
18237ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
18247ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
18257ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
18267ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18277ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
18287ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
18297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
18307ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
18317ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
18327ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18337ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18347ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18357ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
18367ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18377ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
18387ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
18407ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18417ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
18427ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18437ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
18447ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
18457ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
18467ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
18477ec.3a88: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000059c (hFile=00000000000004f0) with 0xc0000022 -> STATUS_TRUST_FAILURE
18487ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
18497ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
18507ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
18517ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
18527ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
18537ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
18547ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18557ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
18567ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
18577ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
18587ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
18597ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
18607ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18617ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18627ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18637ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
18647ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
18657ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
18667ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
18677ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
18687ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
18697ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
18707ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
18717ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
18727ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
18737ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
18747ec.3a88: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
18757ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18767ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18777ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18787ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18797ec.3a88: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
18807ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18817ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebee50000 LB 0x00031000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
18827ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
18837ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebee50000 'C:\WINDOWS\system32\IMM32.DLL'
18847ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
18857ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
18867ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
18877ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
18887ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
18897ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
18907ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
18917ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
18927ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
18937ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
18947ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
18957ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
18967ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
18977ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
18987ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
18997ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
19007ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19017ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
19027ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
19037ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
19047ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
19057ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
19067ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19077ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
19087ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19097ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
19107ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
19117ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
19127ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
19137ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
19147ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
19157ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
19167ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
19177ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
19187ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
19197ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
19207ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19217ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19227ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
19237ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
19247ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19257ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
19267ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
19277ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
19287ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
19297ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
19307ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19317ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
19327ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19337ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19347ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebee90000 'C:\WINDOWS\System32\ADVAPI32.DLL'
19357ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
19367ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
19377ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
19387ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
19397ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
19407ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
19417ec.3a88: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
19427ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
19437ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
19447ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
19457ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
19467ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
19477ec.3a88: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19487ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
19497ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
19507ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
19517ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
19527ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
19537ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
19547ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
19557ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
19567ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
19577ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
19587ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
19597ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe51580000 'z:\program files\Oracle\virtualbox\VirtualBoxVM.dll'
19607ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19617ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19627ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
19637ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19647ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19657ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'
19667ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19687ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'
19697ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
19707ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
19717ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
19727ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7DC3A3EEA8D84E88346437F6D9D5DF9B3C090B
19737ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19757ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.708.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
19767ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19777ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
19787ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19797ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19807ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
19817ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19827ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19837ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
19847ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19857ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19867ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
19877ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19887ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19897ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
19907ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19917ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19927ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
19937ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19947ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19957ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
19967ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
19977ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
19987ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
19997ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20007ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20017ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
20027ec.3a88: SUPR3HardenedMain: Calling TrustedMain (00007ffe515816c0)...
20037ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
20047ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
20057ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
20067ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
20077ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
20087ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
20097ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
20107ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebb230000 LB 0x00166000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
20117ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
20127ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebb3a0000 LB 0x00868000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
20137ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
20147ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf710000 LB 0x000ea000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
20157ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20167ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
20177ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
20187ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebe560000 LB 0x0005d000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
20197ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20207ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
20217ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20227ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20237ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20247ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20257ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20267ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20277ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
20287ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20297ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20307ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20317ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20327ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20337ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
20347ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20357ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20367ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20377ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20387ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20397ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
20407ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20417ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20427ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
20437ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20447ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20457ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
20467ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20477ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20487ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
20497ec.3a88: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
20507ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
20517ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
20527ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20537ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
20547ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20557ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
20567ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
20577ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
20587ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
20597ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20607ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
20617ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
20627ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
20637ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
20647ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
20657ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
20667ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20677ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20687ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20697ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20717ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20727ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20737ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20747ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20757ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20767ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20777ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20787ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20797ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20807ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20817ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20827ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20837ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20847ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20857ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20867ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20877ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
20887ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
20897ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
20907ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20917ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20927ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20937ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20947ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20977ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=Z:\program files\Oracle\virtualbox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20987ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20997ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffea1020000 LB 0x0012e000 Z:\program files\Oracle\virtualbox\platforms\qwindows.dll [fFlags=0x0]
21007ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21017ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea1020000 'Z:\program files\Oracle\virtualbox\platforms\qwindows.dll'
21027ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
21037ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'.
21047ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
21057ec.3a88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcss.dll)
21067ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcss.dll
21077ec.3a88: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000704 (hFile=0000000000000430) with 0xc0000022 -> STATUS_TRUST_FAILURE
21087ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
21097ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
21107ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
21117ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebc330000 LB 0x00018000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
21127ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
21137ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21147ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21157ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21167ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21177ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
21187ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
21197ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
21207ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
21217ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21227ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21237ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
21247ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
21257ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
21267ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000700 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcss.dll
21277ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
21287ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
21297ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=36B772A7DD2A5C00967DD084201C9D58F9EC6033
21307ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
21317ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
21327ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcss.dll'
21337ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21347ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcss.dll'
21357ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c0 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21367ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
21377ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
21387ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0956825C524685A46260DF18D53678E8A3E6BF3
21397ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
21407ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21417ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
21427ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
21437ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
21447ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21457ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
21467ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'.
21477ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
21487ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21497ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21507ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21517ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21527ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21537ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21547ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21557ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeba9a0000 LB 0x000ac000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
21567ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21577ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeba9a0000 'C:\WINDOWS\system32\uxtheme.dll'
21587ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf490000 'C:\WINDOWS\system32\user32.dll'
21597ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21607ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21617ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe620000 'C:\WINDOWS\system32\shell32.dll'
21627ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
21637ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21647ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf710000 'C:\WINDOWS\system32\SHCore.dll'
21657ec.3a88: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
21667ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
21677ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21687ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21697ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb72e0000 'C:\WINDOWS\system32\winmm.dll'
21707ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21717ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21727ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb72e0000 'C:\WINDOWS\system32\winmm.dll'
21737ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21747ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21757ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe620000 'C:\WINDOWS\system32\shell32.dll'
21767ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21777ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21787ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeba9a0000 'C:\WINDOWS\system32\uxtheme.dll'
21797ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21807ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21817ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebee90000 'C:\WINDOWS\system32\advapi32.dll'
21827ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
21837ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
21847ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
21857ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
21867ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
21877ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21887ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21897ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21907ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21917ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebc7f0000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
21927ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21937ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc7f0000 'C:\WINDOWS\system32\userenv.dll'
21947ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21957ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21967ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\kernel32.dll'
21977ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebf660000 LB 0x000af000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
21987ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21997ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
22007ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
22017ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22027ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcss.dll
22037ec.3a88: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000748 (hFile=00000000000006fc) with 0xc0000022 -> STATUS_TRUST_FAILURE
22047ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22057ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22067ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22077ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22087ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22097ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22107ec.128c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
22117ec.128c: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
22127ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22137ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22147ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22157ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22167ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22177ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22187ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22197ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22207ec.128c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22217ec.128c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll
22227ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22237ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22247ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22257ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22267ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22277ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22287ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22297ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22307ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
22317ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22327ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22337ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22347ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22357ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll
22367ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22377ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22387ec.128c: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\oracle\virtualbox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22397ec.128c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll
22407ec.128c: supR3HardenedDllNotificationCallback: load 00007ffe65ee0000 LB 0x003c2000 z:\program files\oracle\virtualbox\VBoxC.dll [fFlags=0x0]
22417ec.128c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll
22427ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe65ee0000 'z:\program files\oracle\virtualbox\VBoxC.dll'
22437ec.128c: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
22447ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22457ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22467ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22477ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22487ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22497ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
22507ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22517ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22527ec.128c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22537ec.128c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
22547ec.128c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22557ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22567ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22577ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22587ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22597ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22607ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22617ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22627ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22637ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22647ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22657ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22667ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22677ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22687ec.128c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
22697ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22707ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22717ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22727ec.128c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22737ec.128c: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\oracle\virtualbox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22747ec.128c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22757ec.128c: supR3HardenedDllNotificationCallback: load 00007ffe662b0000 LB 0x000ef000 z:\program files\oracle\virtualbox\VBoxProxyStub.dll [fFlags=0x0]
22767ec.128c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22777ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe662b0000 'z:\program files\oracle\virtualbox\VBoxProxyStub.dll'
22787ec.128c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22797ec.128c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22807ec.128c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf3a0000 'C:\WINDOWS\system32\oleaut32.dll'
22817ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf270000 'C:\WINDOWS\system32\gdi32.dll'
22827ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22837ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22847ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22857ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22867ec.2a4c: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
22877ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
22887ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
22897ec.2a4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22907ec.2a4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22917ec.2a4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
22927ec.2a4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
22937ec.2a4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22947ec.2a4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22957ec.2a4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22967ec.2a4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22977ec.2a4c: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22987ec.2a4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
22997ec.2a4c: supR3HardenedDllNotificationCallback: load 00007ffeaa440000 LB 0x0000e000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
23007ec.2a4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
23017ec.2a4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa440000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
23027ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23037ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23047ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf3a0000 'C:\Windows\System32\oleaut32.dll'
23057ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23067ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23077ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe620000 'C:\WINDOWS\system32\shell32.dll'
23087ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffebdf00000 LB 0x0011e000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
23097ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23107ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
23117ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
23127ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23137ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23147ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
23157ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
23167ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
23177ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000088c pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23187ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
23197ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
23207ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=101A03863CE4DE896B456ABD0FCE21AF048BCA12
23217ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
23227ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
23237ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-merged-Package~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
23247ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23257ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'.
23267ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
23277ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23287ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23297ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23307ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
23317ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23327ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23337ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffe980a0000 LB 0x0005d000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
23347ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
23357ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe980a0000 'C:\WINDOWS\system32\dataexchange.dll'
23367ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
23377ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'msvcp_win.dll'.
23387ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
23397ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
23407ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb49d0000 LB 0x00266000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
23417ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
23427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23437ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23447ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23457ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23467ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
23477ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
23487ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
23497ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
23507ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
23517ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23527ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf710000 'C:\WINDOWS\system32\Shcore.dll'
23537ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23547ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
23557ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
23567ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
23577ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
23587ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffea33f0000 LB 0x0012d000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
23597ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23607ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'.
23617ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
23627ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
23637ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeba4a0000 LB 0x00132000 C:\WINDOWS\SYSTEM32\CoreMessaging.dll [fFlags=0x0]
23647ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23657ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23667ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23677ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23687ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23697ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23717ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23727ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23737ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23747ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
23757ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
23767ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
23777ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
23787ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
23797ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
23807ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1
23817ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23827ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf010000 'api-ms-win-security-sddl-l1-1-0.dll'
23837ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
23847ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23857ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf490000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
23867ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
23877ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23887ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf490000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
23897ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23907ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'.
23917ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
23927ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
23937ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb8590000 LB 0x0036d000 C:\WINDOWS\SYSTEM32\CoreUIComponents.dll [fFlags=0x0]
23947ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23977ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
23987ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23997ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24007ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
24017ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
24027ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
24037ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdde0000 'C:\WINDOWS\System32\RPCRT4.dll'
24047ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
24057ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
24067ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebee90000 'api-ms-win-security-systemfunctions-l1-1-0'
24077ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
24087ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24097ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdf00000 'C:\WINDOWS\System32\MSCTF.dll'
24107ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24117ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24127ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdc30000 'C:\WINDOWS\System32\ole32.dll'
24137ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf3a0000 'C:\WINDOWS\System32\OLEAUT32.dll'
24147ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a78 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24157ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
24167ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
24177ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=72A7777E2E42F8ED9F54E831EF23DA9E1E18ED1C
24187ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
24197ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
24207ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
24217ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24227ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24237ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'.
24247ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24257ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24267ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24277ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24287ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24297ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
24307ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
24317ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45A464176830F0AA8063DB542765DA4B4DCE6F9E
24327ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
24337ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
24347ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
24357ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24367ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24377ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
24387ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24397ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24407ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24417ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24427ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24437ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24447ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24457ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24467ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeaf850000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
24477ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24487ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb51b0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
24497ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
24507ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
24517ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24527ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24537ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb51b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
24547ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24557ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
24567ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
24577ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9E6574CB33BE95DDDFC06987443AD17F741154
24587ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
24597ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
24607ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
24617ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24627ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24637ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
24647ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
24657ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24667ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24677ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24687ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
24697ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24707ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24717ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
24727ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24737ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24747ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffead7b0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
24757ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
24767ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffead7b0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
24777ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
24787ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24797ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-localization-l1-2-0.dll'
24807ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
24817ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24827ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
24837ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000089c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24847ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
24857ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
24867ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C006C9BBF3712859F7F5F20A758C570A45C51802
24877ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
24887ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
24897ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
24907ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24917ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24927ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
24937ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
24947ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
24957ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24967ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24977ec.3a88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
24987ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24997ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25007ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25017ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25027ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeae070000 LB 0x000fa000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
25037ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
25047ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeae070000 'C:\WINDOWS\system32\wbem\fastprox.dll'
25057ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
25067ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
25077ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
25087ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B275E46A4D44743A2E7B3BD101381367F8671AE
25097ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25107ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25117ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
25127ec.3a88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25137ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25147ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
25157ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
25167ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
25177ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25187ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25197ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25207ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25217ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25227ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
25237ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb03d0000 LB 0x00025000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
25247ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
25257ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb03d0000 'C:\WINDOWS\System32\amsi.dll'
25267ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25277ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25287ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
25297ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
25307ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
25317ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOAV.dll) WinVerifyTrust
25327ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOAV.dll
25337ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25347ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25357ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25367ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25377ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25387ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25397ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25407ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOAV.dll
25417ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffea9d60000 LB 0x0007b000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOav.dll [fFlags=0x0]
25427ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOAV.dll
25437ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
25447ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25457ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-synch-l1-2-0'
25467ec.3a88: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
25477ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25487ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd840000 'api-ms-win-core-localization-l1-2-1'
25497ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
25507ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25517ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebef50000 'C:\WINDOWS\System32\kernel32.dll'
25527ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
25537ec.3a88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25547ec.3a88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
25557ec.3a88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
25567ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25577ec.3a88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25587ec.3a88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25597ec.3a88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
25607ec.3a88: supR3HardenedDllNotificationCallback: load 00007ffeb8240000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
25617ec.3a88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
25627ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb8240000 'C:\WINDOWS\system32\version.dll'
25637ec.3a88: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
25647ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
25657ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea9d60000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpOav.dll'
25667ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25677ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25687ec.3a88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
25697ec.3a88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebee90000 'C:\WINDOWS\System32\ADVAPI32.dll'
25707ec.ce0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
25717ec.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25727ec.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25737ec.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25747ec.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25757ec.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
25767ec.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25777ec.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25787ec.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25797ec.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25807ec.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25817ec.ce0: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25827ec.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25837ec.ce0: supR3HardenedDllNotificationCallback: load 00007ffe48930000 LB 0x0037e000 z:\program files\Oracle\virtualbox\VBoxVMM.DLL [fFlags=0x0]
25847ec.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25857ec.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe48930000 'z:\program files\Oracle\virtualbox\VBoxVMM.DLL'
25867ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdc30000 'C:\WINDOWS\system32\ole32.dll'
25877ec.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdc30000 'C:\WINDOWS\system32\ole32.dll'
25887ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25897ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25907ec.ae0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
25917ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
25927ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
25937ec.ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25947ec.ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25957ec.ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
25967ec.ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
25977ec.ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
25987ec.ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25997ec.ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26007ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26017ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26027ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26037ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26047ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26057ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26067ec.ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26077ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26087ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26097ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26107ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26117ec.ae0: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26127ec.ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26137ec.ae0: supR3HardenedDllNotificationCallback: load 00007ffeaa430000 LB 0x00010000 z:\program files\Oracle\virtualbox\VBoxSharedClipboard.DLL [fFlags=0x0]
26147ec.ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
26157ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa430000 'z:\program files\Oracle\virtualbox\VBoxSharedClipboard.DLL'
26167ec.22a0: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
26177ec.22a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
26187ec.22a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
26197ec.22a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26207ec.22a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26217ec.22a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26227ec.22a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
26237ec.22a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26247ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26257ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26267ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26277ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26287ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26297ec.22a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26307ec.22a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll
26317ec.22a0: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26327ec.22a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26337ec.22a0: supR3HardenedDllNotificationCallback: load 00007ffea9b30000 LB 0x0000d000 z:\program files\Oracle\virtualbox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
26347ec.22a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26357ec.22a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea9b30000 'z:\program files\Oracle\virtualbox\VBoxDragAndDropSvc.DLL'
26367ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26377ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26387ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe620000 'C:\WINDOWS\system32\Shell32.dll'
26397ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26407ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26417ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe48930000 'z:\program files\Oracle\virtualbox\VBoxVMM.DLL'
26427ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
26437ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
26447ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
26457ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26467ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26477ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26487ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26497ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26507ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
26517ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26527ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26537ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26547ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26557ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26567ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26577ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26587ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26597ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26607ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26617ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26627ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26637ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26647ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe80b40000 LB 0x00041000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26657ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26667ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe80b40000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
26677ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe80b40000 LB 0x00041000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
26687ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
26697ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
26707ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
26717ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B3A29BB93DC85DF241632350324C9785EA8BDD9
26727ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
26737ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
26747ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Hypervisor-API-Package~31bf3856ad364e35~amd64~~10.0.22000.71.cat'; file='\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll'
26757ec.3aec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26767ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
26777ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'devobj.dll'.
26787ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
26797ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
26807ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
26817ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
26827ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
26837ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
26847ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'.
26857ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
26867ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
26877ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
26887ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume2\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
26897ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26907ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26917ec.3aec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
26927ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
26937ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
26947ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
26957ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
26967ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\vid.dll) WinVerifyTrust
26977ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\vid.dll
26987ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26997ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
27007ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
27017ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
27027ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
27037ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffea0e80000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
27047ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
27057ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebcf50000 LB 0x0004c000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
27067ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
27077ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebcfa0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
27087ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
27097ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe80b40000 LB 0x00046000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
27107ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinHvPlatform.dll
27117ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe80b40000 'C:\WINDOWS\system32\WinHvPlatform.dll'
27127ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27137ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27147ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
27157ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\vid.dll
27167ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27177ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0e80000 'C:\WINDOWS\system32\vid.dll'
27187ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27197ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27207ec.3aec: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
27217ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
27227ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27237ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27247ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebfda0000 'C:\WINDOWS\system32\NTDLL.DLL'
27257ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27267ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27277ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
27287ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27297ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27307ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27317ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27327ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27337ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
27347ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
27357ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
27367ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
27377ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
27387ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27397ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27407ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27417ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD.dll
27427ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27437ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
27447ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27457ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27467ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
27477ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27487ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27497ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27507ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27517ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27527ec.3aec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
27537ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27547ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27557ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27567ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27577ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27587ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
27597ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27607ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27617ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27627ec.3aec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
27637ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27647ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27657ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
27667ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27677ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27687ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27697ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27707ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27717ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27727ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27737ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27747ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27757ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27767ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
27777ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27787ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27797ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27807ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27817ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
27827ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
27837ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27847ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27857ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27867ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27877ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27887ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27897ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27907ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27917ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27927ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27937ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27947ec.3aec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27957ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27967ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27977ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27987ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27997ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28007ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28017ec.3aec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28027ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28037ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28047ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28057ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28067ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28077ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28087ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28097ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD.dll
28107ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28117ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28127ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28137ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebf8f0000 LB 0x0046c000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
28147ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
28157ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffea0fb0000 LB 0x00066000 z:\program files\Oracle\virtualbox\VBoxDDU.dll [fFlags=0x0]
28167ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28177ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe35f70000 LB 0x0085c000 z:\program files\Oracle\virtualbox\VBoxDD2.dll [fFlags=0x0]
28187ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28197ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebbe60000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
28207ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
28217ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe47f20000 LB 0x00a04000 z:\program files\Oracle\virtualbox\VBoxDD.DLL [fFlags=0x0]
28227ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD.dll
28237ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe47f20000 'z:\program files\Oracle\virtualbox\VBoxDD.DLL'
28247ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28257ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28267ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28277ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28287ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28297ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe7fe10000 LB 0x00041000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28307ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28317ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7fe10000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
28327ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28337ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28347ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxC.dll
28357ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28367ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe65ee0000 'z:\program files\Oracle\virtualbox\VBoxC.DLL'
28377ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28387ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28397ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28407ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28417ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe35f70000 'z:\program files\Oracle\virtualbox\VBoxDD2.DLL'
28427ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28437ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28447ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
28457ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28467ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28477ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28487ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28497ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
28507ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28517ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28527ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28537ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28547ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28557ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28567ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28577ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe9f930000 LB 0x00017000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
28587ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28597ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f930000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
28607ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28617ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28627ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
28637ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28647ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28657ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28667ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28677ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
28687ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28697ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28707ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28717ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28727ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28737ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28747ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28757ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe9f580000 LB 0x00012000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
28767ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28777ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f580000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
28787ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28797ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28807ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
28817ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28827ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28837ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28847ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28857ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
28867ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28877ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28887ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28897ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28907ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28917ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28927ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28937ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe9db40000 LB 0x00018000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
28947ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28957ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9db40000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
28967ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
28977ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
28987ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
28997ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29007ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29017ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29027ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29037ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
29047ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29057ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29067ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29077ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29087ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29097ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29107ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29117ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffe97d10000 LB 0x00019000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
29127ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29137ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe97d10000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
29147ec.1140: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
29157ec.1140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29167ec.1140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29177ec.1140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29187ec.1140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29197ec.1140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29207ec.1140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
29217ec.1140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29227ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29237ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29247ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29257ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29267ec.1140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29277ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29287ec.1140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29297ec.1140: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29307ec.1140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29317ec.1140: supR3HardenedDllNotificationCallback: load 00007ffe96bc0000 LB 0x00014000 z:\program files\Oracle\virtualbox\VBoxSharedFolders.DLL [fFlags=0x0]
29327ec.1140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29337ec.1140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe96bc0000 'z:\program files\Oracle\virtualbox\VBoxSharedFolders.DLL'
29347ec.1aa4: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
29357ec.1aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29367ec.1aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29377ec.1aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29387ec.1aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29397ec.1aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
29407ec.1aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
29417ec.1aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
29427ec.1aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29437ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29447ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29457ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29467ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29477ec.1aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29487ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29497ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29507ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29517ec.1aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29527ec.1aa4: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29537ec.1aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29547ec.1aa4: supR3HardenedDllNotificationCallback: load 00007ffea9b20000 LB 0x0000c000 z:\program files\Oracle\virtualbox\VBoxGuestControlSvc.DLL [fFlags=0x0]
29557ec.1aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29567ec.1aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea9b20000 'z:\program files\Oracle\virtualbox\VBoxGuestControlSvc.DLL'
29577ec.2fa4: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
29587ec.2fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29597ec.2fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29607ec.2fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29617ec.2fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29627ec.2fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29637ec.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
29647ec.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29657ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29667ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29677ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29687ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29697ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29707ec.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29717ec.2fa4: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29727ec.2fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29737ec.2fa4: supR3HardenedDllNotificationCallback: load 00007ffea9a40000 LB 0x0000d000 z:\program files\Oracle\virtualbox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29747ec.2fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29757ec.2fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea9a40000 'z:\program files\Oracle\virtualbox\VBoxGuestPropSvc.DLL'
29767ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29777ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29787ec.3aec: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
29797ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
29807ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
29817ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29827ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29837ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
29847ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29857ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29867ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29877ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29887ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29897ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29907ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29917ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffeaa530000 LB 0x0000a000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
29927ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29937ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeaa530000 'z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
29947ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29957ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29967ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebbe60000 'C:\WINDOWS\system32\Iphlpapi.dll'
29977ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
29987ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
29997ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffeb6000000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
30007ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
30017ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebf480000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
30027ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
30037ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
30047ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30057ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
30067ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
30077ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffeb7880000 LB 0x00019000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
30087ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
30097ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30107ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
30117ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
30127ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffeb7c40000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
30137ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
30147ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll)
30157ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
30167ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffebbe90000 LB 0x000e8000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
30177ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
30187ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30197ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30207ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30217ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30227ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30237ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30247ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
30257ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30267ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30277ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
30287ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30297ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30307ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
30317ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30327ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30337ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
30347ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30357ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30367ec.3aec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
30377ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30387ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30397ec.3aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30407ec.3aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30417ec.3aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30427ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
30437ec.3aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
30447ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30457ec.3aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30467ec.3aec: supR3HardenedDllNotificationCallback: load 00007ffeb4f90000 LB 0x0009c000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
30477ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30487ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb4f90000 'C:\WINDOWS\System32\MMDevApi.dll'
30497ec.3aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
30507ec.3aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30517ec.3aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb4f90000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
30527ec.3390: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
30537ec.3390: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
30547ec.3390: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
30557ec.3390: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000125c (hFile=0000000000001254) with 0xc0000022 -> STATUS_TRUST_FAILURE
30567ec.3390: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
30577ec.3390: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001254 (hFile=000000000000125c) with 0xc0000022 -> STATUS_TRUST_FAILURE
30587ec.3390: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001258 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
30597ec.3390: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001d09ad0
30607ec.3390: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001d09ad0
30617ec.3390: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
30627ec.3390: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30637ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdbc0000 'C:\WINDOWS\System32\WINTRUST.DLL'
30647ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\CRYPT32.dll'
30657ec.3390: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ACF93DEAFBFAD908DE8CB5CE350DC09E95E45F6E
30667ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30677ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30687ec.3390: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.978.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30697ec.3390: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30707ec.3390: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30717ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30727ec.3390: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
30737ec.3390: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30747ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30757ec.3390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
30767ec.3390: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
30777ec.3390: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
30787ec.3390: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
30797ec.3390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30807ec.3390: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30817ec.3390: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30827ec.3390: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30837ec.3390: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30847ec.3390: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30857ec.3390: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
30867ec.3390: supR3HardenedDllNotificationCallback: load 00007ffebc750000 LB 0x00067000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
30877ec.3390: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
30887ec.3390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc750000 'C:\WINDOWS\system32\mswsock.dll'
30897ec.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
30907ec.3360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
30917ec.3360: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30927ec.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebdbc0000 'C:\WINDOWS\System32\WINTRUST.DLL'
30937ec.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\CRYPT32.dll'
30947ec.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
30957ec.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30967ec.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
30977ec.3360: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
30987ec.3360: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30997ec.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31007ec.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31017ec.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31027ec.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31037ec.3360: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31047ec.3360: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31057ec.3360: supR3HardenedDllNotificationCallback: load 00007ffe9c0a0000 LB 0x001d3000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
31067ec.3360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
31077ec.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9c0a0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
31087ec.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
31097ec.3360: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
31107ec.3360: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31117ec.3360: supR3HardenedDllNotificationCallback: load 00007ffebcd30000 LB 0x0004d000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
31127ec.3360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
31137ec.3360: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll)
31147ec.3360: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll
31157ec.3360: supR3HardenedDllNotificationCallback: load 00007ffebcbd0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
31167ec.3360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
31177ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31187ec.ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31197ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
31207ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
31217ec.ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'
31227ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc290000 'C:\WINDOWS\system32\rsaenh.dll'
31237ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd6d0000 'C:\WINDOWS\System32\crypt32.dll'
31247ec.ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
31257ec.ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf490000 'C:\WINDOWS\system32\User32.dll'
31267ec.2fa4: supR3HardenedDllNotificationCallback: Unload 00007ffea9a40000 LB 0x0000d000 z:\program files\Oracle\virtualbox\VBoxGuestPropSvc.DLL [flags=0x0]
31277ec.1aa4: supR3HardenedDllNotificationCallback: Unload 00007ffea9b20000 LB 0x0000c000 z:\program files\Oracle\virtualbox\VBoxGuestControlSvc.DLL [flags=0x0]
31287ec.1140: supR3HardenedDllNotificationCallback: Unload 00007ffe96bc0000 LB 0x00014000 z:\program files\Oracle\virtualbox\VBoxSharedFolders.DLL [flags=0x0]
31297ec.22a0: supR3HardenedDllNotificationCallback: Unload 00007ffea9b30000 LB 0x0000d000 z:\program files\Oracle\virtualbox\VBoxDragAndDropSvc.DLL [flags=0x0]
31307ec.ae0: supR3HardenedDllNotificationCallback: Unload 00007ffeaa430000 LB 0x00010000 z:\program files\Oracle\virtualbox\VBoxSharedClipboard.DLL [flags=0x0]
31317ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe97d10000 LB 0x00019000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
31327ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe9db40000 LB 0x00018000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
31337ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe9f580000 LB 0x00012000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
31347ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe9f930000 LB 0x00017000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
31357ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe7fe10000 LB 0x00041000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
31367ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe47f20000 LB 0x00a04000 z:\program files\Oracle\virtualbox\VBoxDD.DLL [flags=0x0]
31377ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffea0fb0000 LB 0x00066000 z:\program files\Oracle\virtualbox\VBoxDDU.dll [flags=0x0]
31387ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffe35f70000 LB 0x0085c000 z:\program files\Oracle\virtualbox\VBoxDD2.dll [flags=0x0]
31397ec.3aec: supR3HardenedDllNotificationCallback: Unload 00007ffebf8f0000 LB 0x0046c000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
31407ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffeaa440000 LB 0x0000e000 z:\program files\Oracle\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
31417ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffead7b0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
31427ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffeae070000 LB 0x000fa000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
31437ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffeb51b0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
31447ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffeaf850000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
31457ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffe980a0000 LB 0x0005d000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
31467ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffeb49d0000 LB 0x00266000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
31477ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffe65ee0000 LB 0x003c2000 z:\program files\oracle\virtualbox\VBoxC.dll [flags=0x0]
31487ec.3a88: supR3HardenedDllNotificationCallback: Unload 00007ffe662b0000 LB 0x000ef000 z:\program files\oracle\virtualbox\VBoxProxyStub.dll [flags=0x0]
31497ec.3a88: Terminating the normal way: rcExit=0
31501d5c.12f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 52815076 ms, the end);
31513e0.2318: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 52815593 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy